:rjs
On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg
<gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote:
Rudolf,
Here is the first half of the file, the whole file is over the 500k
limit of free pastebin:
https://pastebin.com/UcnKebce
And here is the 2nd half of the file:
https://pastebin.com/9117tdUU
Greg
------------------------------------------------------------------------
*From:* Rudolf Streif <rudolf.str...@ibeeto.com
<mailto:rudolf.str...@ibeeto.com>>
*Sent:* Wednesday, May 22, 2019 12:42:40 PM
*To:* Greg Wilson-Lindberg
*Cc:* Yocto list discussion
*Subject:* Re: [yocto] problem adding a user
Greg,
Can you share the logfile via Pastebin?
:rjs
On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg
<gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote:
Rudolf,
Something else is happening to me. I changed to this in the
image recipe:
SAKURA_USER = "sakura"
SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
deleting all of the commented out lines, and I get this in the
log file:
..../scribe/1.0-r0/rootfs -p '' sakura]
nothing between the single quotes. It's acting like SAKURA_PASS
is not defined.
This is only happening when I'm trying the MD5 password.
Greg
------------------------------------------------------------------------
*From:* Rudolf Streif <rudolf.str...@ibeeto.com
<mailto:rudolf.str...@ibeeto.com>>
*Sent:* Tuesday, May 21, 2019 5:37:23 AM
*To:* Greg Wilson-Lindberg
*Cc:* Yocto list discussion
*Subject:* Re: [yocto] problem adding a user
Greg,
usermod does not work for the MD5 algorithm with the explicit
password hash as it contains the $ field delimiters which are
interpreted by the shell executing the usermod command. Use
single quotes around the password hash:
usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
:rjs
On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg
<gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote:
Hi Rudolf,
I've had more time to work with this and I'm still having problems
getting
everything to work properly. I've attached the image recipe recipe
that I'm
using so I don't leave any thing out that may be relevant.
When I build with a password that is no more more than 8 characters
long
and no non-alphabetic characters:
SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"
everything works correctly.
I first tried that using the `openssl ...` form, and then I tried
the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8
characters
and no special characters everything works.
When I changed to using 'Ds$tr@ct' it stopped working. The build
finishes
and the log file shows the usermod being exectued correctly:
NOTE: scribe: Performing usermod with [-R
/home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
-p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R
/home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
-a -G sudo,dialout sakura]
But when I try to sign in it doesn't work.
I then tried the 10 character password 'Distracted', the build
fails:
NOTE: scribe: Performing usermod with [-R
/home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
-p sakura]
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user
account
-e, --expiredate EXPIRE_DATE set account expiration date to
EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after
expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary
group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the
supplemental GROUPS
mentioned by the -G option without
removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home
directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique)
UID
-p, --password PASSWORD use encrypted password for the new
password
-P, --clear-password PASSWORD use clear password for the new
password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user
account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
ERROR: scribe: usermod command did not succeed.
So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
that I get back from what should be a valid run of openssl, I don't
see anything
from the password on the usermod command line:
"...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
I don't understand why the short passwords and passing along the
proper hash works,
but not the longer password.
It also doesn't make sense that I can't put in the '$' & '@'
characters and
have them work.
Any suggestions would be greatly appreciated.
Greg
------------------------------------------------------------------------
*From:* Rudolf Streif <rudolf.str...@ibeeto.com
<mailto:rudolf.str...@ibeeto.com>>
*Sent:* Wednesday, May 15, 2019 4:58:26 PM
*To:* Greg Wilson-Lindberg
*Cc:* Yocto list discussion
*Subject:* Re: [yocto] problem adding a user
Glad to hear that it works now. I am planning on attending
the YP DevDay.
:rjs
On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg
<gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.____
Maybe I'll see you at the Yocto day at the Embedded
Linux Conference.____
Regards,____
cid:image001.png@01D35D7D.179A7510____
*Greg Wilson-Lindberg ____*
*Principal Firmware Engineer | Sakura Finetek USA, Inc.
____*
*____*
1750 W 214^th Street | Torrance, CA 90501 | U.S.A. ____
T: +1 310 783 5075 ____
F: +1 310 618 6902 | E: gwil...@sakuraus.com
<mailto:gwil...@sakuraus.com>____
www.sakuraus.com <http://www.sakuraus.com>____
____
cid:image002.png@01D35D7D.179A7510____
cid:image003.png@01D35D7D.179A7510____
------------------------------------------------------------------------
Confidentiality Notice: This e-mail transmission may
contain confidential or legally privileged information
that is intended only for the individual or entity named
in the e-mail address. If you are not the intended
recipient, you are hereby notified that any disclosure,
copying, distribution, or reliance upon the contents of
this e-mail is strictly prohibited. If you have received
this e-mail transmission in error, please reply to the
sender, so that Sakura Finetek USA, Inc. can arrange for
proper delivery, and then please delete the message from
your inbox. Thank you.____
__ __
__ __
*From:*Rudolf J Streif [mailto:rudolf.str...@ibeeto.com
<mailto:rudolf.str...@ibeeto.com>]
*Sent:* Wednesday, May 15, 2019 01:30 PM
*To:* Greg Wilson-Lindberg <gwil...@sakuraus.com
<mailto:gwil...@sakuraus.com>>; Yocto list discussion
<yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>>
*Subject:* Re: [yocto] problem adding a user____
__ __
Instead of____
__ __
useradd -p `openssl passwd test` sakura____
__ __
which attempts to add the user and set the password
which fails if the user already exists, use____
__ __
usermod -p `openssl passwd test` sakura____
__ __
which sets the user's password.____
__ __
:rjs____
__ __
On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____
Ok, I had been using the useradd class in a couple
of other recipes to allow me to copy files to the
sakura user directory and another location, but
owned by sakura. That seems to have been what was
causing the problem.____
__ __
I had been using the extrausers class in my
top level image recipe.____
So now how do I get all of this to work together? Do
I need to put everything that touches the sakura
user in the same recipe? It seems that I need to use
only one of the useradd or extrausers classes?____
__ __
Greg____
------------------------------------------------------------------------
*From:*Rudolf J Streif <rudolf.str...@ibeeto.com>
<mailto:rudolf.str...@ibeeto.com>
*Sent:* Wednesday, May 15, 2019 12:31 PM
*To:* Greg Wilson-Lindberg; Yocto list discussion
*Subject:* Re: [yocto] problem adding a user____
____
The ! for the password in /etc/shadow indicates that
the account is disabled:____
sakura:!:18031:0:99999:7:::____
__ __
Either there is something wrong with the password
generation or it gets disabled by something else.
Maybe it's worth trying with a plain image without
Boot2Qt or anything else.____
__ __
:rjs____
__ __
__ __
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:____
Hi Rudolf,____
1st, yes I inherit extrausers. Attached are the
passwd & shadow files.____
__ __
It shouldn't make any difference, but I'm
building this for an RPi3 using the Qt Boot2Qt
version of the Yocto environment, distro 2.5.3.____
__ __
Greg____
------------------------------------------------------------------------
*From:*Rudolf J Streif
<rudolf.str...@ibeeto.com>
<mailto:rudolf.str...@ibeeto.com>
*Sent:* Wednesday, May 15, 2019 11:26 AM
*To:* Greg Wilson-Lindberg; Yocto list discussion
*Subject:* Re: [yocto] problem adding a user____
____
Hi Greg,____
__ __
> I've also tried both the back-quote and the
single-quote, no difference.____
__ __
Help me to understand this. the back-quotes are
the right ones. If you use the single ones your
password in the /etc/shadow ends up being
'openssl passwd test' (without the quotes),
unless the build fails because of a parsing
error (I have not tried it). Silly question, you
did inherit extrausers class?____
__ __
Can you post your /etc/passwd and /etc/shadow____
__ __
I am surprised that this does not work with your
setup. I have been doing this a gazillion times
always with success.____
__ __
:rjs____
__ __
__ __
__ __
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:____
Hi Rudolf,____
Thanks for the reply, and the information on
how openssl works.____
__ __
I'm trying to create a user with the same
group name so the code that I'm using
reduces to:____
EXTRA_USERS_PARAMS = "\____
useradd -p `openssl passwd test` sakura; \____
usermod -a -G sudo ${SAKURA_USER}; \____
"____
I also, as you can see, removed the macros
to eliminate as much confusion as possible. ____
__ __
I still can't login in using
the password 'test'.____
__ __
I've also tried both the back-quote and the
single-quote, no difference.____
Regards,____
__ __
Greg____
------------------------------------------------------------------------
*From:*Rudolf J Streif
<rudolf.str...@ibeeto.com>
<mailto:rudolf.str...@ibeeto.com>
*Sent:* Wednesday, May 15, 2019 10:07:47 AM
*To:* Greg Wilson-Lindberg; Yocto list
discussion
*Subject:* Re: [yocto] problem adding a user____
____
Hi Greg,
Well, I suppose I wrote the book you are
referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence
the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash
using the original crypt hash
algorithm if no other options are specified.
e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the
output is the salt and the
rest is the password hash. If you want
openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based
BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use
the clear password. The
system reads the salt, creates the password
hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux
Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample
code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}`
developer; \
>
> uses openssl to generate the encrypted password
string to pass to useradd. I have never been able to get this to work. When I run
the openssl
> command on the cmd line I get a different value
every time, this seems wrong, How can the password code compare against it if
every encode
> produces a different value?
>
> I am getting the user added to the system, the
home directory shows up and the user is in the passwd and group files. I just
can't login to the
> account.
>
> I've obviously got something confused, any help
would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700____
-- ____
-----____
Rudolf J Streif____
CEO/CTO ibeeto____
+1.855.442.3396 x700____
-- ____
-----____
Rudolf J Streif____
CEO/CTO ibeeto____
+1.855.442.3396 x700____
-- ____
-----____
Rudolf J Streif____
CEO/CTO ibeeto____
+1.855.442.3396 x700____
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
