problem adding a user

problem adding a user

[Greg Wilson-Lindberg]

I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:

   useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \

uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode 
produces a different value?

I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the 
account.

I've obviously got something confused, any help would be appreciated.

Greg Wilson-Lindberg  
 

Re: problem adding a user

[ChenQi]

On 05/15/2019 08:34 AM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>   

You could just use something like:

useradd -P 123456 developer

Best Regards,

Chen Qi

Re: problem adding a user

[Rudolf J Streif]

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash 
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the 
rest is the password hash. If you want openssl to create the same result 
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The 
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>   

-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1: Type: text/plain, Size: 2676 bytes --]

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.


I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\
    useradd -p `openssl passwd test` sakura; \
    usermod -a -G sudo ${SAKURA_USER}; \
    "


I also, as you can see, removed the macros to eliminate as much confusion as possible.


I still can't login in using the password 'test'.


I've also tried both the back-quote and the single-quote, no difference.

Regards,


Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700


[-- Attachment #2: Type: text/html, Size: 4445 bytes --]

Re: problem adding a user

[Rudolf J Streif]

[-- Attachment #1: Type: text/plain, Size: 3640 bytes --]

Hi Greg,


 > I've also tried both the back-quote and the single-quote, no difference.


Help me to understand this. the back-quotes are the right ones. If you 
use the single ones your password in the /etc/shadow ends up being 
'openssl passwd test' (without the quotes), unless the build fails 
because of a parsing error (I have not tried it). Silly question, you 
did inherit extrausers class?


Can you post your /etc/passwd and /etc/shadow


I am surprised that this does not work with your setup. I have been 
doing this a gazillion times always with success.


:rjs




On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> Thanks for the reply, and the information on how openssl works.
>
>
> I'm trying to create a user with the same group name so the code that 
> I'm using reduces to:
>
> EXTRA_USERS_PARAMS = "\
>      useradd -p `openssl passwd test` sakura; \
>      usermod -a -G sudo ${SAKURA_USER}; \
>      "
> I also, as you can see, removed the macros to eliminate as much 
> confusion as possible.
>
>
> I still can't login in using the password 'test'.
>
>
> I've also tried both the back-quote and the single-quote, no difference.
>
> Regards,
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
> Hi Greg,
>
> Well, I suppose I wrote the book you are referring to...
>
>
> Using
>
> useradd -p PASSWORD USER
>
> takes the password hash for PASSWORD hence the use of openssl in:
>
> useadd -p `openssl passwd PASSWORD` USER
>
> openssl password creates the password hash using the original crypt hash
> algorithm if no other options are specified. e.g.
>
> $ openssl passwd hello
> 6hEsTksgRkeiI
>
> With this the first two characters of the output is the salt and the
> rest is the password hash. If you want openssl to create the same result
> again:
>
> $ openssl passwd -salt "6h" hello
> 6hEsTksgRkeiI
>
> You can use newer algorithms like MD5 based BSD password algorithm 1:
>
> $ openssl passwd -1 hello
> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>
> $1 : password algorithm 1
> $4Mu8Fcs. : salt
> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>
>
> If you log into the system you have to use the clear password. The
> system reads the salt, creates the password hash and compares the results.
>
>
> :rjs
>
>
> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> > I'm trying to use the example in "Embedded Linux Systems with the 
> Yocto Project" to add a user to my Yocto build. In the book the sample 
> code:
> >
> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
> >
> > uses openssl to generate the encrypted password string to pass to 
> useradd. I have never been able to get this to work. When I run the 
> openssl
> > command on the cmd line I get a different value every time, this 
> seems wrong, How can the password code compare against it if every encode
> > produces a different value?
> >
> > I am getting the user added to the system, the home directory shows 
> up and the user is in the passwd and group files. I just can't login 
> to the
> > account.
> >
> > I've obviously got something confused, any help would be appreciated.
> >
> > Greg Wilson-Lindberg
> >
>
> -- 
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700
>
-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700


[-- Attachment #2: Type: text/html, Size: 7305 bytes --]

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1.1: Type: text/plain, Size: 3882 bytes --]

Hi Rudolf,

1st, yes I inherit extrausers. Attached are the passwd & shadow files.


It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.


Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


Hi Greg,


> I've also tried both the back-quote and the single-quote, no difference.


Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?


Can you post your /etc/passwd and /etc/shadow


I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.


:rjs




On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.


I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\
    useradd -p `openssl passwd test` sakura; \
    usermod -a -G sudo ${SAKURA_USER}; \
    "


I also, as you can see, removed the macros to eliminate as much confusion as possible.


I still can't login in using the password 'test'.


I've also tried both the back-quote and the single-quote, no difference.

Regards,


Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700


--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

[-- Attachment #1.2: Type: text/html, Size: 6067 bytes --]

[-- Attachment #2: passwd --]
[-- Type: application/octet-stream, Size: 1128 bytes --]

root:x:0:0:root:/home/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
mysql:x:990:987::/var/mysql:/bin/false
systemd-bus-proxy:x:991:988::/:/bin/nologin
polkitd:x:992:990::/etc/polkit-1:/bin/sh
systemd-resolve:x:993:991::/:/bin/nologin
systemd-network:x:994:992::/:/bin/nologin
systemd-timesync:x:995:993::/:/bin/nologin
messagebus:x:996:995::/var/lib/dbus:/bin/false
sakura:x:997:997::/home/sakura:/bin/bash
sshd:x:998:998::/var/run/sshd:/bin/false
rpc:x:999:999::/:/bin/false
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh

[-- Attachment #3: shadow --]
[-- Type: application/octet-stream, Size: 792 bytes --]

root::18031:0:99999:7:::
daemon:*:18031:0:99999:7:::
bin:*:18031:0:99999:7:::
sys:*:18031:0:99999:7:::
sync:*:18031:0:99999:7:::
games:*:18031:0:99999:7:::
man:*:18031:0:99999:7:::
lp:*:18031:0:99999:7:::
mail:*:18031:0:99999:7:::
news:*:18031:0:99999:7:::
uucp:*:18031:0:99999:7:::
proxy:*:18031:0:99999:7:::
www-data:*:18031:0:99999:7:::
backup:*:18031:0:99999:7:::
list:*:18031:0:99999:7:::
irc:*:18031:0:99999:7:::
gnats:*:18031:0:99999:7:::
mysql:!:18031:0:99999:7:::
systemd-bus-proxy:!:18031:0:99999:7:::
polkitd:!:18031:0:99999:7:::
systemd-resolve:!:18031:0:99999:7:::
systemd-network:!:18031:0:99999:7:::
systemd-timesync:!:18031:0:99999:7:::
messagebus:!:18031:0:99999:7:::
sakura:!:18031:0:99999:7:::
sshd:!:18031:0:99999:7:::
rpc:!:18031:0:99999:7:::
nobody:*:18031:0:99999:7:::

Re: problem adding a user

[Rudolf J Streif]

[-- Attachment #1: Type: text/plain, Size: 4769 bytes --]

The ! for the password in /etc/shadow indicates that the account is 
disabled:

sakura:!:18031:0:99999:7:::


Either there is something wrong with the password generation or it gets 
disabled by something else. Maybe it's worth trying with a plain image 
without Boot2Qt or anything else.


:rjs



On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>
>
> It shouldn't make any difference, but I'm building this for an RPi3 
> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 11:26 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Hi Greg,
>
>
> > I've also tried both the back-quote and the single-quote, no difference.
>
>
> Help me to understand this. the back-quotes are the right ones. If you 
> use the single ones your password in the /etc/shadow ends up being 
> 'openssl passwd test' (without the quotes), unless the build fails 
> because of a parsing error (I have not tried it). Silly question, you 
> did inherit extrausers class?
>
>
> Can you post your /etc/passwd and /etc/shadow
>
>
> I am surprised that this does not work with your setup. I have been 
> doing this a gazillion times always with success.
>
>
> :rjs
>
>
>
>
> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> Thanks for the reply, and the information on how openssl works.
>>
>>
>> I'm trying to create a user with the same group name so the code that 
>> I'm using reduces to:
>>
>> EXTRA_USERS_PARAMS = "\
>>      useradd -p `openssl passwd test` sakura; \
>>      usermod -a -G sudo ${SAKURA_USER}; \
>>      "
>> I also, as you can see, removed the macros to eliminate as much 
>> confusion as possible.
>>
>>
>> I still can't login in using the password 'test'.
>>
>>
>> I've also tried both the back-quote and the single-quote, no difference.
>>
>> Regards,
>>
>>
>> Greg
>>
>> ------------------------------------------------------------------------
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>> Hi Greg,
>>
>> Well, I suppose I wrote the book you are referring to...
>>
>>
>> Using
>>
>> useradd -p PASSWORD USER
>>
>> takes the password hash for PASSWORD hence the use of openssl in:
>>
>> useadd -p `openssl passwd PASSWORD` USER
>>
>> openssl password creates the password hash using the original crypt hash
>> algorithm if no other options are specified. e.g.
>>
>> $ openssl passwd hello
>> 6hEsTksgRkeiI
>>
>> With this the first two characters of the output is the salt and the
>> rest is the password hash. If you want openssl to create the same result
>> again:
>>
>> $ openssl passwd -salt "6h" hello
>> 6hEsTksgRkeiI
>>
>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>
>> $ openssl passwd -1 hello
>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>
>> $1 : password algorithm 1
>> $4Mu8Fcs. : salt
>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>
>>
>> If you log into the system you have to use the clear password. The
>> system reads the salt, creates the password hash and compares the 
>> results.
>>
>>
>> :rjs
>>
>>
>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>> > I'm trying to use the example in "Embedded Linux Systems with the 
>> Yocto Project" to add a user to my Yocto build. In the book the 
>> sample code:
>> >
>> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>> >
>> > uses openssl to generate the encrypted password string to pass to 
>> useradd. I have never been able to get this to work. When I run the 
>> openssl
>> > command on the cmd line I get a different value every time, this 
>> seems wrong, How can the password code compare against it if every encode
>> > produces a different value?
>> >
>> > I am getting the user added to the system, the home directory shows 
>> up and the user is in the passwd and group files. I just can't login 
>> to the
>> > account.
>> >
>> > I've obviously got something confused, any help would be appreciated.
>> >
>> > Greg Wilson-Lindberg
>> >
>>
>> -- 
>> -----
>> Rudolf J Streif
>> CEO/CTO ibeeto
>> +1.855.442.3396 x700
>>
> -- 
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700

-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700


[-- Attachment #2: Type: text/html, Size: 10381 bytes --]

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1: Type: text/plain, Size: 5073 bytes --]

Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.


I had been using the extrausers class in my top level image recipe.

So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?

Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


The ! for the password in /etc/shadow indicates that the account is disabled:

sakura:!:18031:0:99999:7:::


Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.


:rjs



On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

1st, yes I inherit extrausers. Attached are the passwd & shadow files.


It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.


Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


Hi Greg,


> I've also tried both the back-quote and the single-quote, no difference.


Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?


Can you post your /etc/passwd and /etc/shadow


I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.


:rjs




On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.


I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\
    useradd -p `openssl passwd test` sakura; \
    usermod -a -G sudo ${SAKURA_USER}; \
    "


I also, as you can see, removed the macros to eliminate as much confusion as possible.


I still can't login in using the password 'test'.


I've also tried both the back-quote and the single-quote, no difference.

Regards,


Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700


--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

[-- Attachment #2: Type: text/html, Size: 8079 bytes --]

Re: problem adding a user

[Rudolf J Streif]

[-- Attachment #1: Type: text/plain, Size: 6182 bytes --]

Instead of


useradd -p `openssl passwd test` sakura


which attempts to add the user and set the password which fails if the 
user already exists, use


usermod -p `openssl passwd test` sakura


which sets the user's password.


:rjs


On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>
> Ok, I had been using the useradd class in a couple of other recipes to 
> allow me to copy files to the sakura user directory and another 
> location, but owned by sakura. That seems to have been what was 
> causing the problem.
>
>
> I had been using the extrausers class in my top level image recipe.
>
>
> So now how do I get all of this to work together? Do I need to put 
> everything that touches the sakura user in the same recipe? It seems 
> that I need to use only one of the useradd or extrausers classes?
>
>
> Greg
>
> ------------------------------------------------------------------------
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 12:31 PM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> The ! for the password in /etc/shadow indicates that the account is 
> disabled:
>
> sakura:!:18031:0:99999:7:::
>
>
> Either there is something wrong with the password generation or it 
> gets disabled by something else. Maybe it's worth trying with a plain 
> image without Boot2Qt or anything else.
>
>
> :rjs
>
>
>
> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>
>>
>> It shouldn't make any difference, but I'm building this for an RPi3 
>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>
>>
>> Greg
>>
>> ------------------------------------------------------------------------
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Hi Greg,
>>
>>
>> > I've also tried both the back-quote and the single-quote, no 
>> difference.
>>
>>
>> Help me to understand this. the back-quotes are the right ones. If 
>> you use the single ones your password in the /etc/shadow ends up 
>> being 'openssl passwd test' (without the quotes), unless the build 
>> fails because of a parsing error (I have not tried it). Silly 
>> question, you did inherit extrausers class?
>>
>>
>> Can you post your /etc/passwd and /etc/shadow
>>
>>
>> I am surprised that this does not work with your setup. I have been 
>> doing this a gazillion times always with success.
>>
>>
>> :rjs
>>
>>
>>
>>
>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> Thanks for the reply, and the information on how openssl works.
>>>
>>>
>>> I'm trying to create a user with the same group name so the code 
>>> that I'm using reduces to:
>>>
>>> EXTRA_USERS_PARAMS = "\
>>>      useradd -p `openssl passwd test` sakura; \
>>>      usermod -a -G sudo ${SAKURA_USER}; \
>>>      "
>>> I also, as you can see, removed the macros to eliminate as much 
>>> confusion as possible.
>>>
>>>
>>> I still can't login in using the password 'test'.
>>>
>>>
>>> I've also tried both the back-quote and the single-quote, no difference.
>>>
>>> Regards,
>>>
>>>
>>> Greg
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>> Hi Greg,
>>>
>>> Well, I suppose I wrote the book you are referring to...
>>>
>>>
>>> Using
>>>
>>> useradd -p PASSWORD USER
>>>
>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>
>>> useadd -p `openssl passwd PASSWORD` USER
>>>
>>> openssl password creates the password hash using the original crypt 
>>> hash
>>> algorithm if no other options are specified. e.g.
>>>
>>> $ openssl passwd hello
>>> 6hEsTksgRkeiI
>>>
>>> With this the first two characters of the output is the salt and the
>>> rest is the password hash. If you want openssl to create the same 
>>> result
>>> again:
>>>
>>> $ openssl passwd -salt "6h" hello
>>> 6hEsTksgRkeiI
>>>
>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>
>>> $ openssl passwd -1 hello
>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>
>>> $1 : password algorithm 1
>>> $4Mu8Fcs. : salt
>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>
>>>
>>> If you log into the system you have to use the clear password. The
>>> system reads the salt, creates the password hash and compares the 
>>> results.
>>>
>>>
>>> :rjs
>>>
>>>
>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>> > I'm trying to use the example in "Embedded Linux Systems with the 
>>> Yocto Project" to add a user to my Yocto build. In the book the 
>>> sample code:
>>> >
>>> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>> >
>>> > uses openssl to generate the encrypted password string to pass to 
>>> useradd. I have never been able to get this to work. When I run the 
>>> openssl
>>> > command on the cmd line I get a different value every time, this 
>>> seems wrong, How can the password code compare against it if every 
>>> encode
>>> > produces a different value?
>>> >
>>> > I am getting the user added to the system, the home directory 
>>> shows up and the user is in the passwd and group files. I just can't 
>>> login to the
>>> > account.
>>> >
>>> > I've obviously got something confused, any help would be appreciated.
>>> >
>>> > Greg Wilson-Lindberg
>>> >
>>>
>>> -- 
>>> -----
>>> Rudolf J Streif
>>> CEO/CTO ibeeto
>>> +1.855.442.3396 x700
>>>
>> -- 
>> -----
>> Rudolf J Streif
>> CEO/CTO ibeeto
>> +1.855.442.3396 x700
> -- 
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700

-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700


[-- Attachment #2: Type: text/html, Size: 15090 bytes --]

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1.1: Type: text/plain, Size: 6915 bytes --]

Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,


Greg Wilson-Lindberg

Principal Firmware Engineer | Sakura Finetek USA, Inc.



1750 W 214th Street | Torrance, CA 90501 | U.S.A.

T: +1 310 783 5075

F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>

www.sakuraus.com<http://www.sakuraus.com>



[cid:image002.png@01D35D7D.179A7510]

[cid:image003.png@01D35D7D.179A7510]


________________________________

Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.



From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion <yocto@yoctoproject.org>
Subject: Re: [yocto] problem adding a user


Instead of



useradd -p `openssl passwd test` sakura



which attempts to add the user and set the password which fails if the user already exists, use



usermod -p `openssl passwd test` sakura



which sets the user's password.



:rjs


On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:

Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.



I had been using the extrausers class in my top level image recipe.

So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?

Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


The ! for the password in /etc/shadow indicates that the account is disabled:

sakura:!:18031:0:99999:7:::



Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.



:rjs




On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

1st, yes I inherit extrausers. Attached are the passwd & shadow files.



It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.


Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


Hi Greg,



> I've also tried both the back-quote and the single-quote, no difference.



Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?



Can you post your /etc/passwd and /etc/shadow



I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.



:rjs






On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.



I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\

    useradd -p `openssl passwd test` sakura; \

    usermod -a -G sudo ${SAKURA_USER}; \

    "
I also, as you can see, removed the macros to eliminate as much confusion as possible.



I still can't login in using the password 'test'.



I've also tried both the back-quote and the single-quote, no difference.

Regards,



Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

[-- Attachment #1.2: Type: text/html, Size: 25414 bytes --]

[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 949 bytes --]

[-- Attachment #3: image002.png --]
[-- Type: image/png, Size: 1916 bytes --]

[-- Attachment #4: image003.png --]
[-- Type: image/png, Size: 3012 bytes --]

Re: problem adding a user

[Rudolf Streif]

[-- Attachment #1.1: Type: text/plain, Size: 7663 bytes --]

Glad to hear that it works now. I am planning on attending the YP DevDay.

:rjs

On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:

> Thank you very much, that got me back on the right path.
>
> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>
> Regards,
>
> [image: cid:image001.png@01D35D7D.179A7510]
>
> *Greg Wilson-Lindberg  *
>
> *Principal Firmware Engineer | Sakura Finetek USA, Inc.  *
>
>
>
> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>
> T: +1 310 783 5075
>
> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>
> www.sakuraus.com
>
>
>
> [image: cid:image002.png@01D35D7D.179A7510]
>
> [image: cid:image003.png@01D35D7D.179A7510]
> ------------------------------
>
> Confidentiality Notice: This e-mail transmission may contain confidential
> or legally privileged information that is intended only for the individual
> or entity named in the e-mail address. If you are not the intended
> recipient, you are hereby notified that any disclosure, copying,
> distribution, or reliance upon the contents of this e-mail is strictly
> prohibited. If you have received this e-mail transmission in error, please
> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
> proper delivery, and then please delete the message from your inbox. Thank
> you.
>
>
>
>
>
> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
> *Sent:* Wednesday, May 15, 2019 01:30 PM
> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion <
> yocto@yoctoproject.org>
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> Instead of
>
>
>
> useradd -p `openssl passwd test` sakura
>
>
>
> which attempts to add the user and set the password which fails if the
> user already exists, use
>
>
>
> usermod -p `openssl passwd test` sakura
>
>
>
> which sets the user's password.
>
>
>
> :rjs
>
>
>
> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>
> Ok, I had been using the useradd class in a couple of other recipes to
> allow me to copy files to the sakura user directory and another location,
> but owned by sakura. That seems to have been what was causing the problem.
>
>
>
> I had been using the extrausers class in my top level image recipe.
>
>
> So now how do I get all of this to work together? Do I need to put
> everything that touches the sakura user in the same recipe? It seems that I
> need to use only one of the useradd or extrausers classes?
>
>
>
> Greg
> ------------------------------
>
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 12:31 PM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> The ! for the password in /etc/shadow indicates that the account is
> disabled:
>
> sakura:!:18031:0:99999:7:::
>
>
>
> Either there is something wrong with the password generation or it gets
> disabled by something else. Maybe it's worth trying with a plain image
> without Boot2Qt or anything else.
>
>
>
> :rjs
>
>
>
>
>
> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>
>
>
> It shouldn't make any difference, but I'm building this for an RPi3 using
> the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>
>
>
> Greg
> ------------------------------
>
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 11:26 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> Hi Greg,
>
>
>
> > I've also tried both the back-quote and the single-quote, no difference.
>
>
>
> Help me to understand this. the back-quotes are the right ones. If you use
> the single ones your password in the /etc/shadow ends up being 'openssl
> passwd test' (without the quotes), unless the build fails because of a
> parsing error (I have not tried it). Silly question, you did inherit
> extrausers class?
>
>
>
> Can you post your /etc/passwd and /etc/shadow
>
>
>
> I am surprised that this does not work with your setup. I have been doing
> this a gazillion times always with success.
>
>
>
> :rjs
>
>
>
>
>
>
>
> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>
> Hi Rudolf,
>
> Thanks for the reply, and the information on how openssl works.
>
>
>
> I'm trying to create a user with the same group name so the code that I'm
> using reduces to:
>
> EXTRA_USERS_PARAMS = "\
>
>     useradd -p `openssl passwd test` sakura; \
>
>     usermod -a -G sudo ${SAKURA_USER}; \
>
>     "
>
> I also, as you can see, removed the macros to eliminate as much confusion
> as possible.
>
>
>
> I still can't login in using the password 'test'.
>
>
>
> I've also tried both the back-quote and the single-quote, no difference.
>
> Regards,
>
>
>
> Greg
> ------------------------------
>
> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
> <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
> *To:* Greg Wilson-Lindberg; Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
>
>
> Hi Greg,
>
> Well, I suppose I wrote the book you are referring to...
>
>
> Using
>
> useradd -p PASSWORD USER
>
> takes the password hash for PASSWORD hence the use of openssl in:
>
> useadd -p `openssl passwd PASSWORD` USER
>
> openssl password creates the password hash using the original crypt hash
> algorithm if no other options are specified. e.g.
>
> $ openssl passwd hello
> 6hEsTksgRkeiI
>
> With this the first two characters of the output is the salt and the
> rest is the password hash. If you want openssl to create the same result
> again:
>
> $ openssl passwd -salt "6h" hello
> 6hEsTksgRkeiI
>
> You can use newer algorithms like MD5 based BSD password algorithm 1:
>
> $ openssl passwd -1 hello
> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>
> $1 : password algorithm 1
> $4Mu8Fcs. : salt
> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>
>
> If you log into the system you have to use the clear password. The
> system reads the salt, creates the password hash and compares the results.
>
>
> :rjs
>
>
> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> > I'm trying to use the example in "Embedded Linux Systems with the Yocto
> Project" to add a user to my Yocto build. In the book the sample code:
> >
> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
> >
> > uses openssl to generate the encrypted password string to pass to
> useradd. I have never been able to get this to work. When I run the openssl
> > command on the cmd line I get a different value every time, this seems
> wrong, How can the password code compare against it if every encode
> > produces a different value?
> >
> > I am getting the user added to the system, the home directory shows up
> and the user is in the passwd and group files. I just can't login to the
> > account.
> >
> > I've obviously got something confused, any help would be appreciated.
> >
> > Greg Wilson-Lindberg
> >
>
> --
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3396 x700
>
> --
>
> -----
>
> Rudolf J Streif
>
> CEO/CTO ibeeto
>
> +1.855.442.3396 x700
>
> --
>
> -----
>
> Rudolf J Streif
>
> CEO/CTO ibeeto
>
> +1.855.442.3396 x700
>
> --
>
> -----
>
> Rudolf J Streif
>
> CEO/CTO ibeeto
>
> +1.855.442.3396 x700
>
>

[-- Attachment #1.2: Type: text/html, Size: 21647 bytes --]

[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 949 bytes --]

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1.1: Type: text/plain, Size: 11421 bytes --]

Hi Rudolf,

I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.

When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:

SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"


everything works correctly.

I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.

When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]

But when I try to sign in it doesn't work.

I then tried the 10 character password 'Distracted', the build fails:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN

Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -P, --clear-password PASSWORD use clear password for the new password
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
  -v, --add-subuids FIRST-LAST  add range of subordinate uids
  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
  -w, --add-subgids FIRST-LAST  add range of subordinate gids
  -W, --del-subgids FIRST-LAST  remove range of subordinate gids

ERROR: scribe: usermod command did not succeed.

So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0

that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
 "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"

I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.

It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.

Any suggestions would be greatly appreciated.

Greg


________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Glad to hear that it works now. I am planning on attending the YP DevDay.

:rjs

On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,


Greg Wilson-Lindberg

Principal Firmware Engineer | Sakura Finetek USA, Inc.



1750 W 214th Street | Torrance, CA 90501 | U.S.A.

T: +1 310 783 5075

F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>

www.sakuraus.com<http://www.sakuraus.com>



[cid:image002.png@01D35D7D.179A7510]

[cid:image003.png@01D35D7D.179A7510]


________________________________

Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.



From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user


Instead of



useradd -p `openssl passwd test` sakura



which attempts to add the user and set the password which fails if the user already exists, use



usermod -p `openssl passwd test` sakura



which sets the user's password.



:rjs


On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:

Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.



I had been using the extrausers class in my top level image recipe.

So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?

Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


The ! for the password in /etc/shadow indicates that the account is disabled:

sakura:!:18031:0:99999:7:::



Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.



:rjs




On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

1st, yes I inherit extrausers. Attached are the passwd & shadow files.



It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.


Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


Hi Greg,



> I've also tried both the back-quote and the single-quote, no difference.



Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?



Can you post your /etc/passwd and /etc/shadow



I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.



:rjs






On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.



I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\

    useradd -p `openssl passwd test` sakura; \

    usermod -a -G sudo ${SAKURA_USER}; \

    "
I also, as you can see, removed the macros to eliminate as much confusion as possible.



I still can't login in using the password 'test'.



I've also tried both the back-quote and the single-quote, no difference.

Regards,



Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

[-- Attachment #1.2: Type: text/html, Size: 27281 bytes --]

[-- Attachment #2: scribe.bb --]
[-- Type: application/octet-stream, Size: 4611 bytes --]

############################################################################
##
## Copyright (C) 2017 Sakura Finetek Inc.
##
##  Custom image recipe
##
############################################################################

DESCRIPTION = "Scribe B2Qt embedded Qt5 image"
PR = "r0"
DEPLOY_CONF_TYPE = "Boot2Qt"

IMAGE_FEATURES += "\
        package-management \
        ssh-server-openssh \
        tools-debug \
        debug-tweaks \
        hwcodecs \
        splash \
        "
# 'debug-tweaks' allows user to login as root with no password
# before production need to remove debug-tweaks above
# uncomment line below
#IMAGE_FEATURES -= " debug-tweaks"

############################################################################
##
## The following is only for development images, don't want this for production builds
##
############################################################################
SDKIMAGE_FEATURES += "dev-pkgs dbg-pkgs staticdev-pkgs"
############################################################################
##
## End Development Only
##
############################################################################

inherit core-image qbsp-image
inherit consistent_timestamps
inherit populate_sdk_qt5
inherit extrausers

DISABLE_STATIC = ""

IMAGE_INSTALL += "\
    packagegroup-b2qt-embedded-base \
    packagegroup-b2qt-embedded-tools \
    ${@bb.utils.contains("DISTRO_FEATURES", "gstreamer010", "packagegroup-b2qt-embedded-gstreamer010", "", d)} \
    ${@bb.utils.contains("DISTRO_FEATURES", "gstreamer", "packagegroup-b2qt-embedded-gstreamer", "", d)} \
    packagegroup-b2qt-qt5-modules \
    packagegroup-b2qt-embedded-addons \
    pcsc-lite pcsc-lite-lib acsccid \
    canfestival zint \
    mysql5 \
    valgrind \
    elfutils \
    dfu-util \
    can-utils \
    nano \
    canstart canstart-service \
    scribedbconfig scribedbconfig-service \
    scribeconfig \
    userconfig \
    lsof \
    ttf-dejavu-sans ttf-dejavu-sans-mono ttf-dejavu-common ttf-dejavu-sans-condensed ttf-dejavu-serif \
    ttf-droid-sans ttf-droid-sans-mono ttf-droid-sans-fallback ttf-droid-sans-japanese ttf-droid-serif \
    ttf-liberation-mono ttf-liberation-sans ttf-liberation-serif \
    ttf-tlwg \
    ttf-ubuntu-mono ttf-ubuntu-sans \
    ttf-vlgothic \
    source-han-sans-cn-fonts source-han-sans-jp-fonts source-han-sans-kr-fonts source-han-sans-tw-fonts \
    sudo \
    "

#    pocketsphinx \     not going to be using this

SAKURA_USER = "sakura"
#SAKURA_PASSWD = "Di$tr@ctedDr1v3r"
#SAKURA_PASS = "$1$Z335E28J$IKN2Uz2Oaeq616zlV/wdb0"
#SAKURA_PASSWD = "Di$tr@cted"
#SAKURA_PASS = "$1$78PuvI1N$PG4jA6myRVYLA8L713IUS0"

### Tested Not Working -----   Won't build
SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
#----- Tested Working end

### Tested Not Working -----
#SAKURA_PASSWD = "Di$tr@ct"
#SAKURA_PASS = "kyNsrvS0elMWU"
#----- Tested Working end

### Tested Working -----
#SAKURA_PASSWD = "Distract"
#SAKURA_PASS = "WRsDFfg1BsrDM"
#----- Tested Working end

### Tested Working -----
#SAKURA_PASSWD = "TesTing1"
#SAKURA_PASS = "Pj7iDzj01qmNE"
#----- Tested Working end

### Tested Working -----
#SAKURA_PASSWD = "test"           
#SAKURA_PASS = "D4adHu3z2m0jQ"
#----- Tested Working end

#                                    # Can only use greater than 8 character password if using other than default encryption, see -1 below
#                                    # -1 creates MD5 based BSD style hash, can handle longer than 8 character password

EXTRA_USERS_PARAMS = "\
    usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "

#usermod -p `openssl passwd -1 ${SAKURA_PASSWD}` ${SAKURA_USER};

modify_sudoers() {
    sed 's/# %sudo/%sudo/' < ${IMAGE_ROOTFS}/etc/sudoers > \
        ${IMAGE_ROOTFS}/etc/sudoers.tmp
    mv ${IMAGE_ROOTFS}/etc/sudoers.tmp ${IMAGE_ROOTFS}/etc/sudoers
}
ROOTFS_POSTPROCESS_COMMAND += "modify_sudoers;"

addtask showvars
do_showvars[nostamp] = "1"
python do_showvars() {
        # emit only the metadata that are variables and not functions
        isfunc = lambda key: bool(d.getVarFlag(key, 'func', False))
        vars = sorted((key for key in bb.data.keys(d) \
               if not key.startswith('__')))
        for var in vars:
            if not isfunc(var):
                try:
                    val = d.getVar(var, True)
                except Exception as exc:
                    bb.plain('Expansion of %s threw %s: %s' % \
                              (var, exc.__class__.__name__, str(exc)))
                bb.plain('%s="%s"' % (var, val))
}

Re: problem adding a user

[Rudolf Streif]

[-- Attachment #1: Type: text/plain, Size: 12754 bytes --]

Greg,

usermod does not work for the MD5 algorithm with the explicit password hash
as it contains the $ field delimiters which are interpreted by the shell
executing the usermod command. Use single quotes around the password hash:

usermod -p '${SAKURA_PASS}' ${SAKURA_USER};

:rjs

On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:

> Hi Rudolf,
>
> I've had more time to work with this and I'm still having problems getting
> everything to work properly. I've attached the image recipe recipe that I'm
> using so I don't leave any thing out that may be relevant.
>
> When I build with a password that is no more more than 8 characters long
> and no non-alphabetic characters:
>
> SAKURA_PASSWD = "Distract"
> SAKURA_PASS = "WRsDFfg1BsrDM"
>
> everything works correctly.
>
> I first tried that using the `openssl ...` form, and then I tried the
> -1, MD5 BSD form and had problems, so I changed to doing the openssl
> on the command line and making sure that I don't have any characters
> that display as '.' or '/'. Again, if I don't do more than 8 characters
> and no special characters everything works.
>
> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
> and the log file shows the usermod being exectued correctly:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>
> But when I try to sign in it doesn't work.
>
> I then tried the 10 character password 'Distracted', the build fails:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
> Usage: usermod [options] LOGIN
>
> Options:
>   -c, --comment COMMENT         new value of the GECOS field
>   -d, --home HOME_DIR           new home directory for the user account
>   -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
>   -f, --inactive INACTIVE       set password inactive after expiration
>                                 to INACTIVE
>   -g, --gid GROUP               force use GROUP as new primary group
>   -G, --groups GROUPS           new list of supplementary GROUPS
>   -a, --append                  append the user to the supplemental GROUPS
>                                 mentioned by the -G option without removing
>                                 him/her from other groups
>   -h, --help                    display this help message and exit
>   -l, --login NEW_LOGIN         new value of the login name
>   -L, --lock                    lock the user account
>   -m, --move-home               move contents of the home directory to the
>                                 new location (use only with -d)
>   -o, --non-unique              allow using duplicate (non-unique) UID
>   -p, --password PASSWORD       use encrypted password for the new password
>   -P, --clear-password PASSWORD use clear password for the new password
>   -R, --root CHROOT_DIR         directory to chroot into
>   -s, --shell SHELL             new login shell for the user account
>   -u, --uid UID                 new UID for the user account
>   -U, --unlock                  unlock the user account
>   -v, --add-subuids FIRST-LAST  add range of subordinate uids
>   -V, --del-subuids FIRST-LAST  remove range of subordinate uids
>   -w, --add-subgids FIRST-LAST  add range of subordinate gids
>   -W, --del-subgids FIRST-LAST  remove range of subordinate gids
>
> ERROR: scribe: usermod command did not succeed.
>
> So, even though I'm putting in the openssl output:
> openssl passwd -1 "Distracted"
> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>
> that I get back from what should be a valid run of openssl, I don't see anything
> from the password on the usermod command line:
>  "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>
> I don't understand why the short passwords and passing along the proper hash works,
> but not the longer password.
>
> It also doesn't make sense that I can't put in the '$' & '@' characters and
> have them work.
>
> Any suggestions would be greatly appreciated.
>
> Greg
>
> ------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Glad to hear that it works now. I am planning on attending the YP DevDay.
>
> :rjs
>
> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
> wrote:
>
>> Thank you very much, that got me back on the right path.
>>
>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>
>> Regards,
>>
>> [image: cid:image001.png@01D35D7D.179A7510]
>>
>> *Greg Wilson-Lindberg  *
>>
>> *Principal Firmware Engineer | Sakura Finetek USA, Inc.  *
>>
>>
>>
>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>>
>> T: +1 310 783 5075
>>
>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>
>> www.sakuraus.com
>>
>>
>>
>> [image: cid:image002.png@01D35D7D.179A7510]
>>
>> [image: cid:image003.png@01D35D7D.179A7510]
>> ------------------------------
>>
>> Confidentiality Notice: This e-mail transmission may contain confidential
>> or legally privileged information that is intended only for the individual
>> or entity named in the e-mail address. If you are not the intended
>> recipient, you are hereby notified that any disclosure, copying,
>> distribution, or reliance upon the contents of this e-mail is strictly
>> prohibited. If you have received this e-mail transmission in error, please
>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>> proper delivery, and then please delete the message from your inbox. Thank
>> you.
>>
>>
>>
>>
>>
>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion
>> <yocto@yoctoproject.org>
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> Instead of
>>
>>
>>
>> useradd -p `openssl passwd test` sakura
>>
>>
>>
>> which attempts to add the user and set the password which fails if the
>> user already exists, use
>>
>>
>>
>> usermod -p `openssl passwd test` sakura
>>
>>
>>
>> which sets the user's password.
>>
>>
>>
>> :rjs
>>
>>
>>
>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>
>> Ok, I had been using the useradd class in a couple of other recipes to
>> allow me to copy files to the sakura user directory and another location,
>> but owned by sakura. That seems to have been what was causing the problem.
>>
>>
>>
>> I had been using the extrausers class in my top level image recipe.
>>
>>
>> So now how do I get all of this to work together? Do I need to put
>> everything that touches the sakura user in the same recipe? It seems that I
>> need to use only one of the useradd or extrausers classes?
>>
>>
>>
>> Greg
>> ------------------------------
>>
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> The ! for the password in /etc/shadow indicates that the account is
>> disabled:
>>
>> sakura:!:18031:0:99999:7:::
>>
>>
>>
>> Either there is something wrong with the password generation or it gets
>> disabled by something else. Maybe it's worth trying with a plain image
>> without Boot2Qt or anything else.
>>
>>
>>
>> :rjs
>>
>>
>>
>>
>>
>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>
>>
>>
>> It shouldn't make any difference, but I'm building this for an RPi3 using
>> the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>
>>
>>
>> Greg
>> ------------------------------
>>
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> Hi Greg,
>>
>>
>>
>> > I've also tried both the back-quote and the single-quote, no difference.
>>
>>
>>
>> Help me to understand this. the back-quotes are the right ones. If you
>> use the single ones your password in the /etc/shadow ends up being 'openssl
>> passwd test' (without the quotes), unless the build fails because of a
>> parsing error (I have not tried it). Silly question, you did inherit
>> extrausers class?
>>
>>
>>
>> Can you post your /etc/passwd and /etc/shadow
>>
>>
>>
>> I am surprised that this does not work with your setup. I have been doing
>> this a gazillion times always with success.
>>
>>
>>
>> :rjs
>>
>>
>>
>>
>>
>>
>>
>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>
>> Hi Rudolf,
>>
>> Thanks for the reply, and the information on how openssl works.
>>
>>
>>
>> I'm trying to create a user with the same group name so the code that I'm
>> using reduces to:
>>
>> EXTRA_USERS_PARAMS = "\
>>
>>     useradd -p `openssl passwd test` sakura; \
>>
>>     usermod -a -G sudo ${SAKURA_USER}; \
>>
>>     "
>>
>> I also, as you can see, removed the macros to eliminate as much confusion
>> as possible.
>>
>>
>>
>> I still can't login in using the password 'test'.
>>
>>
>>
>> I've also tried both the back-quote and the single-quote, no difference.
>>
>> Regards,
>>
>>
>>
>> Greg
>> ------------------------------
>>
>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>> <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>>
>>
>> Hi Greg,
>>
>> Well, I suppose I wrote the book you are referring to...
>>
>>
>> Using
>>
>> useradd -p PASSWORD USER
>>
>> takes the password hash for PASSWORD hence the use of openssl in:
>>
>> useadd -p `openssl passwd PASSWORD` USER
>>
>> openssl password creates the password hash using the original crypt hash
>> algorithm if no other options are specified. e.g.
>>
>> $ openssl passwd hello
>> 6hEsTksgRkeiI
>>
>> With this the first two characters of the output is the salt and the
>> rest is the password hash. If you want openssl to create the same result
>> again:
>>
>> $ openssl passwd -salt "6h" hello
>> 6hEsTksgRkeiI
>>
>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>
>> $ openssl passwd -1 hello
>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>
>> $1 : password algorithm 1
>> $4Mu8Fcs. : salt
>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>
>>
>> If you log into the system you have to use the clear password. The
>> system reads the salt, creates the password hash and compares the results.
>>
>>
>> :rjs
>>
>>
>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>> > I'm trying to use the example in "Embedded Linux Systems with the Yocto
>> Project" to add a user to my Yocto build. In the book the sample code:
>> >
>> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>> >
>> > uses openssl to generate the encrypted password string to pass to
>> useradd. I have never been able to get this to work. When I run the openssl
>> > command on the cmd line I get a different value every time, this seems
>> wrong, How can the password code compare against it if every encode
>> > produces a different value?
>> >
>> > I am getting the user added to the system, the home directory shows up
>> and the user is in the passwd and group files. I just can't login to the
>> > account.
>> >
>> > I've obviously got something confused, any help would be appreciated.
>> >
>> > Greg Wilson-Lindberg
>> >
>>
>> --
>> -----
>> Rudolf J Streif
>> CEO/CTO ibeeto
>> +1.855.442.3396 x700
>>
>> --
>>
>> -----
>>
>> Rudolf J Streif
>>
>> CEO/CTO ibeeto
>>
>> +1.855.442.3396 x700
>>
>> --
>>
>> -----
>>
>> Rudolf J Streif
>>
>> CEO/CTO ibeeto
>>
>> +1.855.442.3396 x700
>>
>> --
>>
>> -----
>>
>> Rudolf J Streif
>>
>> CEO/CTO ibeeto
>>
>> +1.855.442.3396 x700
>>
>>

[-- Attachment #2: Type: text/html, Size: 28054 bytes --]

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1: Type: text/plain, Size: 12686 bytes --]

Rudolf,

Something else is happening to me. I changed to this in the image recipe:

SAKURA_USER = "sakura"

SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS = "\
    usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "

deleting all of the commented out lines, and I get this in the log file:


..../scribe/1.0-r0/rootfs -p '' sakura]


nothing between the single quotes. It's acting like SAKURA_PASS is not defined.

This is only happening when I'm trying the MD5 password.


Greg

________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Tuesday, May 21, 2019 5:37:23 AM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Greg,

usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash:

usermod -p '${SAKURA_PASS}' ${SAKURA_USER};

:rjs

On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:

Hi Rudolf,

I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.

When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:

SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"


everything works correctly.

I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.

When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]

But when I try to sign in it doesn't work.

I then tried the 10 character password 'Distracted', the build fails:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN

Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -P, --clear-password PASSWORD use clear password for the new password
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
  -v, --add-subuids FIRST-LAST  add range of subordinate uids
  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
  -w, --add-subgids FIRST-LAST  add range of subordinate gids
  -W, --del-subgids FIRST-LAST  remove range of subordinate gids

ERROR: scribe: usermod command did not succeed.

So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0

that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
 "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"

I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.

It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.

Any suggestions would be greatly appreciated.

Greg


________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Glad to hear that it works now. I am planning on attending the YP DevDay.

:rjs

On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,


Greg Wilson-Lindberg

Principal Firmware Engineer | Sakura Finetek USA, Inc.



1750 W 214th Street | Torrance, CA 90501 | U.S.A.

T: +1 310 783 5075

F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>

www.sakuraus.com<http://www.sakuraus.com>



[cid:image002.png@01D35D7D.179A7510]

[cid:image003.png@01D35D7D.179A7510]


________________________________

Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.



From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user


Instead of



useradd -p `openssl passwd test` sakura



which attempts to add the user and set the password which fails if the user already exists, use



usermod -p `openssl passwd test` sakura



which sets the user's password.



:rjs


On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:

Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.



I had been using the extrausers class in my top level image recipe.

So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?

Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


The ! for the password in /etc/shadow indicates that the account is disabled:

sakura:!:18031:0:99999:7:::



Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.



:rjs




On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

1st, yes I inherit extrausers. Attached are the passwd & shadow files.



It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.


Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


Hi Greg,



> I've also tried both the back-quote and the single-quote, no difference.



Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?



Can you post your /etc/passwd and /etc/shadow



I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.



:rjs






On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.



I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\

    useradd -p `openssl passwd test` sakura; \

    usermod -a -G sudo ${SAKURA_USER}; \

    "
I also, as you can see, removed the macros to eliminate as much confusion as possible.



I still can't login in using the password 'test'.



I've also tried both the back-quote and the single-quote, no difference.

Regards,



Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

[-- Attachment #2: Type: text/html, Size: 30278 bytes --]

Re: problem adding a user

[Rudolf Streif]

[-- Attachment #1: Type: text/plain, Size: 14311 bytes --]

Greg,
Can you share the logfile via Pastebin?
:rjs

On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:

> Rudolf,
>
> Something else is happening to me. I changed to this in the image recipe:
>
> SAKURA_USER = "sakura"
>
> SAKURA_PASSWD = "Distracted"
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
>     usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>     usermod -a -G sudo,dialout ${SAKURA_USER}; \
>     "
>
> deleting all of the commented out lines, and I get this in the log file:
>
>
> ..../scribe/1.0-r0/rootfs -p '' sakura]
>
>
> nothing between the single quotes. It's acting like SAKURA_PASS is not
> defined.
>
> This is only happening when I'm trying the MD5 password.
>
>
> Greg
> ------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Greg,
>
> usermod does not work for the MD5 algorithm with the explicit password
> hash as it contains the $ field delimiters which are interpreted by the
> shell executing the usermod command. Use single quotes around the password
> hash:
>
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>
> :rjs
>
> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
> wrote:
>
>> Hi Rudolf,
>>
>> I've had more time to work with this and I'm still having problems getting
>> everything to work properly. I've attached the image recipe recipe that I'm
>> using so I don't leave any thing out that may be relevant.
>>
>> When I build with a password that is no more more than 8 characters long
>> and no non-alphabetic characters:
>>
>> SAKURA_PASSWD = "Distract"
>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>
>> everything works correctly.
>>
>> I first tried that using the `openssl ...` form, and then I tried the
>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>> on the command line and making sure that I don't have any characters
>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>> and no special characters everything works.
>>
>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>> and the log file shows the usermod being exectued correctly:
>>
>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>>
>> But when I try to sign in it doesn't work.
>>
>> I then tried the 10 character password 'Distracted', the build fails:
>>
>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>> Usage: usermod [options] LOGIN
>>
>> Options:
>>   -c, --comment COMMENT         new value of the GECOS field
>>   -d, --home HOME_DIR           new home directory for the user account
>>   -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
>>   -f, --inactive INACTIVE       set password inactive after expiration
>>                                 to INACTIVE
>>   -g, --gid GROUP               force use GROUP as new primary group
>>   -G, --groups GROUPS           new list of supplementary GROUPS
>>   -a, --append                  append the user to the supplemental GROUPS
>>                                 mentioned by the -G option without removing
>>                                 him/her from other groups
>>   -h, --help                    display this help message and exit
>>   -l, --login NEW_LOGIN         new value of the login name
>>   -L, --lock                    lock the user account
>>   -m, --move-home               move contents of the home directory to the
>>                                 new location (use only with -d)
>>   -o, --non-unique              allow using duplicate (non-unique) UID
>>   -p, --password PASSWORD       use encrypted password for the new password
>>   -P, --clear-password PASSWORD use clear password for the new password
>>   -R, --root CHROOT_DIR         directory to chroot into
>>   -s, --shell SHELL             new login shell for the user account
>>   -u, --uid UID                 new UID for the user account
>>   -U, --unlock                  unlock the user account
>>   -v, --add-subuids FIRST-LAST  add range of subordinate uids
>>   -V, --del-subuids FIRST-LAST  remove range of subordinate uids
>>   -w, --add-subgids FIRST-LAST  add range of subordinate gids
>>   -W, --del-subgids FIRST-LAST  remove range of subordinate gids
>>
>> ERROR: scribe: usermod command did not succeed.
>>
>> So, even though I'm putting in the openssl output:
>> openssl passwd -1 "Distracted"
>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>
>> that I get back from what should be a valid run of openssl, I don't see anything
>> from the password on the usermod command line:
>>  "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>
>> I don't understand why the short passwords and passing along the proper hash works,
>> but not the longer password.
>>
>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>> have them work.
>>
>> Any suggestions would be greatly appreciated.
>>
>> Greg
>>
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Glad to hear that it works now. I am planning on attending the YP DevDay.
>>
>> :rjs
>>
>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>> wrote:
>>
>>> Thank you very much, that got me back on the right path.
>>>
>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>
>>> Regards,
>>>
>>> [image: cid:image001.png@01D35D7D.179A7510]
>>>
>>> *Greg Wilson-Lindberg  *
>>>
>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc.  *
>>>
>>>
>>>
>>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>>>
>>> T: +1 310 783 5075
>>>
>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>>
>>> www.sakuraus.com
>>>
>>>
>>>
>>> [image: cid:image002.png@01D35D7D.179A7510]
>>>
>>> [image: cid:image003.png@01D35D7D.179A7510]
>>> ------------------------------
>>>
>>> Confidentiality Notice: This e-mail transmission may contain
>>> confidential or legally privileged information that is intended only for
>>> the individual or entity named in the e-mail address. If you are not the
>>> intended recipient, you are hereby notified that any disclosure, copying,
>>> distribution, or reliance upon the contents of this e-mail is strictly
>>> prohibited. If you have received this e-mail transmission in error, please
>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>> proper delivery, and then please delete the message from your inbox. Thank
>>> you.
>>>
>>>
>>>
>>>
>>>
>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list
>>> discussion <yocto@yoctoproject.org>
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Instead of
>>>
>>>
>>>
>>> useradd -p `openssl passwd test` sakura
>>>
>>>
>>>
>>> which attempts to add the user and set the password which fails if the
>>> user already exists, use
>>>
>>>
>>>
>>> usermod -p `openssl passwd test` sakura
>>>
>>>
>>>
>>> which sets the user's password.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>
>>> Ok, I had been using the useradd class in a couple of other recipes to
>>> allow me to copy files to the sakura user directory and another location,
>>> but owned by sakura. That seems to have been what was causing the problem.
>>>
>>>
>>>
>>> I had been using the extrausers class in my top level image recipe.
>>>
>>>
>>> So now how do I get all of this to work together? Do I need to put
>>> everything that touches the sakura user in the same recipe? It seems that I
>>> need to use only one of the useradd or extrausers classes?
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> The ! for the password in /etc/shadow indicates that the account is
>>> disabled:
>>>
>>> sakura:!:18031:0:99999:7:::
>>>
>>>
>>>
>>> Either there is something wrong with the password generation or it gets
>>> disabled by something else. Maybe it's worth trying with a plain image
>>> without Boot2Qt or anything else.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>>
>>>
>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>
>>>
>>>
>>> It shouldn't make any difference, but I'm building this for an RPi3
>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Hi Greg,
>>>
>>>
>>>
>>> > I've also tried both the back-quote and the single-quote, no
>>> difference.
>>>
>>>
>>>
>>> Help me to understand this. the back-quotes are the right ones. If you
>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>> passwd test' (without the quotes), unless the build fails because of a
>>> parsing error (I have not tried it). Silly question, you did inherit
>>> extrausers class?
>>>
>>>
>>>
>>> Can you post your /etc/passwd and /etc/shadow
>>>
>>>
>>>
>>> I am surprised that this does not work with your setup. I have been
>>> doing this a gazillion times always with success.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> Thanks for the reply, and the information on how openssl works.
>>>
>>>
>>>
>>> I'm trying to create a user with the same group name so the code that
>>> I'm using reduces to:
>>>
>>> EXTRA_USERS_PARAMS = "\
>>>
>>>     useradd -p `openssl passwd test` sakura; \
>>>
>>>     usermod -a -G sudo ${SAKURA_USER}; \
>>>
>>>     "
>>>
>>> I also, as you can see, removed the macros to eliminate as much
>>> confusion as possible.
>>>
>>>
>>>
>>> I still can't login in using the password 'test'.
>>>
>>>
>>>
>>> I've also tried both the back-quote and the single-quote, no difference.
>>>
>>> Regards,
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>> <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Hi Greg,
>>>
>>> Well, I suppose I wrote the book you are referring to...
>>>
>>>
>>> Using
>>>
>>> useradd -p PASSWORD USER
>>>
>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>
>>> useadd -p `openssl passwd PASSWORD` USER
>>>
>>> openssl password creates the password hash using the original crypt hash
>>> algorithm if no other options are specified. e.g.
>>>
>>> $ openssl passwd hello
>>> 6hEsTksgRkeiI
>>>
>>> With this the first two characters of the output is the salt and the
>>> rest is the password hash. If you want openssl to create the same result
>>> again:
>>>
>>> $ openssl passwd -salt "6h" hello
>>> 6hEsTksgRkeiI
>>>
>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>
>>> $ openssl passwd -1 hello
>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>
>>> $1 : password algorithm 1
>>> $4Mu8Fcs. : salt
>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>
>>>
>>> If you log into the system you have to use the clear password. The
>>> system reads the salt, creates the password hash and compares the
>>> results.
>>>
>>>
>>> :rjs
>>>
>>>
>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>> >
>>> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>> >
>>> > uses openssl to generate the encrypted password string to pass to
>>> useradd. I have never been able to get this to work. When I run the openssl
>>> > command on the cmd line I get a different value every time, this seems
>>> wrong, How can the password code compare against it if every encode
>>> > produces a different value?
>>> >
>>> > I am getting the user added to the system, the home directory shows up
>>> and the user is in the passwd and group files. I just can't login to the
>>> > account.
>>> >
>>> > I've obviously got something confused, any help would be appreciated.
>>> >
>>> > Greg Wilson-Lindberg
>>> >
>>>
>>> --
>>> -----
>>> Rudolf J Streif
>>> CEO/CTO ibeeto
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>>

-- 
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.

[-- Attachment #2: Type: text/html, Size: 29957 bytes --]

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1: Type: text/plain, Size: 13408 bytes --]

Rudolf,

Here is the first half of the file,  the whole file is over the 500k limit of free pastebin:

https://pastebin.com/UcnKebce


And here is the 2nd half of the file:

https://pastebin.com/9117tdUU


Greg

________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 22, 2019 12:42:40 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Greg,
Can you share the logfile via Pastebin?
:rjs

On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:

Rudolf,

Something else is happening to me. I changed to this in the image recipe:

SAKURA_USER = "sakura"

SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS = "\
    usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "

deleting all of the commented out lines, and I get this in the log file:


..../scribe/1.0-r0/rootfs -p '' sakura]


nothing between the single quotes. It's acting like SAKURA_PASS is not defined.

This is only happening when I'm trying the MD5 password.


Greg

________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Tuesday, May 21, 2019 5:37:23 AM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Greg,

usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash:

usermod -p '${SAKURA_PASS}' ${SAKURA_USER};

:rjs

On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:

Hi Rudolf,

I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.

When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:

SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"


everything works correctly.

I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.

When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]

But when I try to sign in it doesn't work.

I then tried the 10 character password 'Distracted', the build fails:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN

Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -P, --clear-password PASSWORD use clear password for the new password
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
  -v, --add-subuids FIRST-LAST  add range of subordinate uids
  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
  -w, --add-subgids FIRST-LAST  add range of subordinate gids
  -W, --del-subgids FIRST-LAST  remove range of subordinate gids

ERROR: scribe: usermod command did not succeed.

So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0

that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
 "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"

I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.

It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.

Any suggestions would be greatly appreciated.

Greg


________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Glad to hear that it works now. I am planning on attending the YP DevDay.

:rjs

On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,


Greg Wilson-Lindberg

Principal Firmware Engineer | Sakura Finetek USA, Inc.



1750 W 214th Street | Torrance, CA 90501 | U.S.A.

T: +1 310 783 5075

F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>

www.sakuraus.com<http://www.sakuraus.com>



[cid:image002.png@01D35D7D.179A7510]

[cid:image003.png@01D35D7D.179A7510]


________________________________

Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.



From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user


Instead of



useradd -p `openssl passwd test` sakura



which attempts to add the user and set the password which fails if the user already exists, use



usermod -p `openssl passwd test` sakura



which sets the user's password.



:rjs


On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:

Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.



I had been using the extrausers class in my top level image recipe.

So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?

Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


The ! for the password in /etc/shadow indicates that the account is disabled:

sakura:!:18031:0:99999:7:::



Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.



:rjs




On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

1st, yes I inherit extrausers. Attached are the passwd & shadow files.



It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.


Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


Hi Greg,



> I've also tried both the back-quote and the single-quote, no difference.



Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?



Can you post your /etc/passwd and /etc/shadow



I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.



:rjs






On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.



I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\

    useradd -p `openssl passwd test` sakura; \

    usermod -a -G sudo ${SAKURA_USER}; \

    "
I also, as you can see, removed the macros to eliminate as much confusion as possible.



I still can't login in using the password 'test'.



I've also tried both the back-quote and the single-quote, no difference.

Regards,



Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700


--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.

[-- Attachment #2: Type: text/html, Size: 31462 bytes --]

Re: problem adding a user

[Rudolf Streif]

[-- Attachment #1: Type: text/plain, Size: 16677 bytes --]

Greg,

It eluded me earlier but in both instances the variable containing the
password does not seem to be expanded.

First version without the single quotes:

SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS = "\
    usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "
results in:

NOTE: scribe: Performing usermod with [-R
/home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
-p sakura]

and with the quotes:

SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS = "\
    usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "
results in:
NOTE: scribe: Performing usermod with [-R
/home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
-p '' sakura]

It looks as if the variable SAKURA_PASS is not set at all. I looked at
your scribe.bb recipe you attached earlier but I could not find any
reason why the variable is not set. Is there a chance that it is
overridden somewhere elase?

:rjs


On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com>
wrote:

> Rudolf,
>
> Here is the first half of the file,  the whole file is over the 500k limit
> of free pastebin:
>
> https://pastebin.com/UcnKebce
>
>
> And here is the 2nd half of the file:
>
> https://pastebin.com/9117tdUU
>
>
> Greg
> ------------------------------
> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
> *Sent:* Wednesday, May 22, 2019 12:42:40 PM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Greg,
> Can you share the logfile via Pastebin?
> :rjs
>
> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <
> GWilson@sakuraus.com> wrote:
>
>> Rudolf,
>>
>> Something else is happening to me. I changed to this in the image recipe:
>>
>> SAKURA_USER = "sakura"
>>
>> SAKURA_PASSWD = "Distracted"
>> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>>
>> EXTRA_USERS_PARAMS = "\
>>     usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>>     usermod -a -G sudo,dialout ${SAKURA_USER}; \
>>     "
>>
>> deleting all of the commented out lines, and I get this in the log file:
>>
>>
>> ..../scribe/1.0-r0/rootfs -p '' sakura]
>>
>>
>> nothing between the single quotes. It's acting like SAKURA_PASS is not
>> defined.
>>
>> This is only happening when I'm trying the MD5 password.
>>
>>
>> Greg
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Greg,
>>
>> usermod does not work for the MD5 algorithm with the explicit password
>> hash as it contains the $ field delimiters which are interpreted by the
>> shell executing the usermod command. Use single quotes around the password
>> hash:
>>
>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>>
>> :rjs
>>
>> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>> wrote:
>>
>>> Hi Rudolf,
>>>
>>> I've had more time to work with this and I'm still having problems getting
>>> everything to work properly. I've attached the image recipe recipe that I'm
>>> using so I don't leave any thing out that may be relevant.
>>>
>>> When I build with a password that is no more more than 8 characters long
>>> and no non-alphabetic characters:
>>>
>>> SAKURA_PASSWD = "Distract"
>>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>>
>>> everything works correctly.
>>>
>>> I first tried that using the `openssl ...` form, and then I tried the
>>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>>> on the command line and making sure that I don't have any characters
>>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>>> and no special characters everything works.
>>>
>>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>>> and the log file shows the usermod being exectued correctly:
>>>
>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>>>
>>> But when I try to sign in it doesn't work.
>>>
>>> I then tried the 10 character password 'Distracted', the build fails:
>>>
>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>>> Usage: usermod [options] LOGIN
>>>
>>> Options:
>>>   -c, --comment COMMENT         new value of the GECOS field
>>>   -d, --home HOME_DIR           new home directory for the user account
>>>   -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
>>>   -f, --inactive INACTIVE       set password inactive after expiration
>>>                                 to INACTIVE
>>>   -g, --gid GROUP               force use GROUP as new primary group
>>>   -G, --groups GROUPS           new list of supplementary GROUPS
>>>   -a, --append                  append the user to the supplemental GROUPS
>>>                                 mentioned by the -G option without removing
>>>                                 him/her from other groups
>>>   -h, --help                    display this help message and exit
>>>   -l, --login NEW_LOGIN         new value of the login name
>>>   -L, --lock                    lock the user account
>>>   -m, --move-home               move contents of the home directory to the
>>>                                 new location (use only with -d)
>>>   -o, --non-unique              allow using duplicate (non-unique) UID
>>>   -p, --password PASSWORD       use encrypted password for the new password
>>>   -P, --clear-password PASSWORD use clear password for the new password
>>>   -R, --root CHROOT_DIR         directory to chroot into
>>>   -s, --shell SHELL             new login shell for the user account
>>>   -u, --uid UID                 new UID for the user account
>>>   -U, --unlock                  unlock the user account
>>>   -v, --add-subuids FIRST-LAST  add range of subordinate uids
>>>   -V, --del-subuids FIRST-LAST  remove range of subordinate uids
>>>   -w, --add-subgids FIRST-LAST  add range of subordinate gids
>>>   -W, --del-subgids FIRST-LAST  remove range of subordinate gids
>>>
>>> ERROR: scribe: usermod command did not succeed.
>>>
>>> So, even though I'm putting in the openssl output:
>>> openssl passwd -1 "Distracted"
>>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>>
>>> that I get back from what should be a valid run of openssl, I don't see anything
>>> from the password on the usermod command line:
>>>  "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>>
>>> I don't understand why the short passwords and passing along the proper hash works,
>>> but not the longer password.
>>>
>>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>>> have them work.
>>>
>>> Any suggestions would be greatly appreciated.
>>>
>>> Greg
>>>
>>> ------------------------------
>>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>>> *To:* Greg Wilson-Lindberg
>>> *Cc:* Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>> Glad to hear that it works now. I am planning on attending the YP
>>> DevDay.
>>>
>>> :rjs
>>>
>>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>>> wrote:
>>>
>>>> Thank you very much, that got me back on the right path.
>>>>
>>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>>
>>>> Regards,
>>>>
>>>> [image: cid:image001.png@01D35D7D.179A7510]
>>>>
>>>> *Greg Wilson-Lindberg  *
>>>>
>>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc.  *
>>>>
>>>>
>>>>
>>>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>>>>
>>>> T: +1 310 783 5075
>>>>
>>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>>>
>>>> www.sakuraus.com
>>>>
>>>>
>>>>
>>>> [image: cid:image002.png@01D35D7D.179A7510]
>>>>
>>>> [image: cid:image003.png@01D35D7D.179A7510]
>>>> ------------------------------
>>>>
>>>> Confidentiality Notice: This e-mail transmission may contain
>>>> confidential or legally privileged information that is intended only for
>>>> the individual or entity named in the e-mail address. If you are not the
>>>> intended recipient, you are hereby notified that any disclosure, copying,
>>>> distribution, or reliance upon the contents of this e-mail is strictly
>>>> prohibited. If you have received this e-mail transmission in error, please
>>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>>> proper delivery, and then please delete the message from your inbox. Thank
>>>> you.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list
>>>> discussion <yocto@yoctoproject.org>
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> Instead of
>>>>
>>>>
>>>>
>>>> useradd -p `openssl passwd test` sakura
>>>>
>>>>
>>>>
>>>> which attempts to add the user and set the password which fails if the
>>>> user already exists, use
>>>>
>>>>
>>>>
>>>> usermod -p `openssl passwd test` sakura
>>>>
>>>>
>>>>
>>>> which sets the user's password.
>>>>
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>>
>>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>>
>>>> Ok, I had been using the useradd class in a couple of other recipes to
>>>> allow me to copy files to the sakura user directory and another location,
>>>> but owned by sakura. That seems to have been what was causing the problem.
>>>>
>>>>
>>>>
>>>> I had been using the extrausers class in my top level image recipe.
>>>>
>>>>
>>>> So now how do I get all of this to work together? Do I need to put
>>>> everything that touches the sakura user in the same recipe? It seems that I
>>>> need to use only one of the useradd or extrausers classes?
>>>>
>>>>
>>>>
>>>> Greg
>>>> ------------------------------
>>>>
>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>> <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> The ! for the password in /etc/shadow indicates that the account is
>>>> disabled:
>>>>
>>>> sakura:!:18031:0:99999:7:::
>>>>
>>>>
>>>>
>>>> Either there is something wrong with the password generation or it gets
>>>> disabled by something else. Maybe it's worth trying with a plain image
>>>> without Boot2Qt or anything else.
>>>>
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>>
>>>> Hi Rudolf,
>>>>
>>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>>
>>>>
>>>>
>>>> It shouldn't make any difference, but I'm building this for an RPi3
>>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>>
>>>>
>>>>
>>>> Greg
>>>> ------------------------------
>>>>
>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>> <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> Hi Greg,
>>>>
>>>>
>>>>
>>>> > I've also tried both the back-quote and the single-quote, no
>>>> difference.
>>>>
>>>>
>>>>
>>>> Help me to understand this. the back-quotes are the right ones. If you
>>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>>> passwd test' (without the quotes), unless the build fails because of a
>>>> parsing error (I have not tried it). Silly question, you did inherit
>>>> extrausers class?
>>>>
>>>>
>>>>
>>>> Can you post your /etc/passwd and /etc/shadow
>>>>
>>>>
>>>>
>>>> I am surprised that this does not work with your setup. I have been
>>>> doing this a gazillion times always with success.
>>>>
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>>
>>>> Hi Rudolf,
>>>>
>>>> Thanks for the reply, and the information on how openssl works.
>>>>
>>>>
>>>>
>>>> I'm trying to create a user with the same group name so the code that
>>>> I'm using reduces to:
>>>>
>>>> EXTRA_USERS_PARAMS = "\
>>>>
>>>>     useradd -p `openssl passwd test` sakura; \
>>>>
>>>>     usermod -a -G sudo ${SAKURA_USER}; \
>>>>
>>>>     "
>>>>
>>>> I also, as you can see, removed the macros to eliminate as much
>>>> confusion as possible.
>>>>
>>>>
>>>>
>>>> I still can't login in using the password 'test'.
>>>>
>>>>
>>>>
>>>> I've also tried both the back-quote and the single-quote, no difference.
>>>>
>>>> Regards,
>>>>
>>>>
>>>>
>>>> Greg
>>>> ------------------------------
>>>>
>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>> <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>>
>>>>
>>>> Hi Greg,
>>>>
>>>> Well, I suppose I wrote the book you are referring to...
>>>>
>>>>
>>>> Using
>>>>
>>>> useradd -p PASSWORD USER
>>>>
>>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>>
>>>> useadd -p `openssl passwd PASSWORD` USER
>>>>
>>>> openssl password creates the password hash using the original crypt
>>>> hash
>>>> algorithm if no other options are specified. e.g.
>>>>
>>>> $ openssl passwd hello
>>>> 6hEsTksgRkeiI
>>>>
>>>> With this the first two characters of the output is the salt and the
>>>> rest is the password hash. If you want openssl to create the same
>>>> result
>>>> again:
>>>>
>>>> $ openssl passwd -salt "6h" hello
>>>> 6hEsTksgRkeiI
>>>>
>>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>>
>>>> $ openssl passwd -1 hello
>>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>>
>>>> $1 : password algorithm 1
>>>> $4Mu8Fcs. : salt
>>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>>
>>>>
>>>> If you log into the system you have to use the clear password. The
>>>> system reads the salt, creates the password hash and compares the
>>>> results.
>>>>
>>>>
>>>> :rjs
>>>>
>>>>
>>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>>> >
>>>> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>>> >
>>>> > uses openssl to generate the encrypted password string to pass to
>>>> useradd. I have never been able to get this to work. When I run the openssl
>>>> > command on the cmd line I get a different value every time, this
>>>> seems wrong, How can the password code compare against it if every encode
>>>> > produces a different value?
>>>> >
>>>> > I am getting the user added to the system, the home directory shows
>>>> up and the user is in the passwd and group files. I just can't login to the
>>>> > account.
>>>> >
>>>> > I've obviously got something confused, any help would be appreciated.
>>>> >
>>>> > Greg Wilson-Lindberg
>>>> >
>>>>
>>>> --
>>>> -----
>>>> Rudolf J Streif
>>>> CEO/CTO ibeeto
>>>> +1.855.442.3396 x700
>>>>
>>>> --
>>>>
>>>> -----
>>>>
>>>> Rudolf J Streif
>>>>
>>>> CEO/CTO ibeeto
>>>>
>>>> +1.855.442.3396 x700
>>>>
>>>> --
>>>>
>>>> -----
>>>>
>>>> Rudolf J Streif
>>>>
>>>> CEO/CTO ibeeto
>>>>
>>>> +1.855.442.3396 x700
>>>>
>>>> --
>>>>
>>>> -----
>>>>
>>>> Rudolf J Streif
>>>>
>>>> CEO/CTO ibeeto
>>>>
>>>> +1.855.442.3396 x700
>>>>
>>>>
>
> --
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
>


-- 
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.

[-- Attachment #2: Type: text/html, Size: 36707 bytes --]

Re: problem adding a user

[Leon Woestenberg]

[-- Attachment #1: Type: text/plain, Size: 17941 bytes --]

Hello Rudolf, Greg,

On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.streif@ibeeto.com>
wrote:

>
> It eluded me earlier but in both instances the variable containing the
> password does not seem to be expanded.
>

Could it be the spaces around the = equal sign must be removed?

https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts

Regards, Leon


> First version without the single quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
>     usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
>     usermod -a -G sudo,dialout ${SAKURA_USER}; \
>     "
> results in:
>
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>
> and with the quotes:
>
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
>     usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>     usermod -a -G sudo,dialout ${SAKURA_USER}; \
>     "
> results in:
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
>
> It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase?
>
> :rjs
>
>
> On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com>
> wrote:
>
>> Rudolf,
>>
>> Here is the first half of the file,  the whole file is over the 500k
>> limit of free pastebin:
>>
>> https://pastebin.com/UcnKebce
>>
>>
>> And here is the 2nd half of the file:
>>
>> https://pastebin.com/9117tdUU
>>
>>
>> Greg
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>> *Sent:* Wednesday, May 22, 2019 12:42:40 PM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Greg,
>> Can you share the logfile via Pastebin?
>> :rjs
>>
>> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <
>> GWilson@sakuraus.com> wrote:
>>
>>> Rudolf,
>>>
>>> Something else is happening to me. I changed to this in the image recipe:
>>>
>>> SAKURA_USER = "sakura"
>>>
>>> SAKURA_PASSWD = "Distracted"
>>> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>>>
>>> EXTRA_USERS_PARAMS = "\
>>>     usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>>>     usermod -a -G sudo,dialout ${SAKURA_USER}; \
>>>     "
>>>
>>> deleting all of the commented out lines, and I get this in the log file:
>>>
>>>
>>> ..../scribe/1.0-r0/rootfs -p '' sakura]
>>>
>>>
>>> nothing between the single quotes. It's acting like SAKURA_PASS is not
>>> defined.
>>>
>>> This is only happening when I'm trying the MD5 password.
>>>
>>>
>>> Greg
>>> ------------------------------
>>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>>> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
>>> *To:* Greg Wilson-Lindberg
>>> *Cc:* Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>> Greg,
>>>
>>> usermod does not work for the MD5 algorithm with the explicit password
>>> hash as it contains the $ field delimiters which are interpreted by the
>>> shell executing the usermod command. Use single quotes around the password
>>> hash:
>>>
>>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>>>
>>> :rjs
>>>
>>> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>>> wrote:
>>>
>>>> Hi Rudolf,
>>>>
>>>> I've had more time to work with this and I'm still having problems getting
>>>> everything to work properly. I've attached the image recipe recipe that I'm
>>>> using so I don't leave any thing out that may be relevant.
>>>>
>>>> When I build with a password that is no more more than 8 characters long
>>>> and no non-alphabetic characters:
>>>>
>>>> SAKURA_PASSWD = "Distract"
>>>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>>>
>>>> everything works correctly.
>>>>
>>>> I first tried that using the `openssl ...` form, and then I tried the
>>>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>>>> on the command line and making sure that I don't have any characters
>>>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>>>> and no special characters everything works.
>>>>
>>>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>>>> and the log file shows the usermod being exectued correctly:
>>>>
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
>>>>
>>>> But when I try to sign in it doesn't work.
>>>>
>>>> I then tried the 10 character password 'Distracted', the build fails:
>>>>
>>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>>>> Usage: usermod [options] LOGIN
>>>>
>>>> Options:
>>>>   -c, --comment COMMENT         new value of the GECOS field
>>>>   -d, --home HOME_DIR           new home directory for the user account
>>>>   -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
>>>>   -f, --inactive INACTIVE       set password inactive after expiration
>>>>                                 to INACTIVE
>>>>   -g, --gid GROUP               force use GROUP as new primary group
>>>>   -G, --groups GROUPS           new list of supplementary GROUPS
>>>>   -a, --append                  append the user to the supplemental GROUPS
>>>>                                 mentioned by the -G option without removing
>>>>                                 him/her from other groups
>>>>   -h, --help                    display this help message and exit
>>>>   -l, --login NEW_LOGIN         new value of the login name
>>>>   -L, --lock                    lock the user account
>>>>   -m, --move-home               move contents of the home directory to the
>>>>                                 new location (use only with -d)
>>>>   -o, --non-unique              allow using duplicate (non-unique) UID
>>>>   -p, --password PASSWORD       use encrypted password for the new password
>>>>   -P, --clear-password PASSWORD use clear password for the new password
>>>>   -R, --root CHROOT_DIR         directory to chroot into
>>>>   -s, --shell SHELL             new login shell for the user account
>>>>   -u, --uid UID                 new UID for the user account
>>>>   -U, --unlock                  unlock the user account
>>>>   -v, --add-subuids FIRST-LAST  add range of subordinate uids
>>>>   -V, --del-subuids FIRST-LAST  remove range of subordinate uids
>>>>   -w, --add-subgids FIRST-LAST  add range of subordinate gids
>>>>   -W, --del-subgids FIRST-LAST  remove range of subordinate gids
>>>>
>>>> ERROR: scribe: usermod command did not succeed.
>>>>
>>>> So, even though I'm putting in the openssl output:
>>>> openssl passwd -1 "Distracted"
>>>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>>>
>>>> that I get back from what should be a valid run of openssl, I don't see anything
>>>> from the password on the usermod command line:
>>>>  "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>>>
>>>> I don't understand why the short passwords and passing along the proper hash works,
>>>> but not the longer password.
>>>>
>>>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>>>> have them work.
>>>>
>>>> Any suggestions would be greatly appreciated.
>>>>
>>>> Greg
>>>>
>>>> ------------------------------
>>>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com>
>>>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>>>> *To:* Greg Wilson-Lindberg
>>>> *Cc:* Yocto list discussion
>>>> *Subject:* Re: [yocto] problem adding a user
>>>>
>>>> Glad to hear that it works now. I am planning on attending the YP
>>>> DevDay.
>>>>
>>>> :rjs
>>>>
>>>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com>
>>>> wrote:
>>>>
>>>>> Thank you very much, that got me back on the right path.
>>>>>
>>>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>>>
>>>>> Regards,
>>>>>
>>>>> [image: cid:image001.png@01D35D7D.179A7510]
>>>>>
>>>>> *Greg Wilson-Lindberg  *
>>>>>
>>>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc.  *
>>>>>
>>>>>
>>>>>
>>>>> 1750 W 214
>>>>> <https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street
>>>>> | Torrance, CA 90501 | U.S.A.
>>>>>
>>>>> T: +1 310 783 5075
>>>>>
>>>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com
>>>>>
>>>>> www.sakuraus.com
>>>>>
>>>>>
>>>>>
>>>>> [image: cid:image002.png@01D35D7D.179A7510]
>>>>>
>>>>> [image: cid:image003.png@01D35D7D.179A7510]
>>>>> ------------------------------
>>>>>
>>>>> Confidentiality Notice: This e-mail transmission may contain
>>>>> confidential or legally privileged information that is intended only for
>>>>> the individual or entity named in the e-mail address. If you are not the
>>>>> intended recipient, you are hereby notified that any disclosure, copying,
>>>>> distribution, or reliance upon the contents of this e-mail is strictly
>>>>> prohibited. If you have received this e-mail transmission in error, please
>>>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>>>> proper delivery, and then please delete the message from your inbox. Thank
>>>>> you.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com]
>>>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list
>>>>> discussion <yocto@yoctoproject.org>
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Instead of
>>>>>
>>>>>
>>>>>
>>>>> useradd -p `openssl passwd test` sakura
>>>>>
>>>>>
>>>>>
>>>>> which attempts to add the user and set the password which fails if the
>>>>> user already exists, use
>>>>>
>>>>>
>>>>>
>>>>> usermod -p `openssl passwd test` sakura
>>>>>
>>>>>
>>>>>
>>>>> which sets the user's password.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Ok, I had been using the useradd class in a couple of other recipes to
>>>>> allow me to copy files to the sakura user directory and another location,
>>>>> but owned by sakura. That seems to have been what was causing the problem.
>>>>>
>>>>>
>>>>>
>>>>> I had been using the extrausers class in my top level image recipe.
>>>>>
>>>>>
>>>>> So now how do I get all of this to work together? Do I need to put
>>>>> everything that touches the sakura user in the same recipe? It seems that I
>>>>> need to use only one of the useradd or extrausers classes?
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>>> <rudolf.streif@ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> The ! for the password in /etc/shadow indicates that the account is
>>>>> disabled:
>>>>>
>>>>> sakura:!:18031:0:99999:7:::
>>>>>
>>>>>
>>>>>
>>>>> Either there is something wrong with the password generation or it
>>>>> gets disabled by something else. Maybe it's worth trying with a plain image
>>>>> without Boot2Qt or anything else.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Hi Rudolf,
>>>>>
>>>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>>>
>>>>>
>>>>>
>>>>> It shouldn't make any difference, but I'm building this for an RPi3
>>>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>>> <rudolf.streif@ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Hi Greg,
>>>>>
>>>>>
>>>>>
>>>>> > I've also tried both the back-quote and the single-quote, no
>>>>> difference.
>>>>>
>>>>>
>>>>>
>>>>> Help me to understand this. the back-quotes are the right ones. If you
>>>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>>>> passwd test' (without the quotes), unless the build fails because of a
>>>>> parsing error (I have not tried it). Silly question, you did inherit
>>>>> extrausers class?
>>>>>
>>>>>
>>>>>
>>>>> Can you post your /etc/passwd and /etc/shadow
>>>>>
>>>>>
>>>>>
>>>>> I am surprised that this does not work with your setup. I have been
>>>>> doing this a gazillion times always with success.
>>>>>
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>>>
>>>>> Hi Rudolf,
>>>>>
>>>>> Thanks for the reply, and the information on how openssl works.
>>>>>
>>>>>
>>>>>
>>>>> I'm trying to create a user with the same group name so the code that
>>>>> I'm using reduces to:
>>>>>
>>>>> EXTRA_USERS_PARAMS = "\
>>>>>
>>>>>     useradd -p `openssl passwd test` sakura; \
>>>>>
>>>>>     usermod -a -G sudo ${SAKURA_USER}; \
>>>>>
>>>>>     "
>>>>>
>>>>> I also, as you can see, removed the macros to eliminate as much
>>>>> confusion as possible.
>>>>>
>>>>>
>>>>>
>>>>> I still can't login in using the password 'test'.
>>>>>
>>>>>
>>>>>
>>>>> I've also tried both the back-quote and the single-quote, no
>>>>> difference.
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>>
>>>>> Greg
>>>>> ------------------------------
>>>>>
>>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com>
>>>>> <rudolf.streif@ibeeto.com>
>>>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>>>> *Subject:* Re: [yocto] problem adding a user
>>>>>
>>>>>
>>>>>
>>>>> Hi Greg,
>>>>>
>>>>> Well, I suppose I wrote the book you are referring to...
>>>>>
>>>>>
>>>>> Using
>>>>>
>>>>> useradd -p PASSWORD USER
>>>>>
>>>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>>>
>>>>> useadd -p `openssl passwd PASSWORD` USER
>>>>>
>>>>> openssl password creates the password hash using the original crypt
>>>>> hash
>>>>> algorithm if no other options are specified. e.g.
>>>>>
>>>>> $ openssl passwd hello
>>>>> 6hEsTksgRkeiI
>>>>>
>>>>> With this the first two characters of the output is the salt and the
>>>>> rest is the password hash. If you want openssl to create the same
>>>>> result
>>>>> again:
>>>>>
>>>>> $ openssl passwd -salt "6h" hello
>>>>> 6hEsTksgRkeiI
>>>>>
>>>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>>>
>>>>> $ openssl passwd -1 hello
>>>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>>>
>>>>> $1 : password algorithm 1
>>>>> $4Mu8Fcs. : salt
>>>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>>>
>>>>>
>>>>> If you log into the system you have to use the clear password. The
>>>>> system reads the salt, creates the password hash and compares the
>>>>> results.
>>>>>
>>>>>
>>>>> :rjs
>>>>>
>>>>>
>>>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>>>> >
>>>>> >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>>>> >
>>>>> > uses openssl to generate the encrypted password string to pass to
>>>>> useradd. I have never been able to get this to work. When I run the openssl
>>>>> > command on the cmd line I get a different value every time, this
>>>>> seems wrong, How can the password code compare against it if every encode
>>>>> > produces a different value?
>>>>> >
>>>>> > I am getting the user added to the system, the home directory shows
>>>>> up and the user is in the passwd and group files. I just can't login to the
>>>>> > account.
>>>>> >
>>>>> > I've obviously got something confused, any help would be appreciated.
>>>>> >
>>>>> > Greg Wilson-Lindberg
>>>>> >
>>>>>
>>>>> --
>>>>> -----
>>>>> Rudolf J Streif
>>>>> CEO/CTO ibeeto
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>> --
>>>>>
>>>>> -----
>>>>>
>>>>> Rudolf J Streif
>>>>>
>>>>> CEO/CTO ibeeto
>>>>>
>>>>> +1.855.442.3396 x700
>>>>>
>>>>>
>>
>> --
>> Rudolf J Streif
>> CEO/CTO
>> ibeeto, Streif Enterprises Inc.
>>
>
>
> --
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
> --
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-- 
Leon Woestenberg
leon@sidebranch.com
T: +31 40 711 42 76
M: +31 6 472 30 372

Sidebranch
Embedded Systems
Eindhoven, The Netherlands
http://www.sidebranch.com

[-- Attachment #2: Type: text/html, Size: 39668 bytes --]

Re: problem adding a user

[Greg Wilson-Lindberg]

[-- Attachment #1: Type: text/plain, Size: 16318 bytes --]

Hi Leon & Rudolf,

I first changed to SAKURA1_1PASS, with no change in symptoms, I then deleted the spaces, again not change.

Next I just copied the hash into the usermod line:


    usermod -p '$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0' ${SAKURA_USER}; \


And again I get nothing in the output just the adjacent single quotes " '' ". Something is removing the encoded hash.


Greg

________________________________
From: Leon Woestenberg <leon@sidebranch.com>
Sent: Thursday, May 23, 2019 2:44:04 PM
To: Rudolf Streif
Cc: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hello Rudolf, Greg,

On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> wrote:

It eluded me earlier but in both instances the variable containing the password does not seem to be expanded.

Could it be the spaces around the = equal sign must be removed?

https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts

Regards, Leon


First version without the single quotes:

SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS = "\
    usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "
results in:


NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]

and with the quotes:

SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS = "\
    usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "
results in:
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]

It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb<http://scribe.bb> recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase?

:rjs

On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:

Rudolf,

Here is the first half of the file,  the whole file is over the 500k limit of free pastebin:

https://pastebin.com/UcnKebce


And here is the 2nd half of the file:

https://pastebin.com/9117tdUU


Greg

________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 22, 2019 12:42:40 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Greg,
Can you share the logfile via Pastebin?
:rjs

On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:

Rudolf,

Something else is happening to me. I changed to this in the image recipe:

SAKURA_USER = "sakura"

SAKURA_PASSWD = "Distracted"
SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS = "\
    usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "

deleting all of the commented out lines, and I get this in the log file:


..../scribe/1.0-r0/rootfs -p '' sakura]


nothing between the single quotes. It's acting like SAKURA_PASS is not defined.

This is only happening when I'm trying the MD5 password.


Greg

________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Tuesday, May 21, 2019 5:37:23 AM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Greg,

usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash:

usermod -p '${SAKURA_PASS}' ${SAKURA_USER};

:rjs

On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:

Hi Rudolf,

I've had more time to work with this and I'm still having problems getting
everything to work properly. I've attached the image recipe recipe that I'm
using so I don't leave any thing out that may be relevant.

When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:

SAKURA_PASSWD = "Distract"
SAKURA_PASS = "WRsDFfg1BsrDM"


everything works correctly.

I first tried that using the `openssl ...` form, and then I tried the
-1, MD5 BSD form and had problems, so I changed to doing the openssl
on the command line and making sure that I don't have any characters
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.

When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]

But when I try to sign in it doesn't work.

I then tried the 10 character password 'Distracted', the build fails:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN

Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -P, --clear-password PASSWORD use clear password for the new password
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
  -v, --add-subuids FIRST-LAST  add range of subordinate uids
  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
  -w, --add-subgids FIRST-LAST  add range of subordinate gids
  -W, --del-subgids FIRST-LAST  remove range of subordinate gids

ERROR: scribe: usermod command did not succeed.

So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0

that I get back from what should be a valid run of openssl, I don't see anything
from the password on the usermod command line:
 "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"

I don't understand why the short passwords and passing along the proper hash works,
but not the longer password.

It also doesn't make sense that I can't put in the '$' & '@' characters and
have them work.

Any suggestions would be greatly appreciated.

Greg


________________________________
From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>>
Sent: Wednesday, May 15, 2019 4:58:26 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user

Glad to hear that it works now. I am planning on attending the YP DevDay.

:rjs

On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote:
Thank you very much, that got me back on the right path.
Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
Regards,


Greg Wilson-Lindberg

Principal Firmware Engineer | Sakura Finetek USA, Inc.



1750 W 214<https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street | Torrance, CA 90501 | U.S.A.

T: +1 310 783 5075

F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com>

www.sakuraus.com<http://www.sakuraus.com>



[cid:image002.png@01D35D7D.179A7510]

[cid:image003.png@01D35D7D.179A7510]


________________________________

Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you.



From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>]
Sent: Wednesday, May 15, 2019 01:30 PM
To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>>
Subject: Re: [yocto] problem adding a user


Instead of



useradd -p `openssl passwd test` sakura



which attempts to add the user and set the password which fails if the user already exists, use



usermod -p `openssl passwd test` sakura



which sets the user's password.



:rjs


On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:

Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem.



I had been using the extrausers class in my top level image recipe.

So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes?

Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 12:31 PM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


The ! for the password in /etc/shadow indicates that the account is disabled:

sakura:!:18031:0:99999:7:::



Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else.



:rjs




On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

1st, yes I inherit extrausers. Attached are the passwd & shadow files.



It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.


Greg
________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 11:26 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user


Hi Greg,



> I've also tried both the back-quote and the single-quote, no difference.



Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class?



Can you post your /etc/passwd and /etc/shadow



I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success.



:rjs






On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:

Hi Rudolf,

Thanks for the reply, and the information on how openssl works.



I'm trying to create a user with the same group name so the code that I'm using reduces to:

EXTRA_USERS_PARAMS = "\

    useradd -p `openssl passwd test` sakura; \

    usermod -a -G sudo ${SAKURA_USER}; \

    "
I also, as you can see, removed the macros to eliminate as much confusion as possible.



I still can't login in using the password 'test'.



I've also tried both the back-quote and the single-quote, no difference.

Regards,



Greg

________________________________
From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 10:07:47 AM
To: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user

Hi Greg,

Well, I suppose I wrote the book you are referring to...


Using

useradd -p PASSWORD USER

takes the password hash for PASSWORD hence the use of openssl in:

useadd -p `openssl passwd PASSWORD` USER

openssl password creates the password hash using the original crypt hash
algorithm if no other options are specified. e.g.

$ openssl passwd hello
6hEsTksgRkeiI

With this the first two characters of the output is the salt and the
rest is the password hash. If you want openssl to create the same result
again:

$ openssl passwd -salt "6h" hello
6hEsTksgRkeiI

You can use newer algorithms like MD5 based BSD password algorithm 1:

$ openssl passwd -1 hello
$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1

$1 : password algorithm 1
$4Mu8Fcs. : salt
$eIKgPP7RCYrb3lFZjhADA1 : password hash


If you log into the system you have to use the clear password. The
system reads the salt, creates the password hash and compares the results.


:rjs


On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>
>     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>
> uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
> command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
> produces a different value?
>
> I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
> account.
>
> I've obviously got something confused, any help would be appreciated.
>
> Greg Wilson-Lindberg
>

--
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700

--

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700


--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.


--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>
https://lists.yoctoproject.org/listinfo/yocto
--
Leon Woestenberg
leon@sidebranch.com<mailto:leon@sidebranch.com>
T: +31 40 711 42 76
M: +31 6 472 30 372

Sidebranch
Embedded Systems
Eindhoven, The Netherlands
http://www.sidebranch.com<http://www.sidebranch.com/>

[http://www.sidebranch.nl/sites/default/files/images/unnamed.png]



[-- Attachment #2: Type: text/html, Size: 41516 bytes --]

Re: problem adding a user

[Khem Raj]

On 5/23/19 1:40 PM, Rudolf Streif wrote:
> Greg,
> 
> It eluded me earlier but in both instances the variable containing the 
> password does not seem to be expanded.
> 
> First version without the single quotes:
> 
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> 
> EXTRA_USERS_PARAMS = "\
>      usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
>      usermod -a -G sudo,dialout ${SAKURA_USER}; \
>      "
> results in:
> 
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
> 
> and with the quotes:
> 
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> 
> EXTRA_USERS_PARAMS = "\
>      usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>      usermod -a -G sudo,dialout ${SAKURA_USER}; \
>      "
> results in:
> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
> 
> It looks as if the variable SAKURA_PASS is not set at all. I looked at 
> your scribe.bb <http://scribe.bb> recipe you attached earlier but I 
> could not find any reason why the variable is not set. Is there a chance 
> that it is overridden somewhere elase?
> 


This is correct with one small nit that we need to escape some 
characters which has special meaning for shell. e.g. $

e.g. in local.conf something like below

INHERIT += "extrausers"

EXTRA_USERS_PARAMS += "\
     useradd sakura; \
     usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \
"

might work as you expect.

> :rjs
> 
> 
> On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg 
> <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> 
>     Rudolf,
> 
>     Here is the first half of the file,  the whole file is over the 500k
>     limit of free pastebin:
> 
>     https://pastebin.com/UcnKebce
> 
> 
>     And here is the 2nd half of the file:
> 
>     https://pastebin.com/9117tdUU
> 
> 
>     Greg
> 
>     ------------------------------------------------------------------------
>     *From:* Rudolf Streif <rudolf.streif@ibeeto.com
>     <mailto:rudolf.streif@ibeeto.com>>
>     *Sent:* Wednesday, May 22, 2019 12:42:40 PM
>     *To:* Greg Wilson-Lindberg
>     *Cc:* Yocto list discussion
>     *Subject:* Re: [yocto] problem adding a user
>     Greg,
>     Can you share the logfile via Pastebin?
>     :rjs
> 
>     On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg
>     <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> 
>         Rudolf,
> 
>         Something else is happening to me. I changed to this in the
>         image recipe:
> 
>         SAKURA_USER = "sakura"
> 
>         SAKURA_PASSWD = "Distracted"
>         SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> 
>         EXTRA_USERS_PARAMS = "\
>              usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
>              usermod -a -G sudo,dialout ${SAKURA_USER}; \
>              "
> 
>         deleting all of the commented out lines, and I get this in the
>         log file:
> 
> 
>         ..../scribe/1.0-r0/rootfs -p '' sakura]
> 
> 
>         nothing between the single quotes. It's acting like SAKURA_PASS
>         is not defined.
> 
>         This is only happening when I'm trying the MD5 password.
> 
> 
>         Greg
> 
>         ------------------------------------------------------------------------
>         *From:* Rudolf Streif <rudolf.streif@ibeeto.com
>         <mailto:rudolf.streif@ibeeto.com>>
>         *Sent:* Tuesday, May 21, 2019 5:37:23 AM
>         *To:* Greg Wilson-Lindberg
>         *Cc:* Yocto list discussion
>         *Subject:* Re: [yocto] problem adding a user
>         Greg,
> 
>         usermod does not work for the MD5 algorithm with the explicit
>         password hash as it contains the $ field delimiters which are
>         interpreted by the shell executing the usermod command. Use
>         single quotes around the password hash:
> 
>         usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
> 
>         :rjs
> 
>         On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg
>         <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> 
>             Hi Rudolf,
> 
>             I've had more time to work with this and I'm still having problems getting
>             everything to work properly. I've attached the image recipe recipe that I'm
>             using so I don't leave any thing out that may be relevant.
> 
>             When I build with a password that is no more more than 8 characters long
>             and no non-alphabetic characters:
> 
>             SAKURA_PASSWD = "Distract"
>             SAKURA_PASS = "WRsDFfg1BsrDM"
> 
>             everything works correctly.
> 
>             I first tried that using the `openssl ...` form, and then I tried the
>             -1, MD5 BSD form and had problems, so I changed to doing the openssl
>             on the command line and making sure that I don't have any characters
>             that display as '.' or '/'. Again, if I don't do more than 8 characters
>             and no special characters everything works.
> 
>             When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>             and the log file shows the usermod being exectued correctly:
> 
>             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
>             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura]
> 
>             But when I try to sign in it doesn't work.
> 
>             I then tried the 10 character password 'Distracted', the build fails:
> 
>             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
>             Usage: usermod [options] LOGIN
> 
>             Options:
>                -c, --comment COMMENT         new value of the GECOS field
>                -d, --home HOME_DIR           new home directory for the user account
>                -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
>                -f, --inactive INACTIVE       set password inactive after expiration
>                                              to INACTIVE
>                -g, --gid GROUP               force use GROUP as new primary group
>                -G, --groups GROUPS           new list of supplementary GROUPS
>                -a, --append                  append the user to the supplemental GROUPS
>                                              mentioned by the -G option without removing
>                                              him/her from other groups
>                -h, --help                    display this help message and exit
>                -l, --login NEW_LOGIN         new value of the login name
>                -L, --lock                    lock the user account
>                -m, --move-home               move contents of the home directory to the
>                                              new location (use only with -d)
>                -o, --non-unique              allow using duplicate (non-unique) UID
>                -p, --password PASSWORD       use encrypted password for the new password
>                -P, --clear-password PASSWORD use clear password for the new password
>                -R, --root CHROOT_DIR         directory to chroot into
>                -s, --shell SHELL             new login shell for the user account
>                -u, --uid UID                 new UID for the user account
>                -U, --unlock                  unlock the user account
>                -v, --add-subuids FIRST-LAST  add range of subordinate uids
>                -V, --del-subuids FIRST-LAST  remove range of subordinate uids
>                -w, --add-subgids FIRST-LAST  add range of subordinate gids
>                -W, --del-subgids FIRST-LAST  remove range of subordinate gids
> 
>             ERROR: scribe: usermod command did not succeed.
> 
>             So, even though I'm putting in the openssl output:
>             openssl passwd -1 "Distracted"
>             $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
> 
>             that I get back from what should be a valid run of openssl, I don't see anything
>             from the password on the usermod command line:
>               "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
> 
>             I don't understand why the short passwords and passing along the proper hash works,
>             but not the longer password.
> 
>             It also doesn't make sense that I can't put in the '$' & '@' characters and
>             have them work.
> 
>             Any suggestions would be greatly appreciated.
> 
>             Greg
> 
>             ------------------------------------------------------------------------
>             *From:* Rudolf Streif <rudolf.streif@ibeeto.com
>             <mailto:rudolf.streif@ibeeto.com>>
>             *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>             *To:* Greg Wilson-Lindberg
>             *Cc:* Yocto list discussion
>             *Subject:* Re: [yocto] problem adding a user
>             Glad to hear that it works now. I am planning on attending
>             the YP DevDay.
> 
>             :rjs
> 
>             On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg
>             <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> 
>                 Thank you very much, that got me back on the right path.____
> 
>                 Maybe I'll see you at the Yocto day at the Embedded
>                 Linux Conference.____
> 
>                 Regards,____
> 
>                 cid:image001.png@01D35D7D.179A7510____
> 
>                 *Greg Wilson-Lindberg ____*
> 
>                 *Principal Firmware Engineer | Sakura Finetek USA, Inc.
>                 ____*
> 
>                 *____*
> 
>                 1750 W 214^th Street | Torrance, CA 90501 | U.S.A. ____
> 
>                 T: +1 310 783 5075 ____
> 
>                 F: +1 310 618 6902 | E: gwilson@sakuraus.com
>                 <mailto:gwilson@sakuraus.com>____
> 
>                 www.sakuraus.com <http://www.sakuraus.com>____
> 
>                 ____
> 
>                 cid:image002.png@01D35D7D.179A7510____
> 
>                 	
> 
>                 cid:image003.png@01D35D7D.179A7510____
> 
>                 ------------------------------------------------------------------------
> 
>                 Confidentiality Notice: This e-mail transmission may
>                 contain confidential or legally privileged information
>                 that is intended only for the individual or entity named
>                 in the e-mail address. If you are not the intended
>                 recipient, you are hereby notified that any disclosure,
>                 copying, distribution, or reliance upon the contents of
>                 this e-mail is strictly prohibited. If you have received
>                 this e-mail transmission in error, please reply to the
>                 sender, so that Sakura Finetek USA, Inc. can arrange for
>                 proper delivery, and then please delete the message from
>                 your inbox. Thank you.____
> 
>                 __ __
> 
>                 __ __
> 
>                 *From:*Rudolf J Streif [mailto:rudolf.streif@ibeeto.com
>                 <mailto:rudolf.streif@ibeeto.com>]
>                 *Sent:* Wednesday, May 15, 2019 01:30 PM
>                 *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com
>                 <mailto:GWilson@sakuraus.com>>; Yocto list discussion
>                 <yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>>
>                 *Subject:* Re: [yocto] problem adding a user____
> 
>                 __ __
> 
>                 Instead of____
> 
>                 __ __
> 
>                 useradd -p `openssl passwd test` sakura____
> 
>                 __ __
> 
>                 which attempts to add the user and set the password
>                 which fails if the user already exists, use____
> 
>                 __ __
> 
>                 usermod -p `openssl passwd test` sakura____
> 
>                 __ __
> 
>                 which sets the user's password.____
> 
>                 __ __
> 
>                 :rjs____
> 
>                 __ __
> 
>                 On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____
> 
>                     Ok, I had been using the useradd class in a couple
>                     of other recipes to allow me to copy files to the
>                     sakura user directory and another location, but
>                     owned by sakura. That seems to have been what was
>                     causing the problem.____
> 
>                     __ __
> 
>                     I had been using the extrausers class in my
>                     top level image recipe.____
> 
> 
>                     So now how do I get all of this to work together? Do
>                     I need to put everything that touches the sakura
>                     user in the same recipe? It seems that I need to use
>                     only one of the useradd or extrausers classes?____
> 
>                     __ __
> 
>                     Greg____
> 
>                     ------------------------------------------------------------------------
> 
>                     *From:*Rudolf J Streif <rudolf.streif@ibeeto.com>
>                     <mailto:rudolf.streif@ibeeto.com>
>                     *Sent:* Wednesday, May 15, 2019 12:31 PM
>                     *To:* Greg Wilson-Lindberg; Yocto list discussion
>                     *Subject:* Re: [yocto] problem adding a user____
> 
>                     ____
> 
>                     The ! for the password in /etc/shadow indicates that
>                     the account is disabled:____
> 
>                     sakura:!:18031:0:99999:7:::____
> 
>                     __ __
> 
>                     Either there is something wrong with the password
>                     generation or it gets disabled by something else.
>                     Maybe it's worth trying with a plain image without
>                     Boot2Qt or anything else.____
> 
>                     __ __
> 
>                     :rjs____
> 
>                     __ __
> 
>                     __ __
> 
>                     On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:____
> 
>                         Hi Rudolf,____
> 
>                         1st, yes I inherit extrausers. Attached are the
>                         passwd & shadow files.____
> 
>                         __ __
> 
>                         It shouldn't make any difference, but I'm
>                         building this for an RPi3 using the Qt Boot2Qt
>                         version of the Yocto environment, distro 2.5.3.____
> 
>                         __ __
> 
>                         Greg____
> 
>                         ------------------------------------------------------------------------
> 
>                         *From:*Rudolf J Streif
>                         <rudolf.streif@ibeeto.com>
>                         <mailto:rudolf.streif@ibeeto.com>
>                         *Sent:* Wednesday, May 15, 2019 11:26 AM
>                         *To:* Greg Wilson-Lindberg; Yocto list discussion
>                         *Subject:* Re: [yocto] problem adding a user____
> 
>                         ____
> 
>                         Hi Greg,____
> 
>                         __ __
> 
>                         > I've also tried both the back-quote and the single-quote, no difference.____
> 
>                         __ __
> 
>                         Help me to understand this. the back-quotes are
>                         the right ones. If you use the single ones your
>                         password in the /etc/shadow ends up being
>                         'openssl passwd test' (without the quotes),
>                         unless the build fails because of a parsing
>                         error (I have not tried it). Silly question, you
>                         did inherit extrausers class?____
> 
>                         __ __
> 
>                         Can you post your /etc/passwd and /etc/shadow____
> 
>                         __ __
> 
>                         I am surprised that this does not work with your
>                         setup. I have been doing this a gazillion times
>                         always with success.____
> 
>                         __ __
> 
>                         :rjs____
> 
>                         __ __
> 
>                         __ __
> 
>                         __ __
> 
>                         On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:____
> 
>                             Hi Rudolf,____
> 
>                             Thanks for the reply, and the information on
>                             how openssl works.____
> 
>                             __ __
> 
>                             I'm trying to create a user with the same
>                             group name so the code that I'm using
>                             reduces to:____
> 
>                             EXTRA_USERS_PARAMS = "\____
> 
>                                  useradd -p `openssl passwd test` sakura; \____
> 
>                                  usermod -a -G sudo ${SAKURA_USER}; \____
> 
>                                  "____
> 
>                             I also, as you can see, removed the macros
>                             to eliminate as much confusion as possible. ____
> 
>                             __ __
> 
>                             I still can't login in using
>                             the password 'test'.____
> 
>                             __ __
> 
>                             I've also tried both the back-quote and the
>                             single-quote, no difference.____
> 
>                             Regards,____
> 
>                             __ __
> 
>                             Greg____
> 
>                             ------------------------------------------------------------------------
> 
>                             *From:*Rudolf J Streif
>                             <rudolf.streif@ibeeto.com>
>                             <mailto:rudolf.streif@ibeeto.com>
>                             *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>                             *To:* Greg Wilson-Lindberg; Yocto list
>                             discussion
>                             *Subject:* Re: [yocto] problem adding a user____
> 
>                             ____
> 
>                             Hi Greg,
> 
>                             Well, I suppose I wrote the book you are
>                             referring to...
> 
> 
>                             Using
> 
>                             useradd -p PASSWORD USER
> 
>                             takes the password hash for PASSWORD hence
>                             the use of openssl in:
> 
>                             useadd -p `openssl passwd PASSWORD` USER
> 
>                             openssl password creates the password hash
>                             using the original crypt hash
>                             algorithm if no other options are specified.
>                             e.g.
> 
>                             $ openssl passwd hello
>                             6hEsTksgRkeiI
> 
>                             With this the first two characters of the
>                             output is the salt and the
>                             rest is the password hash. If you want
>                             openssl to create the same result
>                             again:
> 
>                             $ openssl passwd -salt "6h" hello
>                             6hEsTksgRkeiI
> 
>                             You can use newer algorithms like MD5 based
>                             BSD password algorithm 1:
> 
>                             $ openssl passwd -1 hello
>                             $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
> 
>                             $1 : password algorithm 1
>                             $4Mu8Fcs. : salt
>                             $eIKgPP7RCYrb3lFZjhADA1 : password hash
> 
> 
>                             If you log into the system you have to use
>                             the clear password. The
>                             system reads the salt, creates the password
>                             hash and compares the results.
> 
> 
>                             :rjs
> 
> 
>                             On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>                             > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code:
>                             >
>                             >     useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>                             >
>                             > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl
>                             > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode
>                             > produces a different value?
>                             >
>                             > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the
>                             > account.
>                             >
>                             > I've obviously got something confused, any help would be appreciated.
>                             >
>                             > Greg Wilson-Lindberg
>                             >   
> 
>                             -- 
>                             -----
>                             Rudolf J Streif
>                             CEO/CTO ibeeto
>                             +1.855.442.3396 x700____
> 
>                         -- ____
> 
>                         -----____
> 
>                         Rudolf J Streif____
> 
>                         CEO/CTO ibeeto____
> 
>                         +1.855.442.3396 x700____
> 
>                     -- ____
> 
>                     -----____
> 
>                     Rudolf J Streif____
> 
>                     CEO/CTO ibeeto____
> 
>                     +1.855.442.3396 x700____
> 
>                 -- ____
> 
>                 -----____
> 
>                 Rudolf J Streif____
> 
>                 CEO/CTO ibeeto____
> 
>                 +1.855.442.3396 x700____
> 
> 
> 
>     -- 
>     Rudolf J Streif
>     CEO/CTO
>     ibeeto, Streif Enterprises Inc.
> 
> 
> 
> -- 
> Rudolf J Streif
> CEO/CTO
> ibeeto, Streif Enterprises Inc.
> 

Re: problem adding a user

[Greg Wilson-Lindberg]

Hi Khem,

> -----Original Message-----
> From: Khem Raj [mailto:raj.khem@gmail.com]
> Sent: Thursday, May 23, 2019 07:11 PM
> To: Rudolf Streif <rudolf.streif@ibeeto.com>; Greg Wilson-Lindberg
> <GWilson@sakuraus.com>
> Cc: Yocto list discussion <yocto@yoctoproject.org>
> Subject: Re: [yocto] problem adding a user
> 
> 
> 
> On 5/23/19 1:40 PM, Rudolf Streif wrote:
> > Greg,
> >
> > It eluded me earlier but in both instances the variable containing the
> > password does not seem to be expanded.
> >
> > First version without the single quotes:
> >
> > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> >
> > EXTRA_USERS_PARAMS = "\
> >      usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \
> >      usermod -a -G sudo,dialout ${SAKURA_USER}; \
> >      "
> > results in:
> >
> > NOTE: scribe: Performing usermod with [-R
> > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor
> > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]
> >
> > and with the quotes:
> >
> > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> >
> > EXTRA_USERS_PARAMS = "\
> >      usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> >      usermod -a -G sudo,dialout ${SAKURA_USER}; \
> >      "
> > results in:
> > NOTE: scribe: Performing usermod with [-R
> > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor
> > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
> >
> > It looks as if the variable SAKURA_PASS is not set at all. I looked at
> > your scribe.bb <http://scribe.bb> recipe you attached earlier but I
> > could not find any reason why the variable is not set. Is there a
> > chance that it is overridden somewhere elase?
> >
> 
> 
> This is correct with one small nit that we need to escape some characters which has
> special meaning for shell. e.g. $
> 
> e.g. in local.conf something like below
> 
> INHERIT += "extrausers"
> 
> EXTRA_USERS_PARAMS += "\
>      useradd sakura; \
>      usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \ "
> 
> might work as you expect.

This does leave the hash in the usermod command line finally.
So it is possible to pass MD5 hashes through if the '$' are escaped. I can't use non-alphabetic
characters, i.e replace 's' with '$', and 'a' with '@', I can't login with those changes. But MD5 hashes
of alphabetic only passwords work for the cases that I have tested. I can also pass the escaped
hash in to usermod as a macro.

It looks like I've got something that I can work with.

Thanks to all for the help that you have so kindly given,

Greg

> 
> > :rjs
> >
> >
> > On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg
> > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> >     Rudolf,
> >
> >     Here is the first half of the file,  the whole file is over the 500k
> >     limit of free pastebin:
> >
> >     https://pastebin.com/UcnKebce
> >
> >
> >     And here is the 2nd half of the file:
> >
> >     https://pastebin.com/9117tdUU
> >
> >
> >     Greg
> >
> >     ------------------------------------------------------------------------
> >     *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> >     <mailto:rudolf.streif@ibeeto.com>>
> >     *Sent:* Wednesday, May 22, 2019 12:42:40 PM
> >     *To:* Greg Wilson-Lindberg
> >     *Cc:* Yocto list discussion
> >     *Subject:* Re: [yocto] problem adding a user
> >     Greg,
> >     Can you share the logfile via Pastebin?
> >     :rjs
> >
> >     On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg
> >     <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> >         Rudolf,
> >
> >         Something else is happening to me. I changed to this in the
> >         image recipe:
> >
> >         SAKURA_USER = "sakura"
> >
> >         SAKURA_PASSWD = "Distracted"
> >         SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
> >
> >         EXTRA_USERS_PARAMS = "\
> >              usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> >              usermod -a -G sudo,dialout ${SAKURA_USER}; \
> >              "
> >
> >         deleting all of the commented out lines, and I get this in the
> >         log file:
> >
> >
> >         ..../scribe/1.0-r0/rootfs -p '' sakura]
> >
> >
> >         nothing between the single quotes. It's acting like SAKURA_PASS
> >         is not defined.
> >
> >         This is only happening when I'm trying the MD5 password.
> >
> >
> >         Greg
> >
> >         ------------------------------------------------------------------------
> >         *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> >         <mailto:rudolf.streif@ibeeto.com>>
> >         *Sent:* Tuesday, May 21, 2019 5:37:23 AM
> >         *To:* Greg Wilson-Lindberg
> >         *Cc:* Yocto list discussion
> >         *Subject:* Re: [yocto] problem adding a user
> >         Greg,
> >
> >         usermod does not work for the MD5 algorithm with the explicit
> >         password hash as it contains the $ field delimiters which are
> >         interpreted by the shell executing the usermod command. Use
> >         single quotes around the password hash:
> >
> >         usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
> >
> >         :rjs
> >
> >         On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg
> >         <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> >             Hi Rudolf,
> >
> >             I've had more time to work with this and I'm still having problems getting
> >             everything to work properly. I've attached the image recipe recipe that I'm
> >             using so I don't leave any thing out that may be relevant.
> >
> >             When I build with a password that is no more more than 8 characters long
> >             and no non-alphabetic characters:
> >
> >             SAKURA_PASSWD = "Distract"
> >             SAKURA_PASS = "WRsDFfg1BsrDM"
> >
> >             everything works correctly.
> >
> >             I first tried that using the `openssl ...` form, and then I tried the
> >             -1, MD5 BSD form and had problems, so I changed to doing the openssl
> >             on the command line and making sure that I don't have any characters
> >             that display as '.' or '/'. Again, if I don't do more than 8 characters
> >             and no special characters everything works.
> >
> >             When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
> >             and the log file shows the usermod being exectued correctly:
> >
> >             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-
> 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-
> gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
> >             NOTE: scribe: Performing usermod with [-R
> > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor
> > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G
> > sudo,dialout sakura]
> >
> >             But when I try to sign in it doesn't work.
> >
> >             I then tried the 10 character password 'Distracted', the build fails:
> >
> >             NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-
> 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-
> gnueabi/scribe/1.0-r0/rootfs -p sakura]
> >             Usage: usermod [options] LOGIN
> >
> >             Options:
> >                -c, --comment COMMENT         new value of the GECOS field
> >                -d, --home HOME_DIR           new home directory for the user account
> >                -e, --expiredate EXPIRE_DATE  set account expiration date to
> EXPIRE_DATE
> >                -f, --inactive INACTIVE       set password inactive after expiration
> >                                              to INACTIVE
> >                -g, --gid GROUP               force use GROUP as new primary group
> >                -G, --groups GROUPS           new list of supplementary GROUPS
> >                -a, --append                  append the user to the supplemental GROUPS
> >                                              mentioned by the -G option without removing
> >                                              him/her from other groups
> >                -h, --help                    display this help message and exit
> >                -l, --login NEW_LOGIN         new value of the login name
> >                -L, --lock                    lock the user account
> >                -m, --move-home               move contents of the home directory to the
> >                                              new location (use only with -d)
> >                -o, --non-unique              allow using duplicate (non-unique) UID
> >                -p, --password PASSWORD       use encrypted password for the new
> password
> >                -P, --clear-password PASSWORD use clear password for the new
> password
> >                -R, --root CHROOT_DIR         directory to chroot into
> >                -s, --shell SHELL             new login shell for the user account
> >                -u, --uid UID                 new UID for the user account
> >                -U, --unlock                  unlock the user account
> >                -v, --add-subuids FIRST-LAST  add range of subordinate uids
> >                -V, --del-subuids FIRST-LAST  remove range of subordinate uids
> >                -w, --add-subgids FIRST-LAST  add range of subordinate gids
> >                -W, --del-subgids FIRST-LAST  remove range of
> > subordinate gids
> >
> >             ERROR: scribe: usermod command did not succeed.
> >
> >             So, even though I'm putting in the openssl output:
> >             openssl passwd -1 "Distracted"
> >             $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
> >
> >             that I get back from what should be a valid run of openssl, I don't see
> anything
> >             from the password on the usermod command line:
> >               "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
> >
> >             I don't understand why the short passwords and passing along the proper
> hash works,
> >             but not the longer password.
> >
> >             It also doesn't make sense that I can't put in the '$' & '@' characters and
> >             have them work.
> >
> >             Any suggestions would be greatly appreciated.
> >
> >             Greg
> >
> >             ------------------------------------------------------------------------
> >             *From:* Rudolf Streif <rudolf.streif@ibeeto.com
> >             <mailto:rudolf.streif@ibeeto.com>>
> >             *Sent:* Wednesday, May 15, 2019 4:58:26 PM
> >             *To:* Greg Wilson-Lindberg
> >             *Cc:* Yocto list discussion
> >             *Subject:* Re: [yocto] problem adding a user
> >             Glad to hear that it works now. I am planning on attending
> >             the YP DevDay.
> >
> >             :rjs
> >
> >             On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg
> >             <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote:
> >
> >                 Thank you very much, that got me back on the right
> > path.____
> >
> >                 Maybe I'll see you at the Yocto day at the Embedded
> >                 Linux Conference.____
> >
> >                 Regards,____
> >
> >                 cid:image001.png@01D35D7D.179A7510____
> >
> >                 *Greg Wilson-Lindberg ____*
> >
> >                 *Principal Firmware Engineer | Sakura Finetek USA, Inc.
> >                 ____*
> >
> >                 *____*
> >
> >                 1750 W 214^th Street | Torrance, CA 90501 | U.S.A.
> > ____
> >
> >                 T: +1 310 783 5075 ____
> >
> >                 F: +1 310 618 6902 | E: gwilson@sakuraus.com
> >                 <mailto:gwilson@sakuraus.com>____
> >
> >                 www.sakuraus.com <http://www.sakuraus.com>____
> >
> >                 ____
> >
> >                 cid:image002.png@01D35D7D.179A7510____
> >
> >
> >
> >                 cid:image003.png@01D35D7D.179A7510____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> >                 Confidentiality Notice: This e-mail transmission may
> >                 contain confidential or legally privileged information
> >                 that is intended only for the individual or entity named
> >                 in the e-mail address. If you are not the intended
> >                 recipient, you are hereby notified that any disclosure,
> >                 copying, distribution, or reliance upon the contents of
> >                 this e-mail is strictly prohibited. If you have received
> >                 this e-mail transmission in error, please reply to the
> >                 sender, so that Sakura Finetek USA, Inc. can arrange for
> >                 proper delivery, and then please delete the message from
> >                 your inbox. Thank you.____
> >
> >                 __ __
> >
> >                 __ __
> >
> >                 *From:*Rudolf J Streif [mailto:rudolf.streif@ibeeto.com
> >                 <mailto:rudolf.streif@ibeeto.com>]
> >                 *Sent:* Wednesday, May 15, 2019 01:30 PM
> >                 *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com
> >                 <mailto:GWilson@sakuraus.com>>; Yocto list discussion
> >                 <yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>>
> >                 *Subject:* Re: [yocto] problem adding a user____
> >
> >                 __ __
> >
> >                 Instead of____
> >
> >                 __ __
> >
> >                 useradd -p `openssl passwd test` sakura____
> >
> >                 __ __
> >
> >                 which attempts to add the user and set the password
> >                 which fails if the user already exists, use____
> >
> >                 __ __
> >
> >                 usermod -p `openssl passwd test` sakura____
> >
> >                 __ __
> >
> >                 which sets the user's password.____
> >
> >                 __ __
> >
> >                 :rjs____
> >
> >                 __ __
> >
> >                 On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____
> >
> >                     Ok, I had been using the useradd class in a couple
> >                     of other recipes to allow me to copy files to the
> >                     sakura user directory and another location, but
> >                     owned by sakura. That seems to have been what was
> >                     causing the problem.____
> >
> >                     __ __
> >
> >                     I had been using the extrausers class in my
> >                     top level image recipe.____
> >
> >
> >                     So now how do I get all of this to work together? Do
> >                     I need to put everything that touches the sakura
> >                     user in the same recipe? It seems that I need to use
> >                     only one of the useradd or extrausers classes?____
> >
> >                     __ __
> >
> >                     Greg____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> >                     *From:*Rudolf J Streif <rudolf.streif@ibeeto.com>
> >                     <mailto:rudolf.streif@ibeeto.com>
> >                     *Sent:* Wednesday, May 15, 2019 12:31 PM
> >                     *To:* Greg Wilson-Lindberg; Yocto list discussion
> >                     *Subject:* Re: [yocto] problem adding a user____
> >
> >                     ____
> >
> >                     The ! for the password in /etc/shadow indicates that
> >                     the account is disabled:____
> >
> >                     sakura:!:18031:0:99999:7:::____
> >
> >                     __ __
> >
> >                     Either there is something wrong with the password
> >                     generation or it gets disabled by something else.
> >                     Maybe it's worth trying with a plain image without
> >                     Boot2Qt or anything else.____
> >
> >                     __ __
> >
> >                     :rjs____
> >
> >                     __ __
> >
> >                     __ __
> >
> >                     On 5/15/19 11:46 AM, Greg Wilson-Lindberg
> > wrote:____
> >
> >                         Hi Rudolf,____
> >
> >                         1st, yes I inherit extrausers. Attached are the
> >                         passwd & shadow files.____
> >
> >                         __ __
> >
> >                         It shouldn't make any difference, but I'm
> >                         building this for an RPi3 using the Qt Boot2Qt
> >                         version of the Yocto environment, distro
> > 2.5.3.____
> >
> >                         __ __
> >
> >                         Greg____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> >                         *From:*Rudolf J Streif
> >                         <rudolf.streif@ibeeto.com>
> >                         <mailto:rudolf.streif@ibeeto.com>
> >                         *Sent:* Wednesday, May 15, 2019 11:26 AM
> >                         *To:* Greg Wilson-Lindberg; Yocto list discussion
> >                         *Subject:* Re: [yocto] problem adding a
> > user____
> >
> >                         ____
> >
> >                         Hi Greg,____
> >
> >                         __ __
> >
> >                         > I've also tried both the back-quote and the
> > single-quote, no difference.____
> >
> >                         __ __
> >
> >                         Help me to understand this. the back-quotes are
> >                         the right ones. If you use the single ones your
> >                         password in the /etc/shadow ends up being
> >                         'openssl passwd test' (without the quotes),
> >                         unless the build fails because of a parsing
> >                         error (I have not tried it). Silly question, you
> >                         did inherit extrausers class?____
> >
> >                         __ __
> >
> >                         Can you post your /etc/passwd and
> > /etc/shadow____
> >
> >                         __ __
> >
> >                         I am surprised that this does not work with your
> >                         setup. I have been doing this a gazillion times
> >                         always with success.____
> >
> >                         __ __
> >
> >                         :rjs____
> >
> >                         __ __
> >
> >                         __ __
> >
> >                         __ __
> >
> >                         On 5/15/19 11:03 AM, Greg Wilson-Lindberg
> > wrote:____
> >
> >                             Hi Rudolf,____
> >
> >                             Thanks for the reply, and the information on
> >                             how openssl works.____
> >
> >                             __ __
> >
> >                             I'm trying to create a user with the same
> >                             group name so the code that I'm using
> >                             reduces to:____
> >
> >                             EXTRA_USERS_PARAMS = "\____
> >
> >                                  useradd -p `openssl passwd test`
> > sakura; \____
> >
> >                                  usermod -a -G sudo ${SAKURA_USER};
> > \____
> >
> >                                  "____
> >
> >                             I also, as you can see, removed the macros
> >                             to eliminate as much confusion as
> > possible. ____
> >
> >                             __ __
> >
> >                             I still can't login in using
> >                             the password 'test'.____
> >
> >                             __ __
> >
> >                             I've also tried both the back-quote and the
> >                             single-quote, no difference.____
> >
> >                             Regards,____
> >
> >                             __ __
> >
> >                             Greg____
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> >                             *From:*Rudolf J Streif
> >                             <rudolf.streif@ibeeto.com>
> >                             <mailto:rudolf.streif@ibeeto.com>
> >                             *Sent:* Wednesday, May 15, 2019 10:07:47 AM
> >                             *To:* Greg Wilson-Lindberg; Yocto list
> >                             discussion
> >                             *Subject:* Re: [yocto] problem adding a
> > user____
> >
> >                             ____
> >
> >                             Hi Greg,
> >
> >                             Well, I suppose I wrote the book you are
> >                             referring to...
> >
> >
> >                             Using
> >
> >                             useradd -p PASSWORD USER
> >
> >                             takes the password hash for PASSWORD hence
> >                             the use of openssl in:
> >
> >                             useadd -p `openssl passwd PASSWORD` USER
> >
> >                             openssl password creates the password hash
> >                             using the original crypt hash
> >                             algorithm if no other options are specified.
> >                             e.g.
> >
> >                             $ openssl passwd hello
> >                             6hEsTksgRkeiI
> >
> >                             With this the first two characters of the
> >                             output is the salt and the
> >                             rest is the password hash. If you want
> >                             openssl to create the same result
> >                             again:
> >
> >                             $ openssl passwd -salt "6h" hello
> >                             6hEsTksgRkeiI
> >
> >                             You can use newer algorithms like MD5 based
> >                             BSD password algorithm 1:
> >
> >                             $ openssl passwd -1 hello
> >                             $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
> >
> >                             $1 : password algorithm 1
> >                             $4Mu8Fcs. : salt
> >                             $eIKgPP7RCYrb3lFZjhADA1 : password hash
> >
> >
> >                             If you log into the system you have to use
> >                             the clear password. The
> >                             system reads the salt, creates the password
> >                             hash and compares the results.
> >
> >
> >                             :rjs
> >
> >
> >                             On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
> >                             > I'm trying to use the example in "Embedded Linux Systems
> with the Yocto Project" to add a user to my Yocto build. In the book the sample
> code:
> >                             >
> >                             >     useradd -p `openssl passwd ${DEV_PASSWORD}`
> developer; \
> >                             >
> >                             > uses openssl to generate the encrypted password string to
> pass to useradd. I have never been able to get this to work. When I run the openssl
> >                             > command on the cmd line I get a different value every time,
> this seems wrong, How can the password code compare against it if every encode
> >                             > produces a different value?
> >                             >
> >                             > I am getting the user added to the system, the home directory
> shows up and the user is in the passwd and group files. I just can't login to the
> >                             > account.
> >                             >
> >                             > I've obviously got something confused, any help would be
> appreciated.
> >                             >
> >                             > Greg Wilson-Lindberg
> >                             >
> >
> >                             --
> >                             -----
> >                             Rudolf J Streif
> >                             CEO/CTO ibeeto
> >                             +1.855.442.3396 x700____
> >
> >                         -- ____
> >
> >                         -----____
> >
> >                         Rudolf J Streif____
> >
> >                         CEO/CTO ibeeto____
> >
> >                         +1.855.442.3396 x700____
> >
> >                     -- ____
> >
> >                     -----____
> >
> >                     Rudolf J Streif____
> >
> >                     CEO/CTO ibeeto____
> >
> >                     +1.855.442.3396 x700____
> >
> >                 -- ____
> >
> >                 -----____
> >
> >                 Rudolf J Streif____
> >
> >                 CEO/CTO ibeeto____
> >
> >                 +1.855.442.3396 x700____
> >
> >
> >
> >     --
> >     Rudolf J Streif
> >     CEO/CTO
> >     ibeeto, Streif Enterprises Inc.
> >
> >
> >
> > --
> > Rudolf J Streif
> > CEO/CTO
> > ibeeto, Streif Enterprises Inc.
> >