* problem adding a user
@ 2019-05-15 0:34 Greg Wilson-Lindberg
2019-05-15 1:28 ` ChenQi
2019-05-15 17:07 ` Rudolf J Streif
0 siblings, 2 replies; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-15 0:34 UTC (permalink / raw)
To: Yocto list discussion
I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
produces a different value?
I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
account.
I've obviously got something confused, any help would be appreciated.
Greg Wilson-Lindberg
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 0:34 problem adding a user Greg Wilson-Lindberg
@ 2019-05-15 1:28 ` ChenQi
2019-05-15 17:07 ` Rudolf J Streif
1 sibling, 0 replies; 21+ messages in thread
From: ChenQi @ 2019-05-15 1:28 UTC (permalink / raw)
To: Greg Wilson-Lindberg, Yocto list discussion
On 05/15/2019 08:34 AM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
You could just use something like:
useradd -P 123456 developer
Best Regards,
Chen Qi
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 0:34 problem adding a user Greg Wilson-Lindberg
2019-05-15 1:28 ` ChenQi
@ 2019-05-15 17:07 ` Rudolf J Streif
2019-05-15 18:03 ` Greg Wilson-Lindberg
1 sibling, 1 reply; 21+ messages in thread
From: Rudolf J Streif @ 2019-05-15 17:07 UTC (permalink / raw)
To: Greg Wilson-Lindberg, Yocto list discussion
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 17:07 ` Rudolf J Streif
@ 2019-05-15 18:03 ` Greg Wilson-Lindberg
2019-05-15 18:26 ` Rudolf J Streif
0 siblings, 1 reply; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-15 18:03 UTC (permalink / raw)
To: Rudolf J Streif, Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 2676 bytes --]
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #2: Type: text/html, Size: 4445 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 18:03 ` Greg Wilson-Lindberg
@ 2019-05-15 18:26 ` Rudolf J Streif
2019-05-15 18:46 ` Greg Wilson-Lindberg
0 siblings, 1 reply; 21+ messages in thread
From: Rudolf J Streif @ 2019-05-15 18:26 UTC (permalink / raw)
To: Greg Wilson-Lindberg, Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 3640 bytes --]
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you
use the single ones your password in the /etc/shadow ends up being
'openssl passwd test' (without the quotes), unless the build fails
because of a parsing error (I have not tried it). Silly question, you
did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been
doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> Thanks for the reply, and the information on how openssl works.
>
>
> I'm trying to create a user with the same group name so the code that
> I'm using reduces to:
>
> EXTRA_USERS_PARAMS = "\
> useradd -p `openssl passwd test` sakura; \
> usermod -a -G sudo ${SAKURA_USER}; \
> "
> I also, as you can see, removed the macros to eliminate as much
> confusion as possible.
>
>
> I still can't login in using the password 'test'.
>
>
> I've also tried both the back-quote and the single-quote, no difference.
>
> Regards,
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
> Hi Greg,
>
> Well, I suppose I wrote the book you are referring to...
>
>
> Using
>
> useradd -p PASSWORD USER
>
> takes the password hash for PASSWORD hence the use of openssl in:
>
> useadd -p `openssl passwd PASSWORD` USER
>
> openssl password creates the password hash using the original crypt hash
> algorithm if no other options are specified. e.g.
>
> $ openssl passwd hello
> 6hEsTksgRkeiI
>
> With this the first two characters of the output is the salt and the
> rest is the password hash. If you want openssl to create the same result
> again:
>
> $ openssl passwd -salt "6h" hello
> 6hEsTksgRkeiI
>
> You can use newer algorithms like MD5 based BSD password algorithm 1:
>
> $ openssl passwd -1 hello
> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>
> $1 : password algorithm 1
> $4Mu8Fcs. : salt
> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>
>
> If you log into the system you have to use the clear password. The
> system reads the salt, creates the password hash and compares the results.
>
>
> :rjs
>
>
> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> > I'm trying to use the example in "Embedded Linux Systems with the
> Yocto Project" to add a user to my Yocto build. In the book the sample
> code:
> >
> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
> >
> > uses openssl to generate the encrypted password string to pass to
> useradd. I have never been able to get this to work. When I run the
> openssl
> > command on the cmd line I get a different value every time, this
> seems wrong, How can the password code compare against it if every encode
> > produces a different value?
> >
> > I am getting the user added to the system, the home directory shows
> up and the user is in the passwd and group files. I just can't login
> to the
> > account.
> >
> > I've obviously got something confused, any help would be appreciated.
> >
> > Greg Wilson-Lindberg
> >
>
> --
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #2: Type: text/html, Size: 7305 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 18:26 ` Rudolf J Streif
@ 2019-05-15 18:46 ` Greg Wilson-Lindberg
2019-05-15 19:31 ` Rudolf J Streif
0 siblings, 1 reply; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-15 18:46 UTC (permalink / raw)
To: Rudolf J Streif, Yocto list discussion
[-- Attachment #1.1: Type: text/plain, Size: 3882 bytes --]
Hi Rudolf,
1st, yes I inherit extrausers. Attached are the passwd & shadow files.
It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #1.2: Type: text/html, Size: 6067 bytes --]
[-- Attachment #2: passwd --]
[-- Type: application/octet-stream, Size: 1128 bytes --]
root:x:0:0:root:/home/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
mysql:x:990:987::/var/mysql:/bin/false
systemd-bus-proxy:x:991:988::/:/bin/nologin
polkitd:x:992:990::/etc/polkit-1:/bin/sh
systemd-resolve:x:993:991::/:/bin/nologin
systemd-network:x:994:992::/:/bin/nologin
systemd-timesync:x:995:993::/:/bin/nologin
messagebus:x:996:995::/var/lib/dbus:/bin/false
sakura:x:997:997::/home/sakura:/bin/bash
sshd:x:998:998::/var/run/sshd:/bin/false
rpc:x:999:999::/:/bin/false
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
[-- Attachment #3: shadow --]
[-- Type: application/octet-stream, Size: 792 bytes --]
root::18031:0:99999:7:::
daemon:*:18031:0:99999:7:::
bin:*:18031:0:99999:7:::
sys:*:18031:0:99999:7:::
sync:*:18031:0:99999:7:::
games:*:18031:0:99999:7:::
man:*:18031:0:99999:7:::
lp:*:18031:0:99999:7:::
mail:*:18031:0:99999:7:::
news:*:18031:0:99999:7:::
uucp:*:18031:0:99999:7:::
proxy:*:18031:0:99999:7:::
www-data:*:18031:0:99999:7:::
backup:*:18031:0:99999:7:::
list:*:18031:0:99999:7:::
irc:*:18031:0:99999:7:::
gnats:*:18031:0:99999:7:::
mysql:!:18031:0:99999:7:::
systemd-bus-proxy:!:18031:0:99999:7:::
polkitd:!:18031:0:99999:7:::
systemd-resolve:!:18031:0:99999:7:::
systemd-network:!:18031:0:99999:7:::
systemd-timesync:!:18031:0:99999:7:::
messagebus:!:18031:0:99999:7:::
sakura:!:18031:0:99999:7:::
sshd:!:18031:0:99999:7:::
rpc:!:18031:0:99999:7:::
nobody:*:18031:0:99999:7:::
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 18:46 ` Greg Wilson-Lindberg
@ 2019-05-15 19:31 ` Rudolf J Streif
2019-05-15 20:18 ` Greg Wilson-Lindberg
0 siblings, 1 reply; 21+ messages in thread
From: Rudolf J Streif @ 2019-05-15 19:31 UTC (permalink / raw)
To: Greg Wilson-Lindberg, Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 4769 bytes --]
The ! for the password in /etc/shadow indicates that the account is
disabled:
sakura:!:18031:0:99999:7:::
Either there is something wrong with the password generation or it gets
disabled by something else. Maybe it's worth trying with a plain image
without Boot2Qt or anything else.
:rjs
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>
>
> It shouldn't make any difference, but I'm building this for an RPi3
> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 11:26 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Hi Greg,
>
>
> > I've also tried both the back-quote and the single-quote, no difference.
>
>
> Help me to understand this. the back-quotes are the right ones. If you
> use the single ones your password in the /etc/shadow ends up being
> 'openssl passwd test' (without the quotes), unless the build fails
> because of a parsing error (I have not tried it). Silly question, you
> did inherit extrausers class?
>
>
> Can you post your /etc/passwd and /etc/shadow
>
>
> I am surprised that this does not work with your setup. I have been
> doing this a gazillion times always with success.
>
>
> :rjs
>
>
>
>
> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> Thanks for the reply, and the information on how openssl works.
>>
>>
>> I'm trying to create a user with the same group name so the code that
>> I'm using reduces to:
>>
>> EXTRA_USERS_PARAMS = "\
>> useradd -p `openssl passwd test` sakura; \
>> usermod -a -G sudo ${SAKURA_USER}; \
>> "
>> I also, as you can see, removed the macros to eliminate as much
>> confusion as possible.
>>
>>
>> I still can't login in using the password 'test'.
>>
>>
>> I've also tried both the back-quote and the single-quote, no difference.
>>
>> Regards,
>>
>>
>> Greg
>>
>> ------------------------------------------------------------------------
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>> Hi Greg,
>>
>> Well, I suppose I wrote the book you are referring to...
>>
>>
>> Using
>>
>> useradd -p PASSWORD USER
>>
>> takes the password hash for PASSWORD hence the use of openssl in:
>>
>> useadd -p `openssl passwd PASSWORD` USER
>>
>> openssl password creates the password hash using the original crypt hash
>> algorithm if no other options are specified. e.g.
>>
>> $ openssl passwd hello
>> 6hEsTksgRkeiI
>>
>> With this the first two characters of the output is the salt and the
>> rest is the password hash. If you want openssl to create the same result
>> again:
>>
>> $ openssl passwd -salt "6h" hello
>> 6hEsTksgRkeiI
>>
>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>
>> $ openssl passwd -1 hello
>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>
>> $1 : password algorithm 1
>> $4Mu8Fcs. : salt
>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>
>>
>> If you log into the system you have to use the clear password. The
>> system reads the salt, creates the password hash and compares the
>> results.
>>
>>
>> :rjs
>>
>>
>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>> > I'm trying to use the example in "Embedded Linux Systems with the
>> Yocto Project" to add a user to my Yocto build. In the book the
>> sample code:
>> >
>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>> >
>> > uses openssl to generate the encrypted password string to pass to
>> useradd. I have never been able to get this to work. When I run the
>> openssl
>> > command on the cmd line I get a different value every time, this
>> seems wrong, How can the password code compare against it if every encode
>> > produces a different value?
>> >
>> > I am getting the user added to the system, the home directory shows
>> up and the user is in the passwd and group files. I just can't login
>> to the
>> > account.
>> >
>> > I've obviously got something confused, any help would be appreciated.
>> >
>> > Greg Wilson-Lindberg
>> >
>>
>> --
>> -----
>> Rudolf J Streif
>> CEO/CTO ibeeto
>> +1.855.442.3396 x700
>>
> --
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #2: Type: text/html, Size: 10381 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 19:31 ` Rudolf J Streif
@ 2019-05-15 20:18 ` Greg Wilson-Lindberg
2019-05-15 20:30 ` Rudolf J Streif
0 siblings, 1 reply; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-15 20:18 UTC (permalink / raw)
To: Rudolf J Streif, Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 5073 bytes --]
Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.
I had been using the extrausers class in my top level image recipe.
So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
The ! for the password in /etc/shadow indicates that the account is disabled:
sakura:!:18031:0:99999:7:::
Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.
:rjs
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
1st, yes I inherit extrausers. Attached are the passwd & shadow files.
It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #2: Type: text/html, Size: 8079 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 20:18 ` Greg Wilson-Lindberg
@ 2019-05-15 20:30 ` Rudolf J Streif
2019-05-15 20:53 ` Greg Wilson-Lindberg
0 siblings, 1 reply; 21+ messages in thread
From: Rudolf J Streif @ 2019-05-15 20:30 UTC (permalink / raw)
To: Greg Wilson-Lindberg, Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 6182 bytes --]
Instead of
useradd -p `openssl passwd test` sakura
which attempts to add the user and set the password which fails if the
user already exists, use
usermod -p `openssl passwd test` sakura
which sets the user's password.
:rjs
On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>
> Ok, I had been using the useradd class in a couple of other recipes to
> allow me to copy files to the sakura user directory and another
> location, but owned by sakura. That seems to have been what was
> causing the problem.
>
>
> I had been using the extrausers class in my top level image recipe.
>
>
> So now how do I get all of this to work together? Do I need to put
> everything that touches the sakura user in the same recipe? It seems
> that I need to use only one of the useradd or extrausers classes?
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 12:31 PM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> The ! for the password in /etc/shadow indicates that the account is
> disabled:
>
> sakura:!:18031:0:99999:7:::
>
>
> Either there is something wrong with the password generation or it
> gets disabled by something else. Maybe it's worth trying with a plain
> image without Boot2Qt or anything else.
>
>
> :rjs
>
>
>
> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>
>>
>> It shouldn't make any difference, but I'm building this for an RPi3
>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>
>>
>> Greg
>>
>> ------------------------------------------------------------------------
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Hi Greg,
>>
>>
>> > I've also tried both the back-quote and the single-quote, no
>> difference.
>>
>>
>> Help me to understand this. the back-quotes are the right ones. If
>> you use the single ones your password in the /etc/shadow ends up
>> being 'openssl passwd test' (without the quotes), unless the build
>> fails because of a parsing error (I have not tried it). Silly
>> question, you did inherit extrausers class?
>>
>>
>> Can you post your /etc/passwd and /etc/shadow
>>
>>
>> I am surprised that this does not work with your setup. I have been
>> doing this a gazillion times always with success.
>>
>>
>> :rjs
>>
>>
>>
>>
>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> Thanks for the reply, and the information on how openssl works.
>>>
>>>
>>> I'm trying to create a user with the same group name so the code
>>> that I'm using reduces to:
>>>
>>> EXTRA_USERS_PARAMS = "\
>>> useradd -p `openssl passwd test` sakura; \
>>> usermod -a -G sudo ${SAKURA_USER}; \
>>> "
>>> I also, as you can see, removed the macros to eliminate as much
>>> confusion as possible.
>>>
>>>
>>> I still can't login in using the password 'test'.
>>>
>>>
>>> I've also tried both the back-quote and the single-quote, no difference.
>>>
>>> Regards,
>>>
>>>
>>> Greg
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>> Hi Greg,
>>>
>>> Well, I suppose I wrote the book you are referring to...
>>>
>>>
>>> Using
>>>
>>> useradd -p PASSWORD USER
>>>
>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>
>>> useadd -p `openssl passwd PASSWORD` USER
>>>
>>> openssl password creates the password hash using the original crypt
>>> hash
>>> algorithm if no other options are specified. e.g.
>>>
>>> $ openssl passwd hello
>>> 6hEsTksgRkeiI
>>>
>>> With this the first two characters of the output is the salt and the
>>> rest is the password hash. If you want openssl to create the same
>>> result
>>> again:
>>>
>>> $ openssl passwd -salt "6h" hello
>>> 6hEsTksgRkeiI
>>>
>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>
>>> $ openssl passwd -1 hello
>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>
>>> $1 : password algorithm 1
>>> $4Mu8Fcs. : salt
>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>
>>>
>>> If you log into the system you have to use the clear password. The
>>> system reads the salt, creates the password hash and compares the
>>> results.
>>>
>>>
>>> :rjs
>>>
>>>
>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>> Yocto Project" to add a user to my Yocto build. In the book the
>>> sample code:
>>> >
>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>> >
>>> > uses openssl to generate the encrypted password string to pass to
>>> useradd. I have never been able to get this to work. When I run the
>>> openssl
>>> > command on the cmd line I get a different value every time, this
>>> seems wrong, How can the password code compare against it if every
>>> encode
>>> > produces a different value?
>>> >
>>> > I am getting the user added to the system, the home directory
>>> shows up and the user is in the passwd and group files. I just can't
>>> login to the
>>> > account.
>>> >
>>> > I've obviously got something confused, any help would be appreciated.
>>> >
>>> > Greg Wilson-Lindberg
>>> >
>>>
>>> --
>>> -----
>>> Rudolf J Streif
>>> CEO/CTO ibeeto
>>> +1.855.442.3396 x700
>>>
>> --
>> -----
>> Rudolf J Streif
>> CEO/CTO ibeeto
>> +1.855.442.3396 x700
> --
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #2: Type: text/html, Size: 15090 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 20:30 ` Rudolf J Streif
@ 2019-05-15 20:53 ` Greg Wilson-Lindberg
2019-05-15 23:58 ` Rudolf Streif
0 siblings, 1 reply; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-15 20:53 UTC (permalink / raw)
To: Rudolf J Streif, Yocto list discussion
[-- Attachment #1.1: Type: text/plain, Size: 6915 bytes --]
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,
Greg Wilson-Lindberg
Principal Firmware Engineer | Sakura Finetek USA, Inc.
1750 W 214th Street | Torrance, CA 90501 | U.S.A.
T: +1 310 783 5075
F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>
www.sakuraus.com<http://www.sakuraus.com>
[cid:image002.png@01D35D7D.179A7510]
[cid:image003.png@01D35D7D.179A7510]
________________________________
Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.
From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion <yocto@yoctoproject.org>
Subject: Re: [yocto] problem adding a user
Instead of
useradd -p `openssl passwd test` sakura
which attempts to add the user and set the password which fails if the user already exists, use
usermod -p `openssl passwd test` sakura
which sets the user's password.
:rjs
On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.
I had been using the extrausers class in my top level image recipe.
So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
The ! for the password in /etc/shadow indicates that the account is disabled:
sakura:!:18031:0:99999:7:::
Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.
:rjs
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
1st, yes I inherit extrausers. Attached are the passwd & shadow files.
It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #1.2: Type: text/html, Size: 25414 bytes --]
[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 949 bytes --]
[-- Attachment #3: image002.png --]
[-- Type: image/png, Size: 1916 bytes --]
[-- Attachment #4: image003.png --]
[-- Type: image/png, Size: 3012 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 20:53 ` Greg Wilson-Lindberg
@ 2019-05-15 23:58 ` Rudolf Streif
2019-05-20 18:54 ` Greg Wilson-Lindberg
0 siblings, 1 reply; 21+ messages in thread
From: Rudolf Streif @ 2019-05-15 23:58 UTC (permalink / raw)
To: Greg Wilson-Lindberg; +Cc: Yocto list discussion
[-- Attachment #1.1: Type: text/plain, Size: 7663 bytes --]
Glad to hear that it works now. I am planning on attending the YP DevDay.
:rjs
On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:
> Thank you very much, that got me back on the right path.
>
> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>
> Regards,
>
> [image: cid:image001.png@01D35D7D.179A7510]
>
> *Greg Wilson-Lindberg *
>
> *Principal Firmware Engineer | Sakura Finetek USA, Inc. *
>
>
>
> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>
> T: +1 310 783 5075
>
> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>
> www.sakuraus.com
>
>
>
> [image: cid:image002.png@01D35D7D.179A7510]
>
> [image: cid:image003.png@01D35D7D.179A7510]
> ------------------------------
>
> Confidentiality Notice: This e-mail transmission may contain confidential
> or legally privileged information that is intended only for the individual
> or entity named in the e-mail address. If you are not the intended
> recipient, you are hereby notified that any disclosure, copying,
> distribution, or reliance upon the contents of this e-mail is strictly
> prohibited. If you have received this e-mail transmission in error, please
> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
> proper delivery, and then please delete the message from your inbox. Thank
> you.
>
>
>
>
>
> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
> *Sent:* Wednesday, May 15, 2019 01:30 PM
> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion <
> yocto@yoctoproject.org>
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> Instead of
>
>
>
> useradd -p `openssl passwd test` sakura
>
>
>
> which attempts to add the user and set the password which fails if the
> user already exists, use
>
>
>
> usermod -p `openssl passwd test` sakura
>
>
>
> which sets the user's password.
>
>
>
> :rjs
>
>
>
> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>
> Ok, I had been using the useradd class in a couple of other recipes to
> allow me to copy files to the sakura user directory and another location,
> but owned by sakura. That seems to have been what was causing the problem.
>
>
>
> I had been using the extrausers class in my top level image recipe.
>
>
> So now how do I get all of this to work together? Do I need to put
> everything that touches the sakura user in the same recipe? It seems that I
> need to use only one of the useradd or extrausers classes?
>
>
>
> Greg
> ------------------------------
>
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 12:31 PM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> The ! for the password in /etc/shadow indicates that the account is
> disabled:
>
> sakura:!:18031:0:99999:7:::
>
>
>
> Either there is something wrong with the password generation or it gets
> disabled by something else. Maybe it's worth trying with a plain image
> without Boot2Qt or anything else.
>
>
>
> :rjs
>
>
>
>
>
> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>
>
>
> It shouldn't make any difference, but I'm building this for an RPi3 using
> the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>
>
>
> Greg
> ------------------------------
>
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 11:26 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> Hi Greg,
>
>
>
> > I've also tried both the back-quote and the single-quote, no difference.
>
>
>
> Help me to understand this. the back-quotes are the right ones. If you use
> the single ones your password in the /etc/shadow ends up being 'openssl
> passwd test' (without the quotes), unless the build fails because of a
> parsing error (I have not tried it). Silly question, you did inherit
> extrausers class?
>
>
>
> Can you post your /etc/passwd and /etc/shadow
>
>
>
> I am surprised that this does not work with your setup. I have been doing
> this a gazillion times always with success.
>
>
>
> :rjs
>
>
>
>
>
>
>
> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> Thanks for the reply, and the information on how openssl works.
>
>
>
> I'm trying to create a user with the same group name so the code that I'm
> using reduces to:
>
> EXTRA_USERS_PARAMS = "\
>
> useradd -p `openssl passwd test` sakura; \
>
> usermod -a -G sudo ${SAKURA_USER}; \
>
> "
>
> I also, as you can see, removed the macros to eliminate as much confusion
> as possible.
>
>
>
> I still can't login in using the password 'test'.
>
>
>
> I've also tried both the back-quote and the single-quote, no difference.
>
> Regards,
>
>
>
> Greg
> ------------------------------
>
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> Hi Greg,
>
> Well, I suppose I wrote the book you are referring to...
>
>
> Using
>
> useradd -p PASSWORD USER
>
> takes the password hash for PASSWORD hence the use of openssl in:
>
> useadd -p `openssl passwd PASSWORD` USER
>
> openssl password creates the password hash using the original crypt hash
> algorithm if no other options are specified. e.g.
>
> $ openssl passwd hello
> 6hEsTksgRkeiI
>
> With this the first two characters of the output is the salt and the
> rest is the password hash. If you want openssl to create the same result
> again:
>
> $ openssl passwd -salt "6h" hello
> 6hEsTksgRkeiI
>
> You can use newer algorithms like MD5 based BSD password algorithm 1:
>
> $ openssl passwd -1 hello
> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>
> $1 : password algorithm 1
> $4Mu8Fcs. : salt
> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>
>
> If you log into the system you have to use the clear password. The
> system reads the salt, creates the password hash and compares the results.
>
>
> :rjs
>
>
> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> > I'm trying to use the example in "Embedded Linux Systems with the Yocto
> Project" to add a user to my Yocto build. In the book the sample code:
> >
> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
> >
> > uses openssl to generate the encrypted password string to pass to
> useradd. I have never been able to get this to work. When I run the openssl
> > command on the cmd line I get a different value every time, this seems
> wrong, How can the password code compare against it if every encode
> > produces a different value?
> >
> > I am getting the user added to the system, the home directory shows up
> and the user is in the passwd and group files. I just can't login to the
> > account.
> >
> > I've obviously got something confused, any help would be appreciated.
> >
> > Greg Wilson-Lindberg
> >
>
> --
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700
>
> --
>
> -----
>
> Rudolf J Streif
>
> CEO/CTO ibeeto
>
> +1.855.442.3396 x700
>
> --
>
> -----
>
> Rudolf J Streif
>
> CEO/CTO ibeeto
>
> +1.855.442.3396 x700
>
> --
>
> -----
>
> Rudolf J Streif
>
> CEO/CTO ibeeto
>
> +1.855.442.3396 x700
>
>
[-- Attachment #1.2: Type: text/html, Size: 21647 bytes --]
[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 949 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-15 23:58 ` Rudolf Streif
@ 2019-05-20 18:54 ` Greg Wilson-Lindberg
2019-05-21 12:37 ` Rudolf Streif
0 siblings, 1 reply; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-20 18:54 UTC (permalink / raw)
To: Rudolf Streif; +Cc: Yocto list discussion
[-- Attachment #1.1: Type: text/plain, Size: 11421 bytes --]
Hi Rudolf,
I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.
When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:
SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"
everything works correctly.
I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.
When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
But when I try to sign in it doesn't work.
I then tried the 10 character password 'Distracted', the build fails:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-P, --clear-password PASSWORD use clear password for the new password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
ERROR: scribe: usermod command did not succeed.
So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
"...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.
It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.
Any suggestions would be greatly appreciated.
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Glad to hear that it works now. I am planning on attending the YP DevDay.
:rjs
On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,
Greg Wilson-Lindberg
Principal Firmware Engineer | Sakura Finetek USA, Inc.
1750 W 214th Street | Torrance, CA 90501 | U.S.A.
T: +1 310 783 5075
F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>
www.sakuraus.com<http://www.sakuraus.com>
[cid:image002.png@01D35D7D.179A7510]
[cid:image003.png@01D35D7D.179A7510]
________________________________
Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.
From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user
Instead of
useradd -p `openssl passwd test` sakura
which attempts to add the user and set the password which fails if the user already exists, use
usermod -p `openssl passwd test` sakura
which sets the user's password.
:rjs
On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.
I had been using the extrausers class in my top level image recipe.
So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
The ! for the password in /etc/shadow indicates that the account is disabled:
sakura:!:18031:0:99999:7:::
Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.
:rjs
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
1st, yes I inherit extrausers. Attached are the passwd & shadow files.
It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #1.2: Type: text/html, Size: 27281 bytes --]
[-- Attachment #2: scribe.bb --]
[-- Type: application/octet-stream, Size: 4611 bytes --]
############################################################################
##
## Copyright (C) 2017 Sakura Finetek Inc.
##
## Custom image recipe
##
############################################################################
DESCRIPTION = "Scribe B2Qt embedded Qt5 image"
PR = "r0"
DEPLOY_CONF_TYPE = "Boot2Qt"
IMAGE_FEATURES += "\
package-management \
ssh-server-openssh \
tools-debug \
debug-tweaks \
hwcodecs \
splash \
"
# 'debug-tweaks' allows user to login as root with no password
# before production need to remove debug-tweaks above
# uncomment line below
#IMAGE_FEATURES -= " debug-tweaks"
############################################################################
##
## The following is only for development images, don't want this for production builds
##
############################################################################
SDKIMAGE_FEATURES += "dev-pkgs dbg-pkgs staticdev-pkgs"
############################################################################
##
## End Development Only
##
############################################################################
inherit core-image qbsp-image
inherit consistent_timestamps
inherit populate_sdk_qt5
inherit extrausers
DISABLE_STATIC = ""
IMAGE_INSTALL += "\
packagegroup-b2qt-embedded-base \
packagegroup-b2qt-embedded-tools \
${@bb.utils.contains("DISTRO_FEATURES", "gstreamer010", "packagegroup-b2qt-embedded-gstreamer010", "", d)} \
${@bb.utils.contains("DISTRO_FEATURES", "gstreamer", "packagegroup-b2qt-embedded-gstreamer", "", d)} \
packagegroup-b2qt-qt5-modules \
packagegroup-b2qt-embedded-addons \
pcsc-lite pcsc-lite-lib acsccid \
canfestival zint \
mysql5 \
valgrind \
elfutils \
dfu-util \
can-utils \
nano \
canstart canstart-service \
scribedbconfig scribedbconfig-service \
scribeconfig \
userconfig \
lsof \
ttf-dejavu-sans ttf-dejavu-sans-mono ttf-dejavu-common ttf-dejavu-sans-condensed ttf-dejavu-serif \
ttf-droid-sans ttf-droid-sans-mono ttf-droid-sans-fallback ttf-droid-sans-japanese ttf-droid-serif \
ttf-liberation-mono ttf-liberation-sans ttf-liberation-serif \
ttf-tlwg \
ttf-ubuntu-mono ttf-ubuntu-sans \
ttf-vlgothic \
source-han-sans-cn-fonts source-han-sans-jp-fonts source-han-sans-kr-fonts source-han-sans-tw-fonts \
sudo \
"
# pocketsphinx \ not going to be using this
SAKURA_USER = "sakura"
#SAKURA_PASSWD = "Di$tr@ctedDr1v3r"
#SAKURA_PASS = "$1$Z335E28J$IKN2Uz2Oaeq616zlV/wdb0"
#SAKURA_PASSWD = "Di$tr@cted"
#SAKURA_PASS = "$1$78PuvI1N$PG4jA6myRVYLA8L713IUS0"
### Tested Not Working ----- Won't build
SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
#----- Tested Working end
### Tested Not Working -----
#SAKURA_PASSWD = "Di$tr@ct"
#SAKURA_PASS = "kyNsrvS0elMWU"
#----- Tested Working end
### Tested Working -----
#SAKURA_PASSWD = "Distract"
#SAKURA_PASS = "WRsDFfg1BsrDM"
#----- Tested Working end
### Tested Working -----
#SAKURA_PASSWD = "TesTing1"
#SAKURA_PASS = "Pj7iDzj01qmNE"
#----- Tested Working end
### Tested Working -----
#SAKURA_PASSWD = "test"
#SAKURA_PASS = "D4adHu3z2m0jQ"
#----- Tested Working end
# # Can only use greater than 8 character password if using other than default encryption, see -1 below
# # -1 creates MD5 based BSD style hash, can handle longer than 8 character password
EXTRA_USERS_PARAMS = "\
usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
#usermod -p `openssl passwd -1 ${SAKURA_PASSWD}` ${SAKURA_USER};
modify_sudoers() {
sed 's/# %sudo/%sudo/' < ${IMAGE_ROOTFS}/etc/sudoers > \
${IMAGE_ROOTFS}/etc/sudoers.tmp
mv ${IMAGE_ROOTFS}/etc/sudoers.tmp ${IMAGE_ROOTFS}/etc/sudoers
}
ROOTFS_POSTPROCESS_COMMAND += "modify_sudoers;"
addtask showvars
do_showvars[nostamp] = "1"
python do_showvars() {
# emit only the metadata that are variables and not functions
isfunc = lambda key: bool(d.getVarFlag(key, 'func', False))
vars = sorted((key for key in bb.data.keys(d) \
if not key.startswith('__')))
for var in vars:
if not isfunc(var):
try:
val = d.getVar(var, True)
except Exception as exc:
bb.plain('Expansion of %s threw %s: %s' % \
(var, exc.__class__.__name__, str(exc)))
bb.plain('%s="%s"' % (var, val))
}
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-20 18:54 ` Greg Wilson-Lindberg
@ 2019-05-21 12:37 ` Rudolf Streif
2019-05-21 18:09 ` Greg Wilson-Lindberg
0 siblings, 1 reply; 21+ messages in thread
From: Rudolf Streif @ 2019-05-21 12:37 UTC (permalink / raw)
To: Greg Wilson-Lindberg; +Cc: Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 12754 bytes --]
Greg,
usermod does not work for the MD5 algorithm with the explicit password hash
as it contains the $ field delimiters which are interpreted by the shell
executing the usermod command. Use single quotes around the password hash:
usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
:rjs
On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:
> Hi Rudolf,
>
> I've had more time to work with this and I'm still having problems getting
> everything to work properly. I've attached the image recipe recipe that I'm
> using so I don't leave any thing out that may be relevant.
>
> When I build with a password that is no more more than 8 characters long
> and no non-alphabetic characters:
>
> SAKURA_PASSWD = "Distract"
> SAKURA_PASS = "WRsDFfg1BsrDM"
>
> everything works correctly.
>
> I first tried that using the `openssl ...` form, and then I tried the
> -1, MD5 BSD form and had problems, so I changed to doing the openssl
> on the command line and making sure that I don't have any characters
> that display as '.' or '/'. Again, if I don't do more than 8 characters
> and no special characters everything works.
>
> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
> and the log file shows the usermod being exectued correctly:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>
> But when I try to sign in it doesn't work.
>
> I then tried the 10 character password 'Distracted', the build fails:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
> Usage: usermod [options] LOGIN
>
> Options:
> -c, --comment COMMENT new value of the GECOS field
> -d, --home HOME_DIR new home directory for the user account
> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
> -f, --inactive INACTIVE set password inactive after expiration
> to INACTIVE
> -g, --gid GROUP force use GROUP as new primary group
> -G, --groups GROUPS new list of supplementary GROUPS
> -a, --append append the user to the supplemental GROUPS
> mentioned by the -G option without removing
> him/her from other groups
> -h, --help display this help message and exit
> -l, --login NEW_LOGIN new value of the login name
> -L, --lock lock the user account
> -m, --move-home move contents of the home directory to the
> new location (use only with -d)
> -o, --non-unique allow using duplicate (non-unique) UID
> -p, --password PASSWORD use encrypted password for the new password
> -P, --clear-password PASSWORD use clear password for the new password
> -R, --root CHROOT_DIR directory to chroot into
> -s, --shell SHELL new login shell for the user account
> -u, --uid UID new UID for the user account
> -U, --unlock unlock the user account
> -v, --add-subuids FIRST-LAST add range of subordinate uids
> -V, --del-subuids FIRST-LAST remove range of subordinate uids
> -w, --add-subgids FIRST-LAST add range of subordinate gids
> -W, --del-subgids FIRST-LAST remove range of subordinate gids
>
> ERROR: scribe: usermod command did not succeed.
>
> So, even though I'm putting in the openssl output:
> openssl passwd -1 "Distracted"
> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>
> that I get back from what should be a valid run of openssl, I don't see anything
> from the password on the usermod command line:
> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>
> I don't understand why the short passwords and passing along the proper hash works,
> but not the longer password.
>
> It also doesn't make sense that I can't put in the '$' & '@' characters and
> have them work.
>
> Any suggestions would be greatly appreciated.
>
> Greg
>
> ------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Glad to hear that it works now. I am planning on attending the YP DevDay.
>
> :rjs
>
> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
> wrote:
>
>> Thank you very much, that got me back on the right path.
>>
>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>
>> Regards,
>>
>> [image: cid:image001.png@01D35D7D.179A7510]
>>
>> *Greg Wilson-Lindberg *
>>
>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. *
>>
>>
>>
>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>>
>> T: +1 310 783 5075
>>
>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>
>> www.sakuraus.com
>>
>>
>>
>> [image: cid:image002.png@01D35D7D.179A7510]
>>
>> [image: cid:image003.png@01D35D7D.179A7510]
>> ------------------------------
>>
>> Confidentiality Notice: This e-mail transmission may contain confidential
>> or legally privileged information that is intended only for the individual
>> or entity named in the e-mail address. If you are not the intended
>> recipient, you are hereby notified that any disclosure, copying,
>> distribution, or reliance upon the contents of this e-mail is strictly
>> prohibited. If you have received this e-mail transmission in error, please
>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>> proper delivery, and then please delete the message from your inbox. Thank
>> you.
>>
>>
>>
>>
>>
>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion
>> <yocto@yoctoproject.org>
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> Instead of
>>
>>
>>
>> useradd -p `openssl passwd test` sakura
>>
>>
>>
>> which attempts to add the user and set the password which fails if the
>> user already exists, use
>>
>>
>>
>> usermod -p `openssl passwd test` sakura
>>
>>
>>
>> which sets the user's password.
>>
>>
>>
>> :rjs
>>
>>
>>
>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>
>> Ok, I had been using the useradd class in a couple of other recipes to
>> allow me to copy files to the sakura user directory and another location,
>> but owned by sakura. That seems to have been what was causing the problem.
>>
>>
>>
>> I had been using the extrausers class in my top level image recipe.
>>
>>
>> So now how do I get all of this to work together? Do I need to put
>> everything that touches the sakura user in the same recipe? It seems that I
>> need to use only one of the useradd or extrausers classes?
>>
>>
>>
>> Greg
>> ------------------------------
>>
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> The ! for the password in /etc/shadow indicates that the account is
>> disabled:
>>
>> sakura:!:18031:0:99999:7:::
>>
>>
>>
>> Either there is something wrong with the password generation or it gets
>> disabled by something else. Maybe it's worth trying with a plain image
>> without Boot2Qt or anything else.
>>
>>
>>
>> :rjs
>>
>>
>>
>>
>>
>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>
>>
>>
>> It shouldn't make any difference, but I'm building this for an RPi3 using
>> the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>
>>
>>
>> Greg
>> ------------------------------
>>
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> Hi Greg,
>>
>>
>>
>> > I've also tried both the back-quote and the single-quote, no difference.
>>
>>
>>
>> Help me to understand this. the back-quotes are the right ones. If you
>> use the single ones your password in the /etc/shadow ends up being 'openssl
>> passwd test' (without the quotes), unless the build fails because of a
>> parsing error (I have not tried it). Silly question, you did inherit
>> extrausers class?
>>
>>
>>
>> Can you post your /etc/passwd and /etc/shadow
>>
>>
>>
>> I am surprised that this does not work with your setup. I have been doing
>> this a gazillion times always with success.
>>
>>
>>
>> :rjs
>>
>>
>>
>>
>>
>>
>>
>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> Thanks for the reply, and the information on how openssl works.
>>
>>
>>
>> I'm trying to create a user with the same group name so the code that I'm
>> using reduces to:
>>
>> EXTRA_USERS_PARAMS = "\
>>
>> useradd -p `openssl passwd test` sakura; \
>>
>> usermod -a -G sudo ${SAKURA_USER}; \
>>
>> "
>>
>> I also, as you can see, removed the macros to eliminate as much confusion
>> as possible.
>>
>>
>>
>> I still can't login in using the password 'test'.
>>
>>
>>
>> I've also tried both the back-quote and the single-quote, no difference.
>>
>> Regards,
>>
>>
>>
>> Greg
>> ------------------------------
>>
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> Hi Greg,
>>
>> Well, I suppose I wrote the book you are referring to...
>>
>>
>> Using
>>
>> useradd -p PASSWORD USER
>>
>> takes the password hash for PASSWORD hence the use of openssl in:
>>
>> useadd -p `openssl passwd PASSWORD` USER
>>
>> openssl password creates the password hash using the original crypt hash
>> algorithm if no other options are specified. e.g.
>>
>> $ openssl passwd hello
>> 6hEsTksgRkeiI
>>
>> With this the first two characters of the output is the salt and the
>> rest is the password hash. If you want openssl to create the same result
>> again:
>>
>> $ openssl passwd -salt "6h" hello
>> 6hEsTksgRkeiI
>>
>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>
>> $ openssl passwd -1 hello
>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>
>> $1 : password algorithm 1
>> $4Mu8Fcs. : salt
>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>
>>
>> If you log into the system you have to use the clear password. The
>> system reads the salt, creates the password hash and compares the results.
>>
>>
>> :rjs
>>
>>
>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>> > I'm trying to use the example in "Embedded Linux Systems with the Yocto
>> Project" to add a user to my Yocto build. In the book the sample code:
>> >
>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>> >
>> > uses openssl to generate the encrypted password string to pass to
>> useradd. I have never been able to get this to work. When I run the openssl
>> > command on the cmd line I get a different value every time, this seems
>> wrong, How can the password code compare against it if every encode
>> > produces a different value?
>> >
>> > I am getting the user added to the system, the home directory shows up
>> and the user is in the passwd and group files. I just can't login to the
>> > account.
>> >
>> > I've obviously got something confused, any help would be appreciated.
>> >
>> > Greg Wilson-Lindberg
>> >
>>
>> --
>> -----
>> Rudolf J Streif
>> CEO/CTO ibeeto
>> +1.855.442.3396 x700
>>
>> --
>>
>> -----
>>
>> Rudolf J Streif
>>
>> CEO/CTO ibeeto
>>
>> +1.855.442.3396 x700
>>
>> --
>>
>> -----
>>
>> Rudolf J Streif
>>
>> CEO/CTO ibeeto
>>
>> +1.855.442.3396 x700
>>
>> --
>>
>> -----
>>
>> Rudolf J Streif
>>
>> CEO/CTO ibeeto
>>
>> +1.855.442.3396 x700
>>
>>
[-- Attachment #2: Type: text/html, Size: 28054 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-21 12:37 ` Rudolf Streif
@ 2019-05-21 18:09 ` Greg Wilson-Lindberg
2019-05-22 19:42 ` Rudolf Streif
0 siblings, 1 reply; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-21 18:09 UTC (permalink / raw)
To: Rudolf Streif; +Cc: Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 12686 bytes --]
Rudolf,
Something else is happening to me. I changed to this in the image recipe:
SAKURA_USER = "sakura"
SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
deleting all of the commented out lines, and I get this in the log file:
..../scribe/1.0-r0/rootfs -p '' sakura]
nothing between the single quotes. It's acting like SAKURA_PASS is not defined.
This is only happening when I'm trying the MD5 password.
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Tuesday, May 21, 2019 5:37:23 AM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Greg,
usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash:
usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
:rjs
On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Hi Rudolf,
I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.
When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:
SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"
everything works correctly.
I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.
When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
But when I try to sign in it doesn't work.
I then tried the 10 character password 'Distracted', the build fails:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-P, --clear-password PASSWORD use clear password for the new password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
ERROR: scribe: usermod command did not succeed.
So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
"...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.
It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.
Any suggestions would be greatly appreciated.
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Glad to hear that it works now. I am planning on attending the YP DevDay.
:rjs
On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,
Greg Wilson-Lindberg
Principal Firmware Engineer | Sakura Finetek USA, Inc.
1750 W 214th Street | Torrance, CA 90501 | U.S.A.
T: +1 310 783 5075
F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>
www.sakuraus.com<http://www.sakuraus.com>
[cid:image002.png@01D35D7D.179A7510]
[cid:image003.png@01D35D7D.179A7510]
________________________________
Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.
From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user
Instead of
useradd -p `openssl passwd test` sakura
which attempts to add the user and set the password which fails if the user already exists, use
usermod -p `openssl passwd test` sakura
which sets the user's password.
:rjs
On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.
I had been using the extrausers class in my top level image recipe.
So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
The ! for the password in /etc/shadow indicates that the account is disabled:
sakura:!:18031:0:99999:7:::
Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.
:rjs
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
1st, yes I inherit extrausers. Attached are the passwd & shadow files.
It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
[-- Attachment #2: Type: text/html, Size: 30278 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-21 18:09 ` Greg Wilson-Lindberg
@ 2019-05-22 19:42 ` Rudolf Streif
2019-05-22 20:28 ` Greg Wilson-Lindberg
0 siblings, 1 reply; 21+ messages in thread
From: Rudolf Streif @ 2019-05-22 19:42 UTC (permalink / raw)
To: Greg Wilson-Lindberg; +Cc: Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 14311 bytes --]
Greg,
Can you share the logfile via Pastebin?
:rjs
On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:
> Rudolf,
>
> Something else is happening to me. I changed to this in the image recipe:
>
> SAKURA_USER = "sakura"
>
> SAKURA_PASSWD = "Distracted"
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
>
> deleting all of the commented out lines, and I get this in the log file:
>
>
> ..../scribe/1.0-r0/rootfs -p '' sakura]
>
>
> nothing between the single quotes. It's acting like SAKURA_PASS is not
> defined.
>
> This is only happening when I'm trying the MD5 password.
>
>
> Greg
> ------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Greg,
>
> usermod does not work for the MD5 algorithm with the explicit password
> hash as it contains the $ field delimiters which are interpreted by the
> shell executing the usermod command. Use single quotes around the password
> hash:
>
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>
> :rjs
>
> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
> wrote:
>
>> Hi Rudolf,
>>
>> I've had more time to work with this and I'm still having problems getting
>> everything to work properly. I've attached the image recipe recipe that I'm
>> using so I don't leave any thing out that may be relevant.
>>
>> When I build with a password that is no more more than 8 characters long
>> and no non-alphabetic characters:
>>
>> SAKURA_PASSWD = "Distract"
>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>
>> everything works correctly.
>>
>> I first tried that using the `openssl ...` form, and then I tried the
>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>> on the command line and making sure that I don't have any characters
>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>> and no special characters everything works.
>>
>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>> and the log file shows the usermod being exectued correctly:
>>
>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>>
>> But when I try to sign in it doesn't work.
>>
>> I then tried the 10 character password 'Distracted', the build fails:
>>
>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>> Usage: usermod [options] LOGIN
>>
>> Options:
>> -c, --comment COMMENT new value of the GECOS field
>> -d, --home HOME_DIR new home directory for the user account
>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
>> -f, --inactive INACTIVE set password inactive after expiration
>> to INACTIVE
>> -g, --gid GROUP force use GROUP as new primary group
>> -G, --groups GROUPS new list of supplementary GROUPS
>> -a, --append append the user to the supplemental GROUPS
>> mentioned by the -G option without removing
>> him/her from other groups
>> -h, --help display this help message and exit
>> -l, --login NEW_LOGIN new value of the login name
>> -L, --lock lock the user account
>> -m, --move-home move contents of the home directory to the
>> new location (use only with -d)
>> -o, --non-unique allow using duplicate (non-unique) UID
>> -p, --password PASSWORD use encrypted password for the new password
>> -P, --clear-password PASSWORD use clear password for the new password
>> -R, --root CHROOT_DIR directory to chroot into
>> -s, --shell SHELL new login shell for the user account
>> -u, --uid UID new UID for the user account
>> -U, --unlock unlock the user account
>> -v, --add-subuids FIRST-LAST add range of subordinate uids
>> -V, --del-subuids FIRST-LAST remove range of subordinate uids
>> -w, --add-subgids FIRST-LAST add range of subordinate gids
>> -W, --del-subgids FIRST-LAST remove range of subordinate gids
>>
>> ERROR: scribe: usermod command did not succeed.
>>
>> So, even though I'm putting in the openssl output:
>> openssl passwd -1 "Distracted"
>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>
>> that I get back from what should be a valid run of openssl, I don't see anything
>> from the password on the usermod command line:
>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>
>> I don't understand why the short passwords and passing along the proper hash works,
>> but not the longer password.
>>
>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>> have them work.
>>
>> Any suggestions would be greatly appreciated.
>>
>> Greg
>>
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Glad to hear that it works now. I am planning on attending the YP DevDay.
>>
>> :rjs
>>
>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>> wrote:
>>
>>> Thank you very much, that got me back on the right path.
>>>
>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>
>>> Regards,
>>>
>>> [image: cid:image001.png@01D35D7D.179A7510]
>>>
>>> *Greg Wilson-Lindberg *
>>>
>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. *
>>>
>>>
>>>
>>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>>>
>>> T: +1 310 783 5075
>>>
>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>>
>>> www.sakuraus.com
>>>
>>>
>>>
>>> [image: cid:image002.png@01D35D7D.179A7510]
>>>
>>> [image: cid:image003.png@01D35D7D.179A7510]
>>> ------------------------------
>>>
>>> Confidentiality Notice: This e-mail transmission may contain
>>> confidential or legally privileged information that is intended only for
>>> the individual or entity named in the e-mail address. If you are not the
>>> intended recipient, you are hereby notified that any disclosure, copying,
>>> distribution, or reliance upon the contents of this e-mail is strictly
>>> prohibited. If you have received this e-mail transmission in error, please
>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>> proper delivery, and then please delete the message from your inbox. Thank
>>> you.
>>>
>>>
>>>
>>>
>>>
>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list
>>> discussion <yocto@yoctoproject.org>
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Instead of
>>>
>>>
>>>
>>> useradd -p `openssl passwd test` sakura
>>>
>>>
>>>
>>> which attempts to add the user and set the password which fails if the
>>> user already exists, use
>>>
>>>
>>>
>>> usermod -p `openssl passwd test` sakura
>>>
>>>
>>>
>>> which sets the user's password.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>
>>> Ok, I had been using the useradd class in a couple of other recipes to
>>> allow me to copy files to the sakura user directory and another location,
>>> but owned by sakura. That seems to have been what was causing the problem.
>>>
>>>
>>>
>>> I had been using the extrausers class in my top level image recipe.
>>>
>>>
>>> So now how do I get all of this to work together? Do I need to put
>>> everything that touches the sakura user in the same recipe? It seems that I
>>> need to use only one of the useradd or extrausers classes?
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> The ! for the password in /etc/shadow indicates that the account is
>>> disabled:
>>>
>>> sakura:!:18031:0:99999:7:::
>>>
>>>
>>>
>>> Either there is something wrong with the password generation or it gets
>>> disabled by something else. Maybe it's worth trying with a plain image
>>> without Boot2Qt or anything else.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>>
>>>
>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>
>>>
>>>
>>> It shouldn't make any difference, but I'm building this for an RPi3
>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Hi Greg,
>>>
>>>
>>>
>>> > I've also tried both the back-quote and the single-quote, no
>>> difference.
>>>
>>>
>>>
>>> Help me to understand this. the back-quotes are the right ones. If you
>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>> passwd test' (without the quotes), unless the build fails because of a
>>> parsing error (I have not tried it). Silly question, you did inherit
>>> extrausers class?
>>>
>>>
>>>
>>> Can you post your /etc/passwd and /etc/shadow
>>>
>>>
>>>
>>> I am surprised that this does not work with your setup. I have been
>>> doing this a gazillion times always with success.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> Thanks for the reply, and the information on how openssl works.
>>>
>>>
>>>
>>> I'm trying to create a user with the same group name so the code that
>>> I'm using reduces to:
>>>
>>> EXTRA_USERS_PARAMS = "\
>>>
>>> useradd -p `openssl passwd test` sakura; \
>>>
>>> usermod -a -G sudo ${SAKURA_USER}; \
>>>
>>> "
>>>
>>> I also, as you can see, removed the macros to eliminate as much
>>> confusion as possible.
>>>
>>>
>>>
>>> I still can't login in using the password 'test'.
>>>
>>>
>>>
>>> I've also tried both the back-quote and the single-quote, no difference.
>>>
>>> Regards,
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Hi Greg,
>>>
>>> Well, I suppose I wrote the book you are referring to...
>>>
>>>
>>> Using
>>>
>>> useradd -p PASSWORD USER
>>>
>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>
>>> useadd -p `openssl passwd PASSWORD` USER
>>>
>>> openssl password creates the password hash using the original crypt hash
>>> algorithm if no other options are specified. e.g.
>>>
>>> $ openssl passwd hello
>>> 6hEsTksgRkeiI
>>>
>>> With this the first two characters of the output is the salt and the
>>> rest is the password hash. If you want openssl to create the same result
>>> again:
>>>
>>> $ openssl passwd -salt "6h" hello
>>> 6hEsTksgRkeiI
>>>
>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>
>>> $ openssl passwd -1 hello
>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>
>>> $1 : password algorithm 1
>>> $4Mu8Fcs. : salt
>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>
>>>
>>> If you log into the system you have to use the clear password. The
>>> system reads the salt, creates the password hash and compares the
>>> results.
>>>
>>>
>>> :rjs
>>>
>>>
>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>> >
>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>> >
>>> > uses openssl to generate the encrypted password string to pass to
>>> useradd. I have never been able to get this to work. When I run the openssl
>>> > command on the cmd line I get a different value every time, this seems
>>> wrong, How can the password code compare against it if every encode
>>> > produces a different value?
>>> >
>>> > I am getting the user added to the system, the home directory shows up
>>> and the user is in the passwd and group files. I just can't login to the
>>> > account.
>>> >
>>> > I've obviously got something confused, any help would be appreciated.
>>> >
>>> > Greg Wilson-Lindberg
>>> >
>>>
>>> --
>>> -----
>>> Rudolf J Streif
>>> CEO/CTO ibeeto
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>>
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
[-- Attachment #2: Type: text/html, Size: 29957 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-22 19:42 ` Rudolf Streif
@ 2019-05-22 20:28 ` Greg Wilson-Lindberg
2019-05-23 20:40 ` Rudolf Streif
0 siblings, 1 reply; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-22 20:28 UTC (permalink / raw)
To: Rudolf Streif; +Cc: Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 13408 bytes --]
Rudolf,
Here is the first half of the file, the whole file is over the 500k limit of free pastebin:
https://pastebin.com/UcnKebce
And here is the 2nd half of the file:
https://pastebin.com/9117tdUU
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 22, 2019 12:42:40 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Greg,
Can you share the logfile via Pastebin?
:rjs
On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Rudolf,
Something else is happening to me. I changed to this in the image recipe:
SAKURA_USER = "sakura"
SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
deleting all of the commented out lines, and I get this in the log file:
..../scribe/1.0-r0/rootfs -p '' sakura]
nothing between the single quotes. It's acting like SAKURA_PASS is not defined.
This is only happening when I'm trying the MD5 password.
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Tuesday, May 21, 2019 5:37:23 AM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Greg,
usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash:
usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
:rjs
On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Hi Rudolf,
I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.
When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:
SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"
everything works correctly.
I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.
When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
But when I try to sign in it doesn't work.
I then tried the 10 character password 'Distracted', the build fails:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-P, --clear-password PASSWORD use clear password for the new password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
ERROR: scribe: usermod command did not succeed.
So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
"...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.
It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.
Any suggestions would be greatly appreciated.
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Glad to hear that it works now. I am planning on attending the YP DevDay.
:rjs
On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,
Greg Wilson-Lindberg
Principal Firmware Engineer | Sakura Finetek USA, Inc.
1750 W 214th Street | Torrance, CA 90501 | U.S.A.
T: +1 310 783 5075
F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>
www.sakuraus.com<http://www.sakuraus.com>
[cid:image002.png@01D35D7D.179A7510]
[cid:image003.png@01D35D7D.179A7510]
________________________________
Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.
From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user
Instead of
useradd -p `openssl passwd test` sakura
which attempts to add the user and set the password which fails if the user already exists, use
usermod -p `openssl passwd test` sakura
which sets the user's password.
:rjs
On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.
I had been using the extrausers class in my top level image recipe.
So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
The ! for the password in /etc/shadow indicates that the account is disabled:
sakura:!:18031:0:99999:7:::
Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.
:rjs
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
1st, yes I inherit extrausers. Attached are the passwd & shadow files.
It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
[-- Attachment #2: Type: text/html, Size: 31462 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-22 20:28 ` Greg Wilson-Lindberg
@ 2019-05-23 20:40 ` Rudolf Streif
2019-05-23 21:44 ` Leon Woestenberg
2019-05-24 2:11 ` Khem Raj
0 siblings, 2 replies; 21+ messages in thread
From: Rudolf Streif @ 2019-05-23 20:40 UTC (permalink / raw)
To: Greg Wilson-Lindberg; +Cc: Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 16677 bytes --]
Greg,
It eluded me earlier but in both instances the variable containing the
password does not seem to be expanded.
First version without the single quotes:
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
results in:
NOTE: scribe: Performing usermod with [-R
/home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
-p sakura]
and with the quotes:
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
results in:
NOTE: scribe: Performing usermod with [-R
/home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
-p '' sakura]
It looks as if the variable SAKURA_PASS is not set at all. I looked at
your scribe.bb recipe you attached earlier but I could not find any
reason why the variable is not set. Is there a chance that it is
overridden somewhere elase?
:rjs
On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:
> Rudolf,
>
> Here is the first half of the file, the whole file is over the 500k limit
> of free pastebin:
>
> https://pastebin.com/UcnKebce
>
>
> And here is the 2nd half of the file:
>
> https://pastebin.com/9117tdUU
>
>
> Greg
> ------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 22, 2019 12:42:40 PM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Greg,
> Can you share the logfile via Pastebin?
> :rjs
>
> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <
> GWilson@sakuraus.com> wrote:
>
>> Rudolf,
>>
>> Something else is happening to me. I changed to this in the image recipe:
>>
>> SAKURA_USER = "sakura"
>>
>> SAKURA_PASSWD = "Distracted"
>> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>>
>> EXTRA_USERS_PARAMS = "\
>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>> usermod -a -G sudo,dialout ${SAKURA_USER}; \
>> "
>>
>> deleting all of the commented out lines, and I get this in the log file:
>>
>>
>> ..../scribe/1.0-r0/rootfs -p '' sakura]
>>
>>
>> nothing between the single quotes. It's acting like SAKURA_PASS is not
>> defined.
>>
>> This is only happening when I'm trying the MD5 password.
>>
>>
>> Greg
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Greg,
>>
>> usermod does not work for the MD5 algorithm with the explicit password
>> hash as it contains the $ field delimiters which are interpreted by the
>> shell executing the usermod command. Use single quotes around the password
>> hash:
>>
>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>>
>> :rjs
>>
>> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>> wrote:
>>
>>> Hi Rudolf,
>>>
>>> I've had more time to work with this and I'm still having problems getting
>>> everything to work properly. I've attached the image recipe recipe that I'm
>>> using so I don't leave any thing out that may be relevant.
>>>
>>> When I build with a password that is no more more than 8 characters long
>>> and no non-alphabetic characters:
>>>
>>> SAKURA_PASSWD = "Distract"
>>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>>
>>> everything works correctly.
>>>
>>> I first tried that using the `openssl ...` form, and then I tried the
>>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>>> on the command line and making sure that I don't have any characters
>>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>>> and no special characters everything works.
>>>
>>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>>> and the log file shows the usermod being exectued correctly:
>>>
>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>>>
>>> But when I try to sign in it doesn't work.
>>>
>>> I then tried the 10 character password 'Distracted', the build fails:
>>>
>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>>> Usage: usermod [options] LOGIN
>>>
>>> Options:
>>> -c, --comment COMMENT new value of the GECOS field
>>> -d, --home HOME_DIR new home directory for the user account
>>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
>>> -f, --inactive INACTIVE set password inactive after expiration
>>> to INACTIVE
>>> -g, --gid GROUP force use GROUP as new primary group
>>> -G, --groups GROUPS new list of supplementary GROUPS
>>> -a, --append append the user to the supplemental GROUPS
>>> mentioned by the -G option without removing
>>> him/her from other groups
>>> -h, --help display this help message and exit
>>> -l, --login NEW_LOGIN new value of the login name
>>> -L, --lock lock the user account
>>> -m, --move-home move contents of the home directory to the
>>> new location (use only with -d)
>>> -o, --non-unique allow using duplicate (non-unique) UID
>>> -p, --password PASSWORD use encrypted password for the new password
>>> -P, --clear-password PASSWORD use clear password for the new password
>>> -R, --root CHROOT_DIR directory to chroot into
>>> -s, --shell SHELL new login shell for the user account
>>> -u, --uid UID new UID for the user account
>>> -U, --unlock unlock the user account
>>> -v, --add-subuids FIRST-LAST add range of subordinate uids
>>> -V, --del-subuids FIRST-LAST remove range of subordinate uids
>>> -w, --add-subgids FIRST-LAST add range of subordinate gids
>>> -W, --del-subgids FIRST-LAST remove range of subordinate gids
>>>
>>> ERROR: scribe: usermod command did not succeed.
>>>
>>> So, even though I'm putting in the openssl output:
>>> openssl passwd -1 "Distracted"
>>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>>
>>> that I get back from what should be a valid run of openssl, I don't see anything
>>> from the password on the usermod command line:
>>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>>
>>> I don't understand why the short passwords and passing along the proper hash works,
>>> but not the longer password.
>>>
>>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>>> have them work.
>>>
>>> Any suggestions would be greatly appreciated.
>>>
>>> Greg
>>>
>>> ------------------------------
>>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>>> *To:* Greg Wilson-Lindberg
>>> *Cc:* Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>> Glad to hear that it works now. I am planning on attending the YP
>>> DevDay.
>>>
>>> :rjs
>>>
>>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>>> wrote:
>>>
>>>> Thank you very much, that got me back on the right path.
>>>>
>>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>>
>>>> Regards,
>>>>
>>>> [image: cid:image001.png@01D35D7D.179A7510]
>>>>
>>>> *Greg Wilson-Lindberg *
>>>>
>>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. *
>>>>
>>>>
>>>>
>>>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>>>>
>>>> T: +1 310 783 5075
>>>>
>>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>>>
>>>> www.sakuraus.com
>>>>
>>>>
>>>>
>>>> [image: cid:image002.png@01D35D7D.179A7510]
>>>>
>>>> [image: cid:image003.png@01D35D7D.179A7510]
>>>> ------------------------------
>>>>
>>>> Confidentiality Notice: This e-mail transmission may contain
>>>> confidential or legally privileged information that is intended only for
>>>> the individual or entity named in the e-mail address. If you are not the
>>>> intended recipient, you are hereby notified that any disclosure, copying,
>>>> distribution, or reliance upon the contents of this e-mail is strictly
>>>> prohibited. If you have received this e-mail transmission in error, please
>>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>>> proper delivery, and then please delete the message from your inbox. Thank
>>>> you.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list
>>>> discussion <yocto@yoctoproject.org>
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> Instead of
>>>>
>>>>
>>>>
>>>> useradd -p `openssl passwd test` sakura
>>>>
>>>>
>>>>
>>>> which attempts to add the user and set the password which fails if the
>>>> user already exists, use
>>>>
>>>>
>>>>
>>>> usermod -p `openssl passwd test` sakura
>>>>
>>>>
>>>>
>>>> which sets the user's password.
>>>>
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>>
>>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>>
>>>> Ok, I had been using the useradd class in a couple of other recipes to
>>>> allow me to copy files to the sakura user directory and another location,
>>>> but owned by sakura. That seems to have been what was causing the problem.
>>>>
>>>>
>>>>
>>>> I had been using the extrausers class in my top level image recipe.
>>>>
>>>>
>>>> So now how do I get all of this to work together? Do I need to put
>>>> everything that touches the sakura user in the same recipe? It seems that I
>>>> need to use only one of the useradd or extrausers classes?
>>>>
>>>>
>>>>
>>>> Greg
>>>> ------------------------------
>>>>
>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>> <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> The ! for the password in /etc/shadow indicates that the account is
>>>> disabled:
>>>>
>>>> sakura:!:18031:0:99999:7:::
>>>>
>>>>
>>>>
>>>> Either there is something wrong with the password generation or it gets
>>>> disabled by something else. Maybe it's worth trying with a plain image
>>>> without Boot2Qt or anything else.
>>>>
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>>
>>>> Hi Rudolf,
>>>>
>>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>>
>>>>
>>>>
>>>> It shouldn't make any difference, but I'm building this for an RPi3
>>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>>
>>>>
>>>>
>>>> Greg
>>>> ------------------------------
>>>>
>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>> <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> Hi Greg,
>>>>
>>>>
>>>>
>>>> > I've also tried both the back-quote and the single-quote, no
>>>> difference.
>>>>
>>>>
>>>>
>>>> Help me to understand this. the back-quotes are the right ones. If you
>>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>>> passwd test' (without the quotes), unless the build fails because of a
>>>> parsing error (I have not tried it). Silly question, you did inherit
>>>> extrausers class?
>>>>
>>>>
>>>>
>>>> Can you post your /etc/passwd and /etc/shadow
>>>>
>>>>
>>>>
>>>> I am surprised that this does not work with your setup. I have been
>>>> doing this a gazillion times always with success.
>>>>
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>>
>>>> Hi Rudolf,
>>>>
>>>> Thanks for the reply, and the information on how openssl works.
>>>>
>>>>
>>>>
>>>> I'm trying to create a user with the same group name so the code that
>>>> I'm using reduces to:
>>>>
>>>> EXTRA_USERS_PARAMS = "\
>>>>
>>>> useradd -p `openssl passwd test` sakura; \
>>>>
>>>> usermod -a -G sudo ${SAKURA_USER}; \
>>>>
>>>> "
>>>>
>>>> I also, as you can see, removed the macros to eliminate as much
>>>> confusion as possible.
>>>>
>>>>
>>>>
>>>> I still can't login in using the password 'test'.
>>>>
>>>>
>>>>
>>>> I've also tried both the back-quote and the single-quote, no difference.
>>>>
>>>> Regards,
>>>>
>>>>
>>>>
>>>> Greg
>>>> ------------------------------
>>>>
>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>> <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> Hi Greg,
>>>>
>>>> Well, I suppose I wrote the book you are referring to...
>>>>
>>>>
>>>> Using
>>>>
>>>> useradd -p PASSWORD USER
>>>>
>>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>>
>>>> useadd -p `openssl passwd PASSWORD` USER
>>>>
>>>> openssl password creates the password hash using the original crypt
>>>> hash
>>>> algorithm if no other options are specified. e.g.
>>>>
>>>> $ openssl passwd hello
>>>> 6hEsTksgRkeiI
>>>>
>>>> With this the first two characters of the output is the salt and the
>>>> rest is the password hash. If you want openssl to create the same
>>>> result
>>>> again:
>>>>
>>>> $ openssl passwd -salt "6h" hello
>>>> 6hEsTksgRkeiI
>>>>
>>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>>
>>>> $ openssl passwd -1 hello
>>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>>
>>>> $1 : password algorithm 1
>>>> $4Mu8Fcs. : salt
>>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>>
>>>>
>>>> If you log into the system you have to use the clear password. The
>>>> system reads the salt, creates the password hash and compares the
>>>> results.
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>>> >
>>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>>> >
>>>> > uses openssl to generate the encrypted password string to pass to
>>>> useradd. I have never been able to get this to work. When I run the openssl
>>>> > command on the cmd line I get a different value every time, this
>>>> seems wrong, How can the password code compare against it if every encode
>>>> > produces a different value?
>>>> >
>>>> > I am getting the user added to the system, the home directory shows
>>>> up and the user is in the passwd and group files. I just can't login to the
>>>> > account.
>>>> >
>>>> > I've obviously got something confused, any help would be appreciated.
>>>> >
>>>> > Greg Wilson-Lindberg
>>>> >
>>>>
>>>> --
>>>> -----
>>>> Rudolf J Streif
>>>> CEO/CTO ibeeto
>>>> +1.855.442.3396 x700
>>>>
>>>> --
>>>>
>>>> -----
>>>>
>>>> Rudolf J Streif
>>>>
>>>> CEO/CTO ibeeto
>>>>
>>>> +1.855.442.3396 x700
>>>>
>>>> --
>>>>
>>>> -----
>>>>
>>>> Rudolf J Streif
>>>>
>>>> CEO/CTO ibeeto
>>>>
>>>> +1.855.442.3396 x700
>>>>
>>>> --
>>>>
>>>> -----
>>>>
>>>> Rudolf J Streif
>>>>
>>>> CEO/CTO ibeeto
>>>>
>>>> +1.855.442.3396 x700
>>>>
>>>>
>
> --
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
>
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
[-- Attachment #2: Type: text/html, Size: 36707 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-23 20:40 ` Rudolf Streif
@ 2019-05-23 21:44 ` Leon Woestenberg
2019-05-23 22:43 ` Greg Wilson-Lindberg
2019-05-24 2:11 ` Khem Raj
1 sibling, 1 reply; 21+ messages in thread
From: Leon Woestenberg @ 2019-05-23 21:44 UTC (permalink / raw)
To: Rudolf Streif; +Cc: Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 17941 bytes --]
Hello Rudolf, Greg,
On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.streif@ibeeto.com>
wrote:
>
> It eluded me earlier but in both instances the variable containing the
> password does not seem to be expanded.
>
Could it be the spaces around the = equal sign must be removed?
https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts
Regards, Leon
> First version without the single quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
> results in:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>
> and with the quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
> results in:
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
>
> It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase?
>
> :rjs
>
>
> On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com>
> wrote:
>
>> Rudolf,
>>
>> Here is the first half of the file, the whole file is over the 500k
>> limit of free pastebin:
>>
>> https://pastebin.com/UcnKebce
>>
>>
>> And here is the 2nd half of the file:
>>
>> https://pastebin.com/9117tdUU
>>
>>
>> Greg
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 22, 2019 12:42:40 PM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Greg,
>> Can you share the logfile via Pastebin?
>> :rjs
>>
>> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <
>> GWilson@sakuraus.com> wrote:
>>
>>> Rudolf,
>>>
>>> Something else is happening to me. I changed to this in the image recipe:
>>>
>>> SAKURA_USER = "sakura"
>>>
>>> SAKURA_PASSWD = "Distracted"
>>> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>>>
>>> EXTRA_USERS_PARAMS = "\
>>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>>> usermod -a -G sudo,dialout ${SAKURA_USER}; \
>>> "
>>>
>>> deleting all of the commented out lines, and I get this in the log file:
>>>
>>>
>>> ..../scribe/1.0-r0/rootfs -p '' sakura]
>>>
>>>
>>> nothing between the single quotes. It's acting like SAKURA_PASS is not
>>> defined.
>>>
>>> This is only happening when I'm trying the MD5 password.
>>>
>>>
>>> Greg
>>> ------------------------------
>>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>>> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
>>> *To:* Greg Wilson-Lindberg
>>> *Cc:* Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>> Greg,
>>>
>>> usermod does not work for the MD5 algorithm with the explicit password
>>> hash as it contains the $ field delimiters which are interpreted by the
>>> shell executing the usermod command. Use single quotes around the password
>>> hash:
>>>
>>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>>>
>>> :rjs
>>>
>>> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>>> wrote:
>>>
>>>> Hi Rudolf,
>>>>
>>>> I've had more time to work with this and I'm still having problems getting
>>>> everything to work properly. I've attached the image recipe recipe that I'm
>>>> using so I don't leave any thing out that may be relevant.
>>>>
>>>> When I build with a password that is no more more than 8 characters long
>>>> and no non-alphabetic characters:
>>>>
>>>> SAKURA_PASSWD = "Distract"
>>>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>>>
>>>> everything works correctly.
>>>>
>>>> I first tried that using the `openssl ...` form, and then I tried the
>>>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>>>> on the command line and making sure that I don't have any characters
>>>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>>>> and no special characters everything works.
>>>>
>>>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>>>> and the log file shows the usermod being exectued correctly:
>>>>
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>>>>
>>>> But when I try to sign in it doesn't work.
>>>>
>>>> I then tried the 10 character password 'Distracted', the build fails:
>>>>
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>>>> Usage: usermod [options] LOGIN
>>>>
>>>> Options:
>>>> -c, --comment COMMENT new value of the GECOS field
>>>> -d, --home HOME_DIR new home directory for the user account
>>>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
>>>> -f, --inactive INACTIVE set password inactive after expiration
>>>> to INACTIVE
>>>> -g, --gid GROUP force use GROUP as new primary group
>>>> -G, --groups GROUPS new list of supplementary GROUPS
>>>> -a, --append append the user to the supplemental GROUPS
>>>> mentioned by the -G option without removing
>>>> him/her from other groups
>>>> -h, --help display this help message and exit
>>>> -l, --login NEW_LOGIN new value of the login name
>>>> -L, --lock lock the user account
>>>> -m, --move-home move contents of the home directory to the
>>>> new location (use only with -d)
>>>> -o, --non-unique allow using duplicate (non-unique) UID
>>>> -p, --password PASSWORD use encrypted password for the new password
>>>> -P, --clear-password PASSWORD use clear password for the new password
>>>> -R, --root CHROOT_DIR directory to chroot into
>>>> -s, --shell SHELL new login shell for the user account
>>>> -u, --uid UID new UID for the user account
>>>> -U, --unlock unlock the user account
>>>> -v, --add-subuids FIRST-LAST add range of subordinate uids
>>>> -V, --del-subuids FIRST-LAST remove range of subordinate uids
>>>> -w, --add-subgids FIRST-LAST add range of subordinate gids
>>>> -W, --del-subgids FIRST-LAST remove range of subordinate gids
>>>>
>>>> ERROR: scribe: usermod command did not succeed.
>>>>
>>>> So, even though I'm putting in the openssl output:
>>>> openssl passwd -1 "Distracted"
>>>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>>>
>>>> that I get back from what should be a valid run of openssl, I don't see anything
>>>> from the password on the usermod command line:
>>>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>>>
>>>> I don't understand why the short passwords and passing along the proper hash works,
>>>> but not the longer password.
>>>>
>>>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>>>> have them work.
>>>>
>>>> Any suggestions would be greatly appreciated.
>>>>
>>>> Greg
>>>>
>>>> ------------------------------
>>>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>>>> *To:* Greg Wilson-Lindberg
>>>> *Cc:* Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>> Glad to hear that it works now. I am planning on attending the YP
>>>> DevDay.
>>>>
>>>> :rjs
>>>>
>>>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>>>> wrote:
>>>>
>>>>> Thank you very much, that got me back on the right path.
>>>>>
>>>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>>>
>>>>> Regards,
>>>>>
>>>>> [image: cid:image001.png@01D35D7D.179A7510]
>>>>>
>>>>> *Greg Wilson-Lindberg *
>>>>>
>>>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. *
>>>>>
>>>>>
>>>>>
>>>>> 1750 W 214
>>>>> <https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street
>>>>> | Torrance, CA 90501 | U.S.A.
>>>>>
>>>>> T: +1 310 783 5075
>>>>>
>>>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>>>>
>>>>> www.sakuraus.com
>>>>>
>>>>>
>>>>>
>>>>> [image: cid:image002.png@01D35D7D.179A7510]
>>>>>
>>>>> [image: cid:image003.png@01D35D7D.179A7510]
>>>>> ------------------------------
>>>>>
>>>>> Confidentiality Notice: This e-mail transmission may contain
>>>>> confidential or legally privileged information that is intended only for
>>>>> the individual or entity named in the e-mail address. If you are not the
>>>>> intended recipient, you are hereby notified that any disclosure, copying,
>>>>> distribution, or reliance upon the contents of this e-mail is strictly
>>>>> prohibited. If you have received this e-mail transmission in error, please
>>>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>>>> proper delivery, and then please delete the message from your inbox. Thank
>>>>> you.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>>>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list
>>>>> discussion <yocto@yoctoproject.org>
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Instead of
>>>>>
>>>>>
>>>>>
>>>>> useradd -p `openssl passwd test` sakura
>>>>>
>>>>>
>>>>>
>>>>> which attempts to add the user and set the password which fails if the
>>>>> user already exists, use
>>>>>
>>>>>
>>>>>
>>>>> usermod -p `openssl passwd test` sakura
>>>>>
>>>>>
>>>>>
>>>>> which sets the user's password.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Ok, I had been using the useradd class in a couple of other recipes to
>>>>> allow me to copy files to the sakura user directory and another location,
>>>>> but owned by sakura. That seems to have been what was causing the problem.
>>>>>
>>>>>
>>>>>
>>>>> I had been using the extrausers class in my top level image recipe.
>>>>>
>>>>>
>>>>> So now how do I get all of this to work together? Do I need to put
>>>>> everything that touches the sakura user in the same recipe? It seems that I
>>>>> need to use only one of the useradd or extrausers classes?
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>>> <rudolf.streif@ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> The ! for the password in /etc/shadow indicates that the account is
>>>>> disabled:
>>>>>
>>>>> sakura:!:18031:0:99999:7:::
>>>>>
>>>>>
>>>>>
>>>>> Either there is something wrong with the password generation or it
>>>>> gets disabled by something else. Maybe it's worth trying with a plain image
>>>>> without Boot2Qt or anything else.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Hi Rudolf,
>>>>>
>>>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>>>
>>>>>
>>>>>
>>>>> It shouldn't make any difference, but I'm building this for an RPi3
>>>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>>> <rudolf.streif@ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Hi Greg,
>>>>>
>>>>>
>>>>>
>>>>> > I've also tried both the back-quote and the single-quote, no
>>>>> difference.
>>>>>
>>>>>
>>>>>
>>>>> Help me to understand this. the back-quotes are the right ones. If you
>>>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>>>> passwd test' (without the quotes), unless the build fails because of a
>>>>> parsing error (I have not tried it). Silly question, you did inherit
>>>>> extrausers class?
>>>>>
>>>>>
>>>>>
>>>>> Can you post your /etc/passwd and /etc/shadow
>>>>>
>>>>>
>>>>>
>>>>> I am surprised that this does not work with your setup. I have been
>>>>> doing this a gazillion times always with success.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Hi Rudolf,
>>>>>
>>>>> Thanks for the reply, and the information on how openssl works.
>>>>>
>>>>>
>>>>>
>>>>> I'm trying to create a user with the same group name so the code that
>>>>> I'm using reduces to:
>>>>>
>>>>> EXTRA_USERS_PARAMS = "\
>>>>>
>>>>> useradd -p `openssl passwd test` sakura; \
>>>>>
>>>>> usermod -a -G sudo ${SAKURA_USER}; \
>>>>>
>>>>> "
>>>>>
>>>>> I also, as you can see, removed the macros to eliminate as much
>>>>> confusion as possible.
>>>>>
>>>>>
>>>>>
>>>>> I still can't login in using the password 'test'.
>>>>>
>>>>>
>>>>>
>>>>> I've also tried both the back-quote and the single-quote, no
>>>>> difference.
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>>> <rudolf.streif@ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Hi Greg,
>>>>>
>>>>> Well, I suppose I wrote the book you are referring to...
>>>>>
>>>>>
>>>>> Using
>>>>>
>>>>> useradd -p PASSWORD USER
>>>>>
>>>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>>>
>>>>> useadd -p `openssl passwd PASSWORD` USER
>>>>>
>>>>> openssl password creates the password hash using the original crypt
>>>>> hash
>>>>> algorithm if no other options are specified. e.g.
>>>>>
>>>>> $ openssl passwd hello
>>>>> 6hEsTksgRkeiI
>>>>>
>>>>> With this the first two characters of the output is the salt and the
>>>>> rest is the password hash. If you want openssl to create the same
>>>>> result
>>>>> again:
>>>>>
>>>>> $ openssl passwd -salt "6h" hello
>>>>> 6hEsTksgRkeiI
>>>>>
>>>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>>>
>>>>> $ openssl passwd -1 hello
>>>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>>>
>>>>> $1 : password algorithm 1
>>>>> $4Mu8Fcs. : salt
>>>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>>>
>>>>>
>>>>> If you log into the system you have to use the clear password. The
>>>>> system reads the salt, creates the password hash and compares the
>>>>> results.
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>>>> >
>>>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>>>> >
>>>>> > uses openssl to generate the encrypted password string to pass to
>>>>> useradd. I have never been able to get this to work. When I run the openssl
>>>>> > command on the cmd line I get a different value every time, this
>>>>> seems wrong, How can the password code compare against it if every encode
>>>>> > produces a different value?
>>>>> >
>>>>> > I am getting the user added to the system, the home directory shows
>>>>> up and the user is in the passwd and group files. I just can't login to the
>>>>> > account.
>>>>> >
>>>>> > I've obviously got something confused, any help would be appreciated.
>>>>> >
>>>>> > Greg Wilson-Lindberg
>>>>> >
>>>>>
>>>>> --
>>>>> -----
>>>>> Rudolf J Streif
>>>>> CEO/CTO ibeeto
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>>
>>
>> --
>> Rudolf J Streif
>> CEO/CTO
>> ibeeto, Streif Enterprises Inc.
>>
>
>
> --
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
> --
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
--
Leon Woestenberg
leon@sidebranch.com
T: +31 40 711 42 76
M: +31 6 472 30 372
Sidebranch
Embedded Systems
Eindhoven, The Netherlands
http://www.sidebranch.com
[-- Attachment #2: Type: text/html, Size: 39668 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-23 21:44 ` Leon Woestenberg
@ 2019-05-23 22:43 ` Greg Wilson-Lindberg
0 siblings, 0 replies; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-23 22:43 UTC (permalink / raw)
To: Leon Woestenberg, Rudolf Streif; +Cc: Yocto list discussion
[-- Attachment #1: Type: text/plain, Size: 16318 bytes --]
Hi Leon & Rudolf,
I first changed to SAKURA1_1PASS, with no change in symptoms, I then deleted the spaces, again not change.
Next I just copied the hash into the usermod line:
usermod -p '$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0' ${SAKURA_USER}; \
And again I get nothing in the output just the adjacent single quotes " '' ". Something is removing the encoded hash.
Greg
________________________________
From: Leon Woestenberg <leon@sidebranch.com>
Sent: Thursday, May 23, 2019 2:44:04 PM
To: Rudolf Streif
Cc: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hello Rudolf, Greg,
On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> wrote:
It eluded me earlier but in both instances the variable containing the password does not seem to be expanded.
Could it be the spaces around the = equal sign must be removed?
https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts
Regards, Leon
First version without the single quotes:
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
results in:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
and with the quotes:
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
results in:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb<http://scribe.bb> recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase?
:rjs
On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Rudolf,
Here is the first half of the file, the whole file is over the 500k limit of free pastebin:
https://pastebin.com/UcnKebce
And here is the 2nd half of the file:
https://pastebin.com/9117tdUU
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 22, 2019 12:42:40 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Greg,
Can you share the logfile via Pastebin?
:rjs
On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Rudolf,
Something else is happening to me. I changed to this in the image recipe:
SAKURA_USER = "sakura"
SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
EXTRA_USERS_PARAMS = "\
usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
usermod -a -G sudo,dialout ${SAKURA_USER}; \
"
deleting all of the commented out lines, and I get this in the log file:
..../scribe/1.0-r0/rootfs -p '' sakura]
nothing between the single quotes. It's acting like SAKURA_PASS is not defined.
This is only happening when I'm trying the MD5 password.
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Tuesday, May 21, 2019 5:37:23 AM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Greg,
usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash:
usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
:rjs
On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Hi Rudolf,
I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.
When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:
SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"
everything works correctly.
I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.
When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
But when I try to sign in it doesn't work.
I then tried the 10 character password 'Distracted', the build fails:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
him/her from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-P, --clear-password PASSWORD use clear password for the new password
-R, --root CHROOT_DIR directory to chroot into
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
ERROR: scribe: usermod command did not succeed.
So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
"...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.
It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.
Any suggestions would be greatly appreciated.
Greg
________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
Glad to hear that it works now. I am planning on attending the YP DevDay.
:rjs
On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,
Greg Wilson-Lindberg
Principal Firmware Engineer | Sakura Finetek USA, Inc.
1750 W 214<https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street | Torrance, CA 90501 | U.S.A.
T: +1 310 783 5075
F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>
www.sakuraus.com<http://www.sakuraus.com>
[cid:image002.png@01D35D7D.179A7510]
[cid:image003.png@01D35D7D.179A7510]
________________________________
Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.
From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user
Instead of
useradd -p `openssl passwd test` sakura
which attempts to add the user and set the password which fails if the user already exists, use
usermod -p `openssl passwd test` sakura
which sets the user's password.
:rjs
On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.
I had been using the extrausers class in my top level image recipe.
So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
The ! for the password in /etc/shadow indicates that the account is disabled:
sakura:!:18031:0:99999:7:::
Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.
:rjs
On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
1st, yes I inherit extrausers. Attached are the passwd & shadow files.
It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
> I've also tried both the back-quote and the single-quote, no difference.
Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?
Can you post your /etc/passwd and /etc/shadow
I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.
:rjs
On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
Hi Rudolf,
Thanks for the reply, and the information on how openssl works.
I'm trying to create a user with the same group name so the code that I'm using reduces to:
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd test` sakura; \
usermod -a -G sudo ${SAKURA_USER}; \
"
I also, as you can see, removed the macros to eliminate as much confusion as possible.
I still can't login in using the password 'test'.
I've also tried both the back-quote and the single-quote, no difference.
Regards,
Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
Hi Greg,
Well, I suppose I wrote the book you are referring to...
Using
useradd -p PASSWORD USER
takes the password hash for PASSWORD hence the use of openssl in:
useadd -p `openssl passwd PASSWORD` USER
openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.
$ openssl passwd hello
6hEsTksgRkeiI
With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:
$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI
You can use newer algorithms like MD5 based BSD password algorithm 1:
$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash
If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.
:rjs
On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
> useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>
https://lists.yoctoproject.org/listinfo/yocto
--
Leon Woestenberg
leon@sidebranch.com<mailto:leon@sidebranch.com>
T: +31 40 711 42 76
M: +31 6 472 30 372
Sidebranch
Embedded Systems
Eindhoven, The Netherlands
http://www.sidebranch.com<http://www.sidebranch.com/>
[http://www.sidebranch.nl/sites/default/files/images/unnamed.png]
[-- Attachment #2: Type: text/html, Size: 41516 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-23 20:40 ` Rudolf Streif
2019-05-23 21:44 ` Leon Woestenberg
@ 2019-05-24 2:11 ` Khem Raj
2019-05-24 18:45 ` Greg Wilson-Lindberg
1 sibling, 1 reply; 21+ messages in thread
From: Khem Raj @ 2019-05-24 2:11 UTC (permalink / raw)
To: Rudolf Streif, Greg Wilson-Lindberg; +Cc: Yocto list discussion
On 5/23/19 1:40 PM, Rudolf Streif wrote:
> Greg,
>
> It eluded me earlier but in both instances the variable containing the
> password does not seem to be expanded.
>
> First version without the single quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
> results in:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>
> and with the quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
> results in:
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
>
> It looks as if the variable SAKURA_PASS is not set at all. I looked at
> your scribe.bb <http://scribe.bb> recipe you attached earlier but I
> could not find any reason why the variable is not set. Is there a chance
> that it is overridden somewhere elase?
>
This is correct with one small nit that we need to escape some
characters which has special meaning for shell. e.g. $
e.g. in local.conf something like below
INHERIT += "extrausers"
EXTRA_USERS_PARAMS += "\
useradd sakura; \
usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \
"
might work as you expect.
> :rjs
>
>
> On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg
> <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
>
> Rudolf,
>
> Here is the first half of the file, the whole file is over the 500k
> limit of free pastebin:
>
> https://pastebin.com/UcnKebce
>
>
> And here is the 2nd half of the file:
>
> https://pastebin.com/9117tdUU
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> <mailto:rudolf.streif@ibeeto.com>>
> *Sent:* Wednesday, May 22, 2019 12:42:40 PM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
> Greg,
> Can you share the logfile via Pastebin?
> :rjs
>
> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg
> <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
>
> Rudolf,
>
> Something else is happening to me. I changed to this in the
> image recipe:
>
> SAKURA_USER = "sakura"
>
> SAKURA_PASSWD = "Distracted"
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
>
> deleting all of the commented out lines, and I get this in the
> log file:
>
>
> ..../scribe/1.0-r0/rootfs -p '' sakura]
>
>
> nothing between the single quotes. It's acting like SAKURA_PASS
> is not defined.
>
> This is only happening when I'm trying the MD5 password.
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> <mailto:rudolf.streif@ibeeto.com>>
> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
> Greg,
>
> usermod does not work for the MD5 algorithm with the explicit
> password hash as it contains the $ field delimiters which are
> interpreted by the shell executing the usermod command. Use
> single quotes around the password hash:
>
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>
> :rjs
>
> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg
> <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
>
> Hi Rudolf,
>
> I've had more time to work with this and I'm still having problems getting
> everything to work properly. I've attached the image recipe recipe that I'm
> using so I don't leave any thing out that may be relevant.
>
> When I build with a password that is no more more than 8 characters long
> and no non-alphabetic characters:
>
> SAKURA_PASSWD = "Distract"
> SAKURA_PASS = "WRsDFfg1BsrDM"
>
> everything works correctly.
>
> I first tried that using the `openssl ...` form, and then I tried the
> -1, MD5 BSD form and had problems, so I changed to doing the openssl
> on the command line and making sure that I don't have any characters
> that display as '.' or '/'. Again, if I don't do more than 8 characters
> and no special characters everything works.
>
> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
> and the log file shows the usermod being exectued correctly:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>
> But when I try to sign in it doesn't work.
>
> I then tried the 10 character password 'Distracted', the build fails:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
> Usage: usermod [options] LOGIN
>
> Options:
> -c, --comment COMMENT new value of the GECOS field
> -d, --home HOME_DIR new home directory for the user account
> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
> -f, --inactive INACTIVE set password inactive after expiration
> to INACTIVE
> -g, --gid GROUP force use GROUP as new primary group
> -G, --groups GROUPS new list of supplementary GROUPS
> -a, --append append the user to the supplemental GROUPS
> mentioned by the -G option without removing
> him/her from other groups
> -h, --help display this help message and exit
> -l, --login NEW_LOGIN new value of the login name
> -L, --lock lock the user account
> -m, --move-home move contents of the home directory to the
> new location (use only with -d)
> -o, --non-unique allow using duplicate (non-unique) UID
> -p, --password PASSWORD use encrypted password for the new password
> -P, --clear-password PASSWORD use clear password for the new password
> -R, --root CHROOT_DIR directory to chroot into
> -s, --shell SHELL new login shell for the user account
> -u, --uid UID new UID for the user account
> -U, --unlock unlock the user account
> -v, --add-subuids FIRST-LAST add range of subordinate uids
> -V, --del-subuids FIRST-LAST remove range of subordinate uids
> -w, --add-subgids FIRST-LAST add range of subordinate gids
> -W, --del-subgids FIRST-LAST remove range of subordinate gids
>
> ERROR: scribe: usermod command did not succeed.
>
> So, even though I'm putting in the openssl output:
> openssl passwd -1 "Distracted"
> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>
> that I get back from what should be a valid run of openssl, I don't see anything
> from the password on the usermod command line:
> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>
> I don't understand why the short passwords and passing along the proper hash works,
> but not the longer password.
>
> It also doesn't make sense that I can't put in the '$' & '@' characters and
> have them work.
>
> Any suggestions would be greatly appreciated.
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> <mailto:rudolf.streif@ibeeto.com>>
> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
> Glad to hear that it works now. I am planning on attending
> the YP DevDay.
>
> :rjs
>
> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg
> <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
>
> Thank you very much, that got me back on the right path.____
>
> Maybe I'll see you at the Yocto day at the Embedded
> Linux Conference.____
>
> Regards,____
>
> cid:image001.png@01D35D7D.179A7510____
>
> *Greg Wilson-Lindberg ____*
>
> *Principal Firmware Engineer | Sakura Finetek USA, Inc.
> ____*
>
> *____*
>
> 1750 W 214^th Street | Torrance, CA 90501 | U.S.A. ____
>
> T: +1 310 783 5075 ____
>
> F: +1 310 618 6902 | E: gwilson@sakuraus.com
> <mailto:gwilson@sakuraus.com>____
>
> www.sakuraus.com <http://www.sakuraus.com>____
>
> ____
>
> cid:image002.png@01D35D7D.179A7510____
>
>
>
> cid:image003.png@01D35D7D.179A7510____
>
> ------------------------------------------------------------------------
>
> Confidentiality Notice: This e-mail transmission may
> contain confidential or legally privileged information
> that is intended only for the individual or entity named
> in the e-mail address. If you are not the intended
> recipient, you are hereby notified that any disclosure,
> copying, distribution, or reliance upon the contents of
> this e-mail is strictly prohibited. If you have received
> this e-mail transmission in error, please reply to the
> sender, so that Sakura Finetek USA, Inc. can arrange for
> proper delivery, and then please delete the message from
> your inbox. Thank you.____
>
> __ __
>
> __ __
>
> *From:*Rudolf J Streif [mailto:rudolf.streif@ibeeto.com
> <mailto:rudolf.streif@ibeeto.com>]
> *Sent:* Wednesday, May 15, 2019 01:30 PM
> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com
> <mailto:GWilson@sakuraus.com>>; Yocto list discussion
> <yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>>
> *Subject:* Re: [yocto] problem adding a user____
>
> __ __
>
> Instead of____
>
> __ __
>
> useradd -p `openssl passwd test` sakura____
>
> __ __
>
> which attempts to add the user and set the password
> which fails if the user already exists, use____
>
> __ __
>
> usermod -p `openssl passwd test` sakura____
>
> __ __
>
> which sets the user's password.____
>
> __ __
>
> :rjs____
>
> __ __
>
> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____
>
> Ok, I had been using the useradd class in a couple
> of other recipes to allow me to copy files to the
> sakura user directory and another location, but
> owned by sakura. That seems to have been what was
> causing the problem.____
>
> __ __
>
> I had been using the extrausers class in my
> top level image recipe.____
>
>
> So now how do I get all of this to work together? Do
> I need to put everything that touches the sakura
> user in the same recipe? It seems that I need to use
> only one of the useradd or extrausers classes?____
>
> __ __
>
> Greg____
>
> ------------------------------------------------------------------------
>
> *From:*Rudolf J Streif <rudolf.streif@ibeeto.com>
> <mailto:rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 12:31 PM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user____
>
> ____
>
> The ! for the password in /etc/shadow indicates that
> the account is disabled:____
>
> sakura:!:18031:0:99999:7:::____
>
> __ __
>
> Either there is something wrong with the password
> generation or it gets disabled by something else.
> Maybe it's worth trying with a plain image without
> Boot2Qt or anything else.____
>
> __ __
>
> :rjs____
>
> __ __
>
> __ __
>
> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:____
>
> Hi Rudolf,____
>
> 1st, yes I inherit extrausers. Attached are the
> passwd & shadow files.____
>
> __ __
>
> It shouldn't make any difference, but I'm
> building this for an RPi3 using the Qt Boot2Qt
> version of the Yocto environment, distro 2.5.3.____
>
> __ __
>
> Greg____
>
> ------------------------------------------------------------------------
>
> *From:*Rudolf J Streif
> <rudolf.streif@ibeeto.com>
> <mailto:rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 11:26 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user____
>
> ____
>
> Hi Greg,____
>
> __ __
>
> > I've also tried both the back-quote and the single-quote, no difference.____
>
> __ __
>
> Help me to understand this. the back-quotes are
> the right ones. If you use the single ones your
> password in the /etc/shadow ends up being
> 'openssl passwd test' (without the quotes),
> unless the build fails because of a parsing
> error (I have not tried it). Silly question, you
> did inherit extrausers class?____
>
> __ __
>
> Can you post your /etc/passwd and /etc/shadow____
>
> __ __
>
> I am surprised that this does not work with your
> setup. I have been doing this a gazillion times
> always with success.____
>
> __ __
>
> :rjs____
>
> __ __
>
> __ __
>
> __ __
>
> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:____
>
> Hi Rudolf,____
>
> Thanks for the reply, and the information on
> how openssl works.____
>
> __ __
>
> I'm trying to create a user with the same
> group name so the code that I'm using
> reduces to:____
>
> EXTRA_USERS_PARAMS = "\____
>
> useradd -p `openssl passwd test` sakura; \____
>
> usermod -a -G sudo ${SAKURA_USER}; \____
>
> "____
>
> I also, as you can see, removed the macros
> to eliminate as much confusion as possible. ____
>
> __ __
>
> I still can't login in using
> the password 'test'.____
>
> __ __
>
> I've also tried both the back-quote and the
> single-quote, no difference.____
>
> Regards,____
>
> __ __
>
> Greg____
>
> ------------------------------------------------------------------------
>
> *From:*Rudolf J Streif
> <rudolf.streif@ibeeto.com>
> <mailto:rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
> *To:* Greg Wilson-Lindberg; Yocto list
> discussion
> *Subject:* Re: [yocto] problem adding a user____
>
> ____
>
> Hi Greg,
>
> Well, I suppose I wrote the book you are
> referring to...
>
>
> Using
>
> useradd -p PASSWORD USER
>
> takes the password hash for PASSWORD hence
> the use of openssl in:
>
> useadd -p `openssl passwd PASSWORD` USER
>
> openssl password creates the password hash
> using the original crypt hash
> algorithm if no other options are specified.
> e.g.
>
> $ openssl passwd hello
> 6hEsTksgRkeiI
>
> With this the first two characters of the
> output is the salt and the
> rest is the password hash. If you want
> openssl to create the same result
> again:
>
> $ openssl passwd -salt "6h" hello
> 6hEsTksgRkeiI
>
> You can use newer algorithms like MD5 based
> BSD password algorithm 1:
>
> $ openssl passwd -1 hello
> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>
> $1 : password algorithm 1
> $4Mu8Fcs. : salt
> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>
>
> If you log into the system you have to use
> the clear password. The
> system reads the salt, creates the password
> hash and compares the results.
>
>
> :rjs
>
>
> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
> >
> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
> >
> > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> > produces a different value?
> >
> > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> > account.
> >
> > I've obviously got something confused, any help would be appreciated.
> >
> > Greg Wilson-Lindberg
> >
>
> --
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700____
>
> -- ____
>
> -----____
>
> Rudolf J Streif____
>
> CEO/CTO ibeeto____
>
> +1.855.442.3396 x700____
>
> -- ____
>
> -----____
>
> Rudolf J Streif____
>
> CEO/CTO ibeeto____
>
> +1.855.442.3396 x700____
>
> -- ____
>
> -----____
>
> Rudolf J Streif____
>
> CEO/CTO ibeeto____
>
> +1.855.442.3396 x700____
>
>
>
> --
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
>
>
>
> --
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
>
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user
2019-05-24 2:11 ` Khem Raj
@ 2019-05-24 18:45 ` Greg Wilson-Lindberg
0 siblings, 0 replies; 21+ messages in thread
From: Greg Wilson-Lindberg @ 2019-05-24 18:45 UTC (permalink / raw)
To: Khem Raj, Rudolf Streif; +Cc: Yocto list discussion
Hi Khem,
> -----Original Message-----
> From: Khem Raj [mailto:raj.khem@gmail.com]
> Sent: Thursday, May 23, 2019 07:11 PM
> To: Rudolf Streif <rudolf.streif@ibeeto.com>; Greg Wilson-Lindberg
> <GWilson@sakuraus.com>
> Cc: Yocto list discussion <yocto@yoctoproject.org>
> Subject: Re: [yocto] problem adding a user
>
>
>
> On 5/23/19 1:40 PM, Rudolf Streif wrote:
> > Greg,
> >
> > It eluded me earlier but in both instances the variable containing the
> > password does not seem to be expanded.
> >
> > First version without the single quotes:
> >
> > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> >
> > EXTRA_USERS_PARAMS = "\
> > usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
> > usermod -a -G sudo,dialout ${SAKURA_USER}; \
> > "
> > results in:
> >
> > NOTE: scribe: Performing usermod with [-R
> > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor
> > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
> >
> > and with the quotes:
> >
> > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> >
> > EXTRA_USERS_PARAMS = "\
> > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> > usermod -a -G sudo,dialout ${SAKURA_USER}; \
> > "
> > results in:
> > NOTE: scribe: Performing usermod with [-R
> > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor
> > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
> >
> > It looks as if the variable SAKURA_PASS is not set at all. I looked at
> > your scribe.bb <http://scribe.bb> recipe you attached earlier but I
> > could not find any reason why the variable is not set. Is there a
> > chance that it is overridden somewhere elase?
> >
>
>
> This is correct with one small nit that we need to escape some characters which has
> special meaning for shell. e.g. $
>
> e.g. in local.conf something like below
>
> INHERIT += "extrausers"
>
> EXTRA_USERS_PARAMS += "\
> useradd sakura; \
> usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \ "
>
> might work as you expect.
This does leave the hash in the usermod command line finally.
So it is possible to pass MD5 hashes through if the '$' are escaped. I can't use non-alphabetic
characters, i.e replace 's' with '$', and 'a' with '@', I can't login with those changes. But MD5 hashes
of alphabetic only passwords work for the cases that I have tested. I can also pass the escaped
hash in to usermod as a macro.
It looks like I've got something that I can work with.
Thanks to all for the help that you have so kindly given,
Greg
>
> > :rjs
> >
> >
> > On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg
> > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> > Rudolf,
> >
> > Here is the first half of the file, the whole file is over the 500k
> > limit of free pastebin:
> >
> > https://pastebin.com/UcnKebce
> >
> >
> > And here is the 2nd half of the file:
> >
> > https://pastebin.com/9117tdUU
> >
> >
> > Greg
> >
> > ------------------------------------------------------------------------
> > *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> > <mailto:rudolf.streif@ibeeto.com>>
> > *Sent:* Wednesday, May 22, 2019 12:42:40 PM
> > *To:* Greg Wilson-Lindberg
> > *Cc:* Yocto list discussion
> > *Subject:* Re: [yocto] problem adding a user
> > Greg,
> > Can you share the logfile via Pastebin?
> > :rjs
> >
> > On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg
> > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> > Rudolf,
> >
> > Something else is happening to me. I changed to this in the
> > image recipe:
> >
> > SAKURA_USER = "sakura"
> >
> > SAKURA_PASSWD = "Distracted"
> > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> >
> > EXTRA_USERS_PARAMS = "\
> > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> > usermod -a -G sudo,dialout ${SAKURA_USER}; \
> > "
> >
> > deleting all of the commented out lines, and I get this in the
> > log file:
> >
> >
> > ..../scribe/1.0-r0/rootfs -p '' sakura]
> >
> >
> > nothing between the single quotes. It's acting like SAKURA_PASS
> > is not defined.
> >
> > This is only happening when I'm trying the MD5 password.
> >
> >
> > Greg
> >
> > ------------------------------------------------------------------------
> > *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> > <mailto:rudolf.streif@ibeeto.com>>
> > *Sent:* Tuesday, May 21, 2019 5:37:23 AM
> > *To:* Greg Wilson-Lindberg
> > *Cc:* Yocto list discussion
> > *Subject:* Re: [yocto] problem adding a user
> > Greg,
> >
> > usermod does not work for the MD5 algorithm with the explicit
> > password hash as it contains the $ field delimiters which are
> > interpreted by the shell executing the usermod command. Use
> > single quotes around the password hash:
> >
> > usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
> >
> > :rjs
> >
> > On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg
> > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> > Hi Rudolf,
> >
> > I've had more time to work with this and I'm still having problems getting
> > everything to work properly. I've attached the image recipe recipe that I'm
> > using so I don't leave any thing out that may be relevant.
> >
> > When I build with a password that is no more more than 8 characters long
> > and no non-alphabetic characters:
> >
> > SAKURA_PASSWD = "Distract"
> > SAKURA_PASS = "WRsDFfg1BsrDM"
> >
> > everything works correctly.
> >
> > I first tried that using the `openssl ...` form, and then I tried the
> > -1, MD5 BSD form and had problems, so I changed to doing the openssl
> > on the command line and making sure that I don't have any characters
> > that display as '.' or '/'. Again, if I don't do more than 8 characters
> > and no special characters everything works.
> >
> > When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
> > and the log file shows the usermod being exectued correctly:
> >
> > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-
> 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-
> gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
> > NOTE: scribe: Performing usermod with [-R
> > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor
> > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G
> > sudo,dialout sakura]
> >
> > But when I try to sign in it doesn't work.
> >
> > I then tried the 10 character password 'Distracted', the build fails:
> >
> > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-
> 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-
> gnueabi/scribe/1.0-r0/rootfs -p sakura]
> > Usage: usermod [options] LOGIN
> >
> > Options:
> > -c, --comment COMMENT new value of the GECOS field
> > -d, --home HOME_DIR new home directory for the user account
> > -e, --expiredate EXPIRE_DATE set account expiration date to
> EXPIRE_DATE
> > -f, --inactive INACTIVE set password inactive after expiration
> > to INACTIVE
> > -g, --gid GROUP force use GROUP as new primary group
> > -G, --groups GROUPS new list of supplementary GROUPS
> > -a, --append append the user to the supplemental GROUPS
> > mentioned by the -G option without removing
> > him/her from other groups
> > -h, --help display this help message and exit
> > -l, --login NEW_LOGIN new value of the login name
> > -L, --lock lock the user account
> > -m, --move-home move contents of the home directory to the
> > new location (use only with -d)
> > -o, --non-unique allow using duplicate (non-unique) UID
> > -p, --password PASSWORD use encrypted password for the new
> password
> > -P, --clear-password PASSWORD use clear password for the new
> password
> > -R, --root CHROOT_DIR directory to chroot into
> > -s, --shell SHELL new login shell for the user account
> > -u, --uid UID new UID for the user account
> > -U, --unlock unlock the user account
> > -v, --add-subuids FIRST-LAST add range of subordinate uids
> > -V, --del-subuids FIRST-LAST remove range of subordinate uids
> > -w, --add-subgids FIRST-LAST add range of subordinate gids
> > -W, --del-subgids FIRST-LAST remove range of
> > subordinate gids
> >
> > ERROR: scribe: usermod command did not succeed.
> >
> > So, even though I'm putting in the openssl output:
> > openssl passwd -1 "Distracted"
> > $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
> >
> > that I get back from what should be a valid run of openssl, I don't see
> anything
> > from the password on the usermod command line:
> > "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
> >
> > I don't understand why the short passwords and passing along the proper
> hash works,
> > but not the longer password.
> >
> > It also doesn't make sense that I can't put in the '$' & '@' characters and
> > have them work.
> >
> > Any suggestions would be greatly appreciated.
> >
> > Greg
> >
> > ------------------------------------------------------------------------
> > *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> > <mailto:rudolf.streif@ibeeto.com>>
> > *Sent:* Wednesday, May 15, 2019 4:58:26 PM
> > *To:* Greg Wilson-Lindberg
> > *Cc:* Yocto list discussion
> > *Subject:* Re: [yocto] problem adding a user
> > Glad to hear that it works now. I am planning on attending
> > the YP DevDay.
> >
> > :rjs
> >
> > On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg
> > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> > Thank you very much, that got me back on the right
> > path.____
> >
> > Maybe I'll see you at the Yocto day at the Embedded
> > Linux Conference.____
> >
> > Regards,____
> >
> > cid:image001.png@01D35D7D.179A7510____
> >
> > *Greg Wilson-Lindberg ____*
> >
> > *Principal Firmware Engineer | Sakura Finetek USA, Inc.
> > ____*
> >
> > *____*
> >
> > 1750 W 214^th Street | Torrance, CA 90501 | U.S.A.
> > ____
> >
> > T: +1 310 783 5075 ____
> >
> > F: +1 310 618 6902 | E: gwilson@sakuraus.com
> > <mailto:gwilson@sakuraus.com>____
> >
> > www.sakuraus.com <http://www.sakuraus.com>____
> >
> > ____
> >
> > cid:image002.png@01D35D7D.179A7510____
> >
> >
> >
> > cid:image003.png@01D35D7D.179A7510____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> > Confidentiality Notice: This e-mail transmission may
> > contain confidential or legally privileged information
> > that is intended only for the individual or entity named
> > in the e-mail address. If you are not the intended
> > recipient, you are hereby notified that any disclosure,
> > copying, distribution, or reliance upon the contents of
> > this e-mail is strictly prohibited. If you have received
> > this e-mail transmission in error, please reply to the
> > sender, so that Sakura Finetek USA, Inc. can arrange for
> > proper delivery, and then please delete the message from
> > your inbox. Thank you.____
> >
> > __ __
> >
> > __ __
> >
> > *From:*Rudolf J Streif [mailto:rudolf.streif@ibeeto.com
> > <mailto:rudolf.streif@ibeeto.com>]
> > *Sent:* Wednesday, May 15, 2019 01:30 PM
> > *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com
> > <mailto:GWilson@sakuraus.com>>; Yocto list discussion
> > <yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>>
> > *Subject:* Re: [yocto] problem adding a user____
> >
> > __ __
> >
> > Instead of____
> >
> > __ __
> >
> > useradd -p `openssl passwd test` sakura____
> >
> > __ __
> >
> > which attempts to add the user and set the password
> > which fails if the user already exists, use____
> >
> > __ __
> >
> > usermod -p `openssl passwd test` sakura____
> >
> > __ __
> >
> > which sets the user's password.____
> >
> > __ __
> >
> > :rjs____
> >
> > __ __
> >
> > On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____
> >
> > Ok, I had been using the useradd class in a couple
> > of other recipes to allow me to copy files to the
> > sakura user directory and another location, but
> > owned by sakura. That seems to have been what was
> > causing the problem.____
> >
> > __ __
> >
> > I had been using the extrausers class in my
> > top level image recipe.____
> >
> >
> > So now how do I get all of this to work together? Do
> > I need to put everything that touches the sakura
> > user in the same recipe? It seems that I need to use
> > only one of the useradd or extrausers classes?____
> >
> > __ __
> >
> > Greg____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> > *From:*Rudolf J Streif <rudolf.streif@ibeeto.com>
> > <mailto:rudolf.streif@ibeeto.com>
> > *Sent:* Wednesday, May 15, 2019 12:31 PM
> > *To:* Greg Wilson-Lindberg; Yocto list discussion
> > *Subject:* Re: [yocto] problem adding a user____
> >
> > ____
> >
> > The ! for the password in /etc/shadow indicates that
> > the account is disabled:____
> >
> > sakura:!:18031:0:99999:7:::____
> >
> > __ __
> >
> > Either there is something wrong with the password
> > generation or it gets disabled by something else.
> > Maybe it's worth trying with a plain image without
> > Boot2Qt or anything else.____
> >
> > __ __
> >
> > :rjs____
> >
> > __ __
> >
> > __ __
> >
> > On 5/15/19 11:46 AM, Greg Wilson-Lindberg
> > wrote:____
> >
> > Hi Rudolf,____
> >
> > 1st, yes I inherit extrausers. Attached are the
> > passwd & shadow files.____
> >
> > __ __
> >
> > It shouldn't make any difference, but I'm
> > building this for an RPi3 using the Qt Boot2Qt
> > version of the Yocto environment, distro
> > 2.5.3.____
> >
> > __ __
> >
> > Greg____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> > *From:*Rudolf J Streif
> > <rudolf.streif@ibeeto.com>
> > <mailto:rudolf.streif@ibeeto.com>
> > *Sent:* Wednesday, May 15, 2019 11:26 AM
> > *To:* Greg Wilson-Lindberg; Yocto list discussion
> > *Subject:* Re: [yocto] problem adding a
> > user____
> >
> > ____
> >
> > Hi Greg,____
> >
> > __ __
> >
> > > I've also tried both the back-quote and the
> > single-quote, no difference.____
> >
> > __ __
> >
> > Help me to understand this. the back-quotes are
> > the right ones. If you use the single ones your
> > password in the /etc/shadow ends up being
> > 'openssl passwd test' (without the quotes),
> > unless the build fails because of a parsing
> > error (I have not tried it). Silly question, you
> > did inherit extrausers class?____
> >
> > __ __
> >
> > Can you post your /etc/passwd and
> > /etc/shadow____
> >
> > __ __
> >
> > I am surprised that this does not work with your
> > setup. I have been doing this a gazillion times
> > always with success.____
> >
> > __ __
> >
> > :rjs____
> >
> > __ __
> >
> > __ __
> >
> > __ __
> >
> > On 5/15/19 11:03 AM, Greg Wilson-Lindberg
> > wrote:____
> >
> > Hi Rudolf,____
> >
> > Thanks for the reply, and the information on
> > how openssl works.____
> >
> > __ __
> >
> > I'm trying to create a user with the same
> > group name so the code that I'm using
> > reduces to:____
> >
> > EXTRA_USERS_PARAMS = "\____
> >
> > useradd -p `openssl passwd test`
> > sakura; \____
> >
> > usermod -a -G sudo ${SAKURA_USER};
> > \____
> >
> > "____
> >
> > I also, as you can see, removed the macros
> > to eliminate as much confusion as
> > possible. ____
> >
> > __ __
> >
> > I still can't login in using
> > the password 'test'.____
> >
> > __ __
> >
> > I've also tried both the back-quote and the
> > single-quote, no difference.____
> >
> > Regards,____
> >
> > __ __
> >
> > Greg____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> > *From:*Rudolf J Streif
> > <rudolf.streif@ibeeto.com>
> > <mailto:rudolf.streif@ibeeto.com>
> > *Sent:* Wednesday, May 15, 2019 10:07:47 AM
> > *To:* Greg Wilson-Lindberg; Yocto list
> > discussion
> > *Subject:* Re: [yocto] problem adding a
> > user____
> >
> > ____
> >
> > Hi Greg,
> >
> > Well, I suppose I wrote the book you are
> > referring to...
> >
> >
> > Using
> >
> > useradd -p PASSWORD USER
> >
> > takes the password hash for PASSWORD hence
> > the use of openssl in:
> >
> > useadd -p `openssl passwd PASSWORD` USER
> >
> > openssl password creates the password hash
> > using the original crypt hash
> > algorithm if no other options are specified.
> > e.g.
> >
> > $ openssl passwd hello
> > 6hEsTksgRkeiI
> >
> > With this the first two characters of the
> > output is the salt and the
> > rest is the password hash. If you want
> > openssl to create the same result
> > again:
> >
> > $ openssl passwd -salt "6h" hello
> > 6hEsTksgRkeiI
> >
> > You can use newer algorithms like MD5 based
> > BSD password algorithm 1:
> >
> > $ openssl passwd -1 hello
> > $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
> >
> > $1 : password algorithm 1
> > $4Mu8Fcs. : salt
> > $eIKgPP7RCYrb3lFZjhADA1 : password hash
> >
> >
> > If you log into the system you have to use
> > the clear password. The
> > system reads the salt, creates the password
> > hash and compares the results.
> >
> >
> > :rjs
> >
> >
> > On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> > > I'm trying to use the example in "Embedded Linux Systems
> with the Yocto Project" to add a user to my Yocto build. In the book the sample
> code:
> > >
> > > useradd -p `openssl passwd ${DEV_PASSWORD}`
> developer; \
> > >
> > > uses openssl to generate the encrypted password string to
> pass to useradd. I have never been able to get this to work. When I run the openssl
> > > command on the cmd line I get a different value every time,
> this seems wrong, How can the password code compare against it if every encode
> > > produces a different value?
> > >
> > > I am getting the user added to the system, the home directory
> shows up and the user is in the passwd and group files. I just can't login to the
> > > account.
> > >
> > > I've obviously got something confused, any help would be
> appreciated.
> > >
> > > Greg Wilson-Lindberg
> > >
> >
> > --
> > -----
> > Rudolf J Streif
> > CEO/CTO ibeeto
> > +1.855.442.3396 x700____
> >
> > -- ____
> >
> > -----____
> >
> > Rudolf J Streif____
> >
> > CEO/CTO ibeeto____
> >
> > +1.855.442.3396 x700____
> >
> > -- ____
> >
> > -----____
> >
> > Rudolf J Streif____
> >
> > CEO/CTO ibeeto____
> >
> > +1.855.442.3396 x700____
> >
> > -- ____
> >
> > -----____
> >
> > Rudolf J Streif____
> >
> > CEO/CTO ibeeto____
> >
> > +1.855.442.3396 x700____
> >
> >
> >
> > --
> > Rudolf J Streif
> > CEO/CTO
> > ibeeto, Streif Enterprises Inc.
> >
> >
> >
> > --
> > Rudolf J Streif
> > CEO/CTO
> > ibeeto, Streif Enterprises Inc.
> >
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2019-05-24 18:45 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-15 0:34 problem adding a user Greg Wilson-Lindberg
2019-05-15 1:28 ` ChenQi
2019-05-15 17:07 ` Rudolf J Streif
2019-05-15 18:03 ` Greg Wilson-Lindberg
2019-05-15 18:26 ` Rudolf J Streif
2019-05-15 18:46 ` Greg Wilson-Lindberg
2019-05-15 19:31 ` Rudolf J Streif
2019-05-15 20:18 ` Greg Wilson-Lindberg
2019-05-15 20:30 ` Rudolf J Streif
2019-05-15 20:53 ` Greg Wilson-Lindberg
2019-05-15 23:58 ` Rudolf Streif
2019-05-20 18:54 ` Greg Wilson-Lindberg
2019-05-21 12:37 ` Rudolf Streif
2019-05-21 18:09 ` Greg Wilson-Lindberg
2019-05-22 19:42 ` Rudolf Streif
2019-05-22 20:28 ` Greg Wilson-Lindberg
2019-05-23 20:40 ` Rudolf Streif
2019-05-23 21:44 ` Leon Woestenberg
2019-05-23 22:43 ` Greg Wilson-Lindberg
2019-05-24 2:11 ` Khem Raj
2019-05-24 18:45 ` Greg Wilson-Lindberg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.