Hi Khem, > -----Original Message----- > From: Khem Raj [mailto:raj.k...@gmail.com] > Sent: Thursday, May 23, 2019 07:11 PM > To: Rudolf Streif <rudolf.str...@ibeeto.com>; Greg Wilson-Lindberg > <gwil...@sakuraus.com> > Cc: Yocto list discussion <yocto@yoctoproject.org> > Subject: Re: [yocto] problem adding a user > > > > On 5/23/19 1:40 PM, Rudolf Streif wrote: > > Greg, > > > > It eluded me earlier but in both instances the variable containing the > > password does not seem to be expanded. > > > > First version without the single quotes: > > > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > > > EXTRA_USERS_PARAMS = "\ > > usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ > > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > > " > > results in: > > > > NOTE: scribe: Performing usermod with [-R > > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor > > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] > > > > and with the quotes: > > > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > > > EXTRA_USERS_PARAMS = "\ > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > > " > > results in: > > NOTE: scribe: Performing usermod with [-R > > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor > > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura] > > > > It looks as if the variable SAKURA_PASS is not set at all. I looked at > > your scribe.bb <http://scribe.bb> recipe you attached earlier but I > > could not find any reason why the variable is not set. Is there a > > chance that it is overridden somewhere elase? > > > > > This is correct with one small nit that we need to escape some characters > which has > special meaning for shell. e.g. $ > > e.g. in local.conf something like below > > INHERIT += "extrausers" > > EXTRA_USERS_PARAMS += "\ > useradd sakura; \ > usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \ " > > might work as you expect.
This does leave the hash in the usermod command line finally. So it is possible to pass MD5 hashes through if the '$' are escaped. I can't use non-alphabetic characters, i.e replace 's' with '$', and 'a' with '@', I can't login with those changes. But MD5 hashes of alphabetic only passwords work for the cases that I have tested. I can also pass the escaped hash in to usermod as a macro. It looks like I've got something that I can work with. Thanks to all for the help that you have so kindly given, Greg > > > :rjs > > > > > > On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg > > <gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote: > > > > Rudolf, > > > > Here is the first half of the file, the whole file is over the 500k > > limit of free pastebin: > > > > https://pastebin.com/UcnKebce > > > > > > And here is the 2nd half of the file: > > > > https://pastebin.com/9117tdUU > > > > > > Greg > > > > ------------------------------------------------------------------------ > > *From:* Rudolf Streif <rudolf.str...@ibeeto.com > > <mailto:rudolf.str...@ibeeto.com>> > > *Sent:* Wednesday, May 22, 2019 12:42:40 PM > > *To:* Greg Wilson-Lindberg > > *Cc:* Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user > > Greg, > > Can you share the logfile via Pastebin? > > :rjs > > > > On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg > > <gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote: > > > > Rudolf, > > > > Something else is happening to me. I changed to this in the > > image recipe: > > > > SAKURA_USER = "sakura" > > > > SAKURA_PASSWD = "Distracted" > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > > > EXTRA_USERS_PARAMS = "\ > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > > " > > > > deleting all of the commented out lines, and I get this in the > > log file: > > > > > > ..../scribe/1.0-r0/rootfs -p '' sakura] > > > > > > nothing between the single quotes. It's acting like SAKURA_PASS > > is not defined. > > > > This is only happening when I'm trying the MD5 password. > > > > > > Greg > > > > > > ------------------------------------------------------------------------ > > *From:* Rudolf Streif <rudolf.str...@ibeeto.com > > <mailto:rudolf.str...@ibeeto.com>> > > *Sent:* Tuesday, May 21, 2019 5:37:23 AM > > *To:* Greg Wilson-Lindberg > > *Cc:* Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user > > Greg, > > > > usermod does not work for the MD5 algorithm with the explicit > > password hash as it contains the $ field delimiters which are > > interpreted by the shell executing the usermod command. Use > > single quotes around the password hash: > > > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; > > > > :rjs > > > > On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg > > <gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote: > > > > Hi Rudolf, > > > > I've had more time to work with this and I'm still having > > problems getting > > everything to work properly. I've attached the image recipe > > recipe that I'm > > using so I don't leave any thing out that may be relevant. > > > > When I build with a password that is no more more than 8 > > characters long > > and no non-alphabetic characters: > > > > SAKURA_PASSWD = "Distract" > > SAKURA_PASS = "WRsDFfg1BsrDM" > > > > everything works correctly. > > > > I first tried that using the `openssl ...` form, and then I > > tried the > > -1, MD5 BSD form and had problems, so I changed to doing the > > openssl > > on the command line and making sure that I don't have any > > characters > > that display as '.' or '/'. Again, if I don't do more than 8 > > characters > > and no special characters everything works. > > > > When I changed to using 'Ds$tr@ct' it stopped working. The > > build finishes > > and the log file shows the usermod being exectued correctly: > > > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt- > 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux- > gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] > > NOTE: scribe: Performing usermod with [-R > > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor > > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G > > sudo,dialout sakura] > > > > But when I try to sign in it doesn't work. > > > > I then tried the 10 character password 'Distracted', the build > > fails: > > > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt- > 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux- > gnueabi/scribe/1.0-r0/rootfs -p sakura] > > Usage: usermod [options] LOGIN > > > > Options: > > -c, --comment COMMENT new value of the GECOS field > > -d, --home HOME_DIR new home directory for the > > user account > > -e, --expiredate EXPIRE_DATE set account expiration date to > EXPIRE_DATE > > -f, --inactive INACTIVE set password inactive after > > expiration > > to INACTIVE > > -g, --gid GROUP force use GROUP as new primary > > group > > -G, --groups GROUPS new list of supplementary > > GROUPS > > -a, --append append the user to the > > supplemental GROUPS > > mentioned by the -G option > > without removing > > him/her from other groups > > -h, --help display this help message and > > exit > > -l, --login NEW_LOGIN new value of the login name > > -L, --lock lock the user account > > -m, --move-home move contents of the home > > directory to the > > new location (use only with -d) > > -o, --non-unique allow using duplicate > > (non-unique) UID > > -p, --password PASSWORD use encrypted password for the > > new > password > > -P, --clear-password PASSWORD use clear password for the new > password > > -R, --root CHROOT_DIR directory to chroot into > > -s, --shell SHELL new login shell for the user > > account > > -u, --uid UID new UID for the user account > > -U, --unlock unlock the user account > > -v, --add-subuids FIRST-LAST add range of subordinate uids > > -V, --del-subuids FIRST-LAST remove range of subordinate > > uids > > -w, --add-subgids FIRST-LAST add range of subordinate gids > > -W, --del-subgids FIRST-LAST remove range of > > subordinate gids > > > > ERROR: scribe: usermod command did not succeed. > > > > So, even though I'm putting in the openssl output: > > openssl passwd -1 "Distracted" > > $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 > > > > that I get back from what should be a valid run of openssl, I > > don't see > anything > > from the password on the usermod command line: > > "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" > > > > I don't understand why the short passwords and passing along > > the proper > hash works, > > but not the longer password. > > > > It also doesn't make sense that I can't put in the '$' & '@' > > characters and > > have them work. > > > > Any suggestions would be greatly appreciated. > > > > Greg > > > > > > ------------------------------------------------------------------------ > > *From:* Rudolf Streif <rudolf.str...@ibeeto.com > > <mailto:rudolf.str...@ibeeto.com>> > > *Sent:* Wednesday, May 15, 2019 4:58:26 PM > > *To:* Greg Wilson-Lindberg > > *Cc:* Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user > > Glad to hear that it works now. I am planning on attending > > the YP DevDay. > > > > :rjs > > > > On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg > > <gwil...@sakuraus.com <mailto:gwil...@sakuraus.com>> wrote: > > > > Thank you very much, that got me back on the right > > path.____ > > > > Maybe I'll see you at the Yocto day at the Embedded > > Linux Conference.____ > > > > Regards,____ > > > > cid:image001.png@01D35D7D.179A7510____ > > > > *Greg Wilson-Lindberg ____* > > > > *Principal Firmware Engineer | Sakura Finetek USA, Inc. > > ____* > > > > *____* > > > > 1750 W 214^th Street | Torrance, CA 90501 | U.S.A. > > ____ > > > > T: +1 310 783 5075 ____ > > > > F: +1 310 618 6902 | E: gwil...@sakuraus.com > > <mailto:gwil...@sakuraus.com>____ > > > > www.sakuraus.com <http://www.sakuraus.com>____ > > > > ____ > > > > cid:image002.png@01D35D7D.179A7510____ > > > > > > > > cid:image003.png@01D35D7D.179A7510____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > Confidentiality Notice: This e-mail transmission may > > contain confidential or legally privileged information > > that is intended only for the individual or entity named > > in the e-mail address. If you are not the intended > > recipient, you are hereby notified that any disclosure, > > copying, distribution, or reliance upon the contents of > > this e-mail is strictly prohibited. If you have received > > this e-mail transmission in error, please reply to the > > sender, so that Sakura Finetek USA, Inc. can arrange for > > proper delivery, and then please delete the message from > > your inbox. Thank you.____ > > > > __ __ > > > > __ __ > > > > *From:*Rudolf J Streif [mailto:rudolf.str...@ibeeto.com > > <mailto:rudolf.str...@ibeeto.com>] > > *Sent:* Wednesday, May 15, 2019 01:30 PM > > *To:* Greg Wilson-Lindberg <gwil...@sakuraus.com > > <mailto:gwil...@sakuraus.com>>; Yocto list discussion > > <yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>> > > *Subject:* Re: [yocto] problem adding a user____ > > > > __ __ > > > > Instead of____ > > > > __ __ > > > > useradd -p `openssl passwd test` sakura____ > > > > __ __ > > > > which attempts to add the user and set the password > > which fails if the user already exists, use____ > > > > __ __ > > > > usermod -p `openssl passwd test` sakura____ > > > > __ __ > > > > which sets the user's password.____ > > > > __ __ > > > > :rjs____ > > > > __ __ > > > > On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____ > > > > Ok, I had been using the useradd class in a couple > > of other recipes to allow me to copy files to the > > sakura user directory and another location, but > > owned by sakura. That seems to have been what was > > causing the problem.____ > > > > __ __ > > > > I had been using the extrausers class in my > > top level image recipe.____ > > > > > > So now how do I get all of this to work together? Do > > I need to put everything that touches the sakura > > user in the same recipe? It seems that I need to use > > only one of the useradd or extrausers classes?____ > > > > __ __ > > > > Greg____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > *From:*Rudolf J Streif <rudolf.str...@ibeeto.com> > > <mailto:rudolf.str...@ibeeto.com> > > *Sent:* Wednesday, May 15, 2019 12:31 PM > > *To:* Greg Wilson-Lindberg; Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user____ > > > > ____ > > > > The ! for the password in /etc/shadow indicates that > > the account is disabled:____ > > > > sakura:!:18031:0:99999:7:::____ > > > > __ __ > > > > Either there is something wrong with the password > > generation or it gets disabled by something else. > > Maybe it's worth trying with a plain image without > > Boot2Qt or anything else.____ > > > > __ __ > > > > :rjs____ > > > > __ __ > > > > __ __ > > > > On 5/15/19 11:46 AM, Greg Wilson-Lindberg > > wrote:____ > > > > Hi Rudolf,____ > > > > 1st, yes I inherit extrausers. Attached are the > > passwd & shadow files.____ > > > > __ __ > > > > It shouldn't make any difference, but I'm > > building this for an RPi3 using the Qt Boot2Qt > > version of the Yocto environment, distro > > 2.5.3.____ > > > > __ __ > > > > Greg____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > *From:*Rudolf J Streif > > <rudolf.str...@ibeeto.com> > > <mailto:rudolf.str...@ibeeto.com> > > *Sent:* Wednesday, May 15, 2019 11:26 AM > > *To:* Greg Wilson-Lindberg; Yocto list discussion > > *Subject:* Re: [yocto] problem adding a > > user____ > > > > ____ > > > > Hi Greg,____ > > > > __ __ > > > > > I've also tried both the back-quote and the > > single-quote, no difference.____ > > > > __ __ > > > > Help me to understand this. the back-quotes are > > the right ones. If you use the single ones your > > password in the /etc/shadow ends up being > > 'openssl passwd test' (without the quotes), > > unless the build fails because of a parsing > > error (I have not tried it). Silly question, you > > did inherit extrausers class?____ > > > > __ __ > > > > Can you post your /etc/passwd and > > /etc/shadow____ > > > > __ __ > > > > I am surprised that this does not work with your > > setup. I have been doing this a gazillion times > > always with success.____ > > > > __ __ > > > > :rjs____ > > > > __ __ > > > > __ __ > > > > __ __ > > > > On 5/15/19 11:03 AM, Greg Wilson-Lindberg > > wrote:____ > > > > Hi Rudolf,____ > > > > Thanks for the reply, and the information on > > how openssl works.____ > > > > __ __ > > > > I'm trying to create a user with the same > > group name so the code that I'm using > > reduces to:____ > > > > EXTRA_USERS_PARAMS = "\____ > > > > useradd -p `openssl passwd test` > > sakura; \____ > > > > usermod -a -G sudo ${SAKURA_USER}; > > \____ > > > > "____ > > > > I also, as you can see, removed the macros > > to eliminate as much confusion as > > possible. ____ > > > > __ __ > > > > I still can't login in using > > the password 'test'.____ > > > > __ __ > > > > I've also tried both the back-quote and the > > single-quote, no difference.____ > > > > Regards,____ > > > > __ __ > > > > Greg____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > *From:*Rudolf J Streif > > <rudolf.str...@ibeeto.com> > > <mailto:rudolf.str...@ibeeto.com> > > *Sent:* Wednesday, May 15, 2019 10:07:47 AM > > *To:* Greg Wilson-Lindberg; Yocto list > > discussion > > *Subject:* Re: [yocto] problem adding a > > user____ > > > > ____ > > > > Hi Greg, > > > > Well, I suppose I wrote the book you are > > referring to... > > > > > > Using > > > > useradd -p PASSWORD USER > > > > takes the password hash for PASSWORD hence > > the use of openssl in: > > > > useadd -p `openssl passwd PASSWORD` USER > > > > openssl password creates the password hash > > using the original crypt hash > > algorithm if no other options are specified. > > e.g. > > > > $ openssl passwd hello > > 6hEsTksgRkeiI > > > > With this the first two characters of the > > output is the salt and the > > rest is the password hash. If you want > > openssl to create the same result > > again: > > > > $ openssl passwd -salt "6h" hello > > 6hEsTksgRkeiI > > > > You can use newer algorithms like MD5 based > > BSD password algorithm 1: > > > > $ openssl passwd -1 hello > > $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 > > > > $1 : password algorithm 1 > > $4Mu8Fcs. : salt > > $eIKgPP7RCYrb3lFZjhADA1 : password hash > > > > > > If you log into the system you have to use > > the clear password. The > > system reads the salt, creates the password > > hash and compares the results. > > > > > > :rjs > > > > > > On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > > > I'm trying to use the example in "Embedded > > Linux Systems > with the Yocto Project" to add a user to my Yocto build. In the book the > sample > code: > > > > > > useradd -p `openssl passwd > > ${DEV_PASSWORD}` > developer; \ > > > > > > uses openssl to generate the encrypted > > password string to > pass to useradd. I have never been able to get this to work. When I run the > openssl > > > command on the cmd line I get a different > > value every time, > this seems wrong, How can the password code compare against it if every encode > > > produces a different value? > > > > > > I am getting the user added to the system, > > the home directory > shows up and the user is in the passwd and group files. I just can't login to > the > > > account. > > > > > > I've obviously got something confused, any > > help would be > appreciated. > > > > > > Greg Wilson-Lindberg > > > > > > > -- > > ----- > > Rudolf J Streif > > CEO/CTO ibeeto > > +1.855.442.3396 x700____ > > > > -- ____ > > > > -----____ > > > > Rudolf J Streif____ > > > > CEO/CTO ibeeto____ > > > > +1.855.442.3396 x700____ > > > > -- ____ > > > > -----____ > > > > Rudolf J Streif____ > > > > CEO/CTO ibeeto____ > > > > +1.855.442.3396 x700____ > > > > -- ____ > > > > -----____ > > > > Rudolf J Streif____ > > > > CEO/CTO ibeeto____ > > > > +1.855.442.3396 x700____ > > > > > > > > -- > > Rudolf J Streif > > CEO/CTO > > ibeeto, Streif Enterprises Inc. > > > > > > > > -- > > Rudolf J Streif > > CEO/CTO > > ibeeto, Streif Enterprises Inc. > > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto