Re: [OE-core] [PATCH 2/3] image.bbclass: remove zap_root_password

Tue, 10 Dec 2013 19:19:37 -0800 

On 12/10/2013 11:36 PM, Mark Hatle wrote:

On 12/10/13, 6:15 AM, Paul Eggleton wrote:

Hi Qi,

On Tuesday 10 December 2013 17:58:51 qi.c...@windriver.com wrote:

From: Chen Qi <qi.c...@windriver.com>

This function replaces the root password with '*' if 'debug-tweaks'
is not in IMAGE_FEATURES. As a result, if we don't have 'debug-tweaks',
we would be locked out of the system. That means, if the user uses a
bbappend file for base-passwd to set the root password, he would not be
able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set
the root password, he would still not be able to login as root.
In a word, this function should be removed to make things work correctly.
Er, unless I'm missing something about what you're adding in the other patch, you *cannot* simply remove this. The intentional design of the existing code is that having "debug-tweaks" in IMAGE_FEATURES means that you can log in as root with no password; but most importantly if "debug-tweaks" is not present you cannot log in at all as root (in the absence of anything that sets the 
root password, of course). Any changes must preserve this behaviour.
I agree. The default behavior on most systems should be absolutely no way to directly login as root. Instead logins should occur based on a non-privileged user. (The other patches in that set look good to me.) 

--Mark


Cheers,
Paul





Mark & Paul,

Thanks for your explanation.
I think what we really want is to disallow *empty* root password if 'debug-tweaks' is not in IMAGE_FEATRUES. And if the root password has already been set (via bbappend file or via EXTRA_USERS_PARAMS), we should not zap that password. Maybe the function should be zap_empty_root_password? 

What do you think?

Best Regards,
Chen Qi


_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core




_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to