[yocto] problem adding a user

Khem Raj raj.khem at gmail.com
Thu May 23 19:11:04 PDT 2019



On 5/23/19 1:40 PM, Rudolf Streif wrote:
> Greg,
> 
> It eluded me earlier but in both instances the variable containing the 
> password does not seem to be expanded.
> 
> First version without the single quotes:
> 
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> 
> EXTRA_USERS_PARAMS = "\
>      usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
>      usermod -a -G sudo,dialout ${SAKURA_USER}; \
>      "
> results in:
> 
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
> 
> and with the quotes:
> 
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> 
> EXTRA_USERS_PARAMS = "\
>      usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>      usermod -a -G sudo,dialout ${SAKURA_USER}; \
>      "
> results in:
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
> 
> It looks as if the variable SAKURA_PASS is not set at all. I looked at 
> your scribe.bb <http://scribe.bb> recipe you attached earlier but I 
> could not find any reason why the variable is not set. Is there a chance 
> that it is overridden somewhere elase?
> 


This is correct with one small nit that we need to escape some 
characters which has special meaning for shell. e.g. $

e.g. in local.conf something like below

INHERIT += "extrausers"

EXTRA_USERS_PARAMS += "\
     useradd sakura; \
     usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \
"

might work as you expect.

> :rjs
> 
> 
> On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg 
> <GWilson at sakuraus.com <mailto:GWilson at sakuraus.com>> wrote:
> 
>     Rudolf,
> 
>     Here is the first half of the file,  the whole file is over the 500k
>     limit of free pastebin:
> 
>     https://pastebin.com/UcnKebce
> 
> 
>     And here is the 2nd half of the file:
> 
>     https://pastebin.com/9117tdUU
> 
> 
>     Greg
> 
>     ------------------------------------------------------------------------
>     *From:* Rudolf Streif <rudolf.streif at ibeeto.com
>     <mailto:rudolf.streif at ibeeto.com>>
>     *Sent:* Wednesday, May 22, 2019 12:42:40 PM
>     *To:* Greg Wilson-Lindberg
>     *Cc:* Yocto list discussion
>     *Subject:* Re: [yocto] problem adding a user
>     Greg,
>     Can you share the logfile via Pastebin?
>     :rjs
> 
>     On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg
>     <GWilson at sakuraus.com <mailto:GWilson at sakuraus.com>> wrote:
> 
>         Rudolf,
> 
>         Something else is happening to me. I changed to this in the
>         image recipe:
> 
>         SAKURA_USER = "sakura"
> 
>         SAKURA_PASSWD = "Distracted"
>         SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> 
>         EXTRA_USERS_PARAMS = "\
>              usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>              usermod -a -G sudo,dialout ${SAKURA_USER}; \
>              "
> 
>         deleting all of the commented out lines, and I get this in the
>         log file:
> 
> 
>         ..../scribe/1.0-r0/rootfs -p '' sakura]
> 
> 
>         nothing between the single quotes. It's acting like SAKURA_PASS
>         is not defined.
> 
>         This is only happening when I'm trying the MD5 password.
> 
> 
>         Greg
> 
>         ------------------------------------------------------------------------
>         *From:* Rudolf Streif <rudolf.streif at ibeeto.com
>         <mailto:rudolf.streif at ibeeto.com>>
>         *Sent:* Tuesday, May 21, 2019 5:37:23 AM
>         *To:* Greg Wilson-Lindberg
>         *Cc:* Yocto list discussion
>         *Subject:* Re: [yocto] problem adding a user
>         Greg,
> 
>         usermod does not work for the MD5 algorithm with the explicit
>         password hash as it contains the $ field delimiters which are
>         interpreted by the shell executing the usermod command. Use
>         single quotes around the password hash:
> 
>         usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
> 
>         :rjs
> 
>         On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg
>         <GWilson at sakuraus.com <mailto:GWilson at sakuraus.com>> wrote:
> 
>             Hi Rudolf,
> 
>             I've had more time to work with this and I'm still having problems getting
>             everything to work properly. I've attached the image recipe recipe that I'm
>             using so I don't leave any thing out that may be relevant.
> 
>             When I build with a password that is no more more than 8 characters long
>             and no non-alphabetic characters:
> 
>             SAKURA_PASSWD = "Distract"
>             SAKURA_PASS = "WRsDFfg1BsrDM"
> 
>             everything works correctly.
> 
>             I first tried that using the `openssl ...` form, and then I tried the
>             -1, MD5 BSD form and had problems, so I changed to doing the openssl
>             on the command line and making sure that I don't have any characters
>             that display as '.' or '/'. Again, if I don't do more than 8 characters
>             and no special characters everything works.
> 
>             When I changed to using 'Ds$tr at ct' it stopped working. The build finishes
>             and the log file shows the usermod being exectued correctly:
> 
>             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
> 
>             But when I try to sign in it doesn't work.
> 
>             I then tried the 10 character password 'Distracted', the build fails:
> 
>             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>             Usage: usermod [options] LOGIN
> 
>             Options:
>                -c, --comment COMMENT         new value of the GECOS field
>                -d, --home HOME_DIR           new home directory for the user account
>                -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
>                -f, --inactive INACTIVE       set password inactive after expiration
>                                              to INACTIVE
>                -g, --gid GROUP               force use GROUP as new primary group
>                -G, --groups GROUPS           new list of supplementary GROUPS
>                -a, --append                  append the user to the supplemental GROUPS
>                                              mentioned by the -G option without removing
>                                              him/her from other groups
>                -h, --help                    display this help message and exit
>                -l, --login NEW_LOGIN         new value of the login name
>                -L, --lock                    lock the user account
>                -m, --move-home               move contents of the home directory to the
>                                              new location (use only with -d)
>                -o, --non-unique              allow using duplicate (non-unique) UID
>                -p, --password PASSWORD       use encrypted password for the new password
>                -P, --clear-password PASSWORD use clear password for the new password
>                -R, --root CHROOT_DIR         directory to chroot into
>                -s, --shell SHELL             new login shell for the user account
>                -u, --uid UID                 new UID for the user account
>                -U, --unlock                  unlock the user account
>                -v, --add-subuids FIRST-LAST  add range of subordinate uids
>                -V, --del-subuids FIRST-LAST  remove range of subordinate uids
>                -w, --add-subgids FIRST-LAST  add range of subordinate gids
>                -W, --del-subgids FIRST-LAST  remove range of subordinate gids
> 
>             ERROR: scribe: usermod command did not succeed.
> 
>             So, even though I'm putting in the openssl output:
>             openssl passwd -1 "Distracted"
>             $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
> 
>             that I get back from what should be a valid run of openssl, I don't see anything
>             from the password on the usermod command line:
>               "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
> 
>             I don't understand why the short passwords and passing along the proper hash works,
>             but not the longer password.
> 
>             It also doesn't make sense that I can't put in the '$' & '@' characters and
>             have them work.
> 
>             Any suggestions would be greatly appreciated.
> 
>             Greg
> 
>             ------------------------------------------------------------------------
>             *From:* Rudolf Streif <rudolf.streif at ibeeto.com
>             <mailto:rudolf.streif at ibeeto.com>>
>             *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>             *To:* Greg Wilson-Lindberg
>             *Cc:* Yocto list discussion
>             *Subject:* Re: [yocto] problem adding a user
>             Glad to hear that it works now. I am planning on attending
>             the YP DevDay.
> 
>             :rjs
> 
>             On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg
>             <GWilson at sakuraus.com <mailto:GWilson at sakuraus.com>> wrote:
> 
>                 Thank you very much, that got me back on the right path.____
> 
>                 Maybe I'll see you at the Yocto day at the Embedded
>                 Linux Conference.____
> 
>                 Regards,____
> 
>                 cid:image001.png at 01D35D7D.179A7510____
> 
>                 *Greg Wilson-Lindberg ____*
> 
>                 *Principal Firmware Engineer | Sakura Finetek USA, Inc.
>                 ____*
> 
>                 *____*
> 
>                 1750 W 214^th Street | Torrance, CA 90501 | U.S.A. ____
> 
>                 T: +1 310 783 5075 ____
> 
>                 F: +1 310 618 6902 | E: gwilson at sakuraus.com
>                 <mailto:gwilson at sakuraus.com>____
> 
>                 www.sakuraus.com <http://www.sakuraus.com>____
> 
>                 ____
> 
>                 cid:image002.png at 01D35D7D.179A7510____
> 
>                 	
> 
>                 cid:image003.png at 01D35D7D.179A7510____
> 
>                 ------------------------------------------------------------------------
> 
>                 Confidentiality Notice: This e-mail transmission may
>                 contain confidential or legally privileged information
>                 that is intended only for the individual or entity named
>                 in the e-mail address. If you are not the intended
>                 recipient, you are hereby notified that any disclosure,
>                 copying, distribution, or reliance upon the contents of
>                 this e-mail is strictly prohibited. If you have received
>                 this e-mail transmission in error, please reply to the
>                 sender, so that Sakura Finetek USA, Inc. can arrange for
>                 proper delivery, and then please delete the message from
>                 your inbox. Thank you.____
> 
>                 __ __
> 
>                 __ __
> 
>                 *From:*Rudolf J Streif [mailto:rudolf.streif at ibeeto.com
>                 <mailto:rudolf.streif at ibeeto.com>]
>                 *Sent:* Wednesday, May 15, 2019 01:30 PM
>                 *To:* Greg Wilson-Lindberg <GWilson at sakuraus.com
>                 <mailto:GWilson at sakuraus.com>>; Yocto list discussion
>                 <yocto at yoctoproject.org <mailto:yocto at yoctoproject.org>>
>                 *Subject:* Re: [yocto] problem adding a user____
> 
>                 __ __
> 
>                 Instead of____
> 
>                 __ __
> 
>                 useradd -p `openssl passwd test` sakura____
> 
>                 __ __
> 
>                 which attempts to add the user and set the password
>                 which fails if the user already exists, use____
> 
>                 __ __
> 
>                 usermod -p `openssl passwd test` sakura____
> 
>                 __ __
> 
>                 which sets the user's password.____
> 
>                 __ __
> 
>                 :rjs____
> 
>                 __ __
> 
>                 On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____
> 
>                     Ok, I had been using the useradd class in a couple
>                     of other recipes to allow me to copy files to the
>                     sakura user directory and another location, but
>                     owned by sakura. That seems to have been what was
>                     causing the problem.____
> 
>                     __ __
> 
>                     I had been using the extrausers class in my
>                     top level image recipe.____
> 
> 
>                     So now how do I get all of this to work together? Do
>                     I need to put everything that touches the sakura
>                     user in the same recipe? It seems that I need to use
>                     only one of the useradd or extrausers classes?____
> 
>                     __ __
> 
>                     Greg____
> 
>                     ------------------------------------------------------------------------
> 
>                     *From:*Rudolf J Streif <rudolf.streif at ibeeto.com>
>                     <mailto:rudolf.streif at ibeeto.com>
>                     *Sent:* Wednesday, May 15, 2019 12:31 PM
>                     *To:* Greg Wilson-Lindberg; Yocto list discussion
>                     *Subject:* Re: [yocto] problem adding a user____
> 
>                     ____
> 
>                     The ! for the password in /etc/shadow indicates that
>                     the account is disabled:____
> 
>                     sakura:!:18031:0:99999:7:::____
> 
>                     __ __
> 
>                     Either there is something wrong with the password
>                     generation or it gets disabled by something else.
>                     Maybe it's worth trying with a plain image without
>                     Boot2Qt or anything else.____
> 
>                     __ __
> 
>                     :rjs____
> 
>                     __ __
> 
>                     __ __
> 
>                     On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:____
> 
>                         Hi Rudolf,____
> 
>                         1st, yes I inherit extrausers. Attached are the
>                         passwd & shadow files.____
> 
>                         __ __
> 
>                         It shouldn't make any difference, but I'm
>                         building this for an RPi3 using the Qt Boot2Qt
>                         version of the Yocto environment, distro 2.5.3.____
> 
>                         __ __
> 
>                         Greg____
> 
>                         ------------------------------------------------------------------------
> 
>                         *From:*Rudolf J Streif
>                         <rudolf.streif at ibeeto.com>
>                         <mailto:rudolf.streif at ibeeto.com>
>                         *Sent:* Wednesday, May 15, 2019 11:26 AM
>                         *To:* Greg Wilson-Lindberg; Yocto list discussion
>                         *Subject:* Re: [yocto] problem adding a user____
> 
>                         ____
> 
>                         Hi Greg,____
> 
>                         __ __
> 
>                         > I've also tried both the back-quote and the single-quote, no difference.____
> 
>                         __ __
> 
>                         Help me to understand this. the back-quotes are
>                         the right ones. If you use the single ones your
>                         password in the /etc/shadow ends up being
>                         'openssl passwd test' (without the quotes),
>                         unless the build fails because of a parsing
>                         error (I have not tried it). Silly question, you
>                         did inherit extrausers class?____
> 
>                         __ __
> 
>                         Can you post your /etc/passwd and /etc/shadow____
> 
>                         __ __
> 
>                         I am surprised that this does not work with your
>                         setup. I have been doing this a gazillion times
>                         always with success.____
> 
>                         __ __
> 
>                         :rjs____
> 
>                         __ __
> 
>                         __ __
> 
>                         __ __
> 
>                         On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:____
> 
>                             Hi Rudolf,____
> 
>                             Thanks for the reply, and the information on
>                             how openssl works.____
> 
>                             __ __
> 
>                             I'm trying to create a user with the same
>                             group name so the code that I'm using
>                             reduces to:____
> 
>                             EXTRA_USERS_PARAMS = "\____
> 
>                                  useradd -p `openssl passwd test` sakura; \____
> 
>                                  usermod -a -G sudo ${SAKURA_USER}; \____
> 
>                                  "____
> 
>                             I also, as you can see, removed the macros
>                             to eliminate as much confusion as possible. ____
> 
>                             __ __
> 
>                             I still can't login in using
>                             the password 'test'.____
> 
>                             __ __
> 
>                             I've also tried both the back-quote and the
>                             single-quote, no difference.____
> 
>                             Regards,____
> 
>                             __ __
> 
>                             Greg____
> 
>                             ------------------------------------------------------------------------
> 
>                             *From:*Rudolf J Streif
>                             <rudolf.streif at ibeeto.com>
>                             <mailto:rudolf.streif at ibeeto.com>
>                             *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>                             *To:* Greg Wilson-Lindberg; Yocto list
>                             discussion
>                             *Subject:* Re: [yocto] problem adding a user____
> 
>                             ____
> 
>                             Hi Greg,
> 
>                             Well, I suppose I wrote the book you are
>                             referring to...
> 
> 
>                             Using
> 
>                             useradd -p PASSWORD USER
> 
>                             takes the password hash for PASSWORD hence
>                             the use of openssl in:
> 
>                             useadd -p `openssl passwd PASSWORD` USER
> 
>                             openssl password creates the password hash
>                             using the original crypt hash
>                             algorithm if no other options are specified.
>                             e.g.
> 
>                             $ openssl passwd hello
>                             6hEsTksgRkeiI
> 
>                             With this the first two characters of the
>                             output is the salt and the
>                             rest is the password hash. If you want
>                             openssl to create the same result
>                             again:
> 
>                             $ openssl passwd -salt "6h" hello
>                             6hEsTksgRkeiI
> 
>                             You can use newer algorithms like MD5 based
>                             BSD password algorithm 1:
> 
>                             $ openssl passwd -1 hello
>                             $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
> 
>                             $1 : password algorithm 1
>                             $4Mu8Fcs. : salt
>                             $eIKgPP7RCYrb3lFZjhADA1 : password hash
> 
> 
>                             If you log into the system you have to use
>                             the clear password. The
>                             system reads the salt, creates the password
>                             hash and compares the results.
> 
> 
>                             :rjs
> 
> 
>                             On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>                             > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>                             >
>                             >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>                             >
>                             > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
>                             > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
>                             > produces a different value?
>                             >
>                             > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
>                             > account.
>                             >
>                             > I've obviously got something confused, any help would be appreciated.
>                             >
>                             > Greg Wilson-Lindberg
>                             >   
> 
>                             -- 
>                             -----
>                             Rudolf J Streif
>                             CEO/CTO ibeeto
>                             +1.855.442.3396 x700____
> 
>                         -- ____
> 
>                         -----____
> 
>                         Rudolf J Streif____
> 
>                         CEO/CTO ibeeto____
> 
>                         +1.855.442.3396 x700____
> 
>                     -- ____
> 
>                     -----____
> 
>                     Rudolf J Streif____
> 
>                     CEO/CTO ibeeto____
> 
>                     +1.855.442.3396 x700____
> 
>                 -- ____
> 
>                 -----____
> 
>                 Rudolf J Streif____
> 
>                 CEO/CTO ibeeto____
> 
>                 +1.855.442.3396 x700____
> 
> 
> 
>     -- 
>     Rudolf J Streif
>     CEO/CTO
>     ibeeto, Streif Enterprises Inc.
> 
> 
> 
> -- 
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
> 


More information about the yocto mailing list