From: Joseph Reynolds <joseph-reyno...@charter.net> This enhances extrausers with a new passwd-expire command that causes a local user's password to be expired as if the `passwd --expire` command was run, so the password needs to be changed on initial login.
Example: EXTRA_USERS_PARAMS += " useradd ... USER; passwd-expire USER;" Tested: on useradd accounts When configured with Linux-PAM, console login prompts for and can successfully change the password. OpenSSH server works. Dropbear SSH server notes the password must be changed but does not offer a password change dialog and rejects the login request. Signed-off-by: Joseph Reynolds <joseph-reyno...@charter.net> Signed-off-by: Kai Kang <kai.k...@windriver.com> --- meta/classes/extrausers.bbclass | 3 +++ meta/classes/useradd_base.bbclass | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass index 32569e97db..90811bfe2a 100644 --- a/meta/classes/extrausers.bbclass +++ b/meta/classes/extrausers.bbclass @@ -46,6 +46,9 @@ set_user_group () { usermod) perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts" ;; + passwd-expire) + perform_passwd_expire "${IMAGE_ROOTFS}" "$opts" + ;; groupmod) perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts" ;; diff --git a/meta/classes/useradd_base.bbclass b/meta/classes/useradd_base.bbclass index 0d0bdb80f5..7f5b9b7219 100644 --- a/meta/classes/useradd_base.bbclass +++ b/meta/classes/useradd_base.bbclass @@ -145,3 +145,21 @@ perform_usermod () { fi set -e } + +perform_passwd_expire () { + local rootdir="$1" + local opts="$2" + bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]" + # Directly set sp_lstchg to 0 without using the passwd command: Only root can do that + local username=`echo "$opts" | awk '{ print $NF }'` + local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`" + if test "x$user_exists" != "x"; then + eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true + local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`" + if test "x$passwd_lastchanged" != "x0"; then + bbfatal "${PN}: passwd --expire operation did not succeed." + fi + else + bbnote "${PN}: user $username doesn't exist, not expiring its password" + fi +} -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#144434): https://lists.openembedded.org/g/openembedded-core/message/144434 Mute This Topic: https://lists.openembedded.org/mt/78153261/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-