* problem adding a user @ 2019-05-15 0:34 Greg Wilson-Lindberg 2019-05-15 1:28 ` ChenQi 2019-05-15 17:07 ` Rudolf J Streif 0 siblings, 2 replies; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-15 0:34 UTC (permalink / raw) To: Yocto list discussion I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode produces a different value? I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the account. I've obviously got something confused, any help would be appreciated. Greg Wilson-Lindberg ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 0:34 problem adding a user Greg Wilson-Lindberg @ 2019-05-15 1:28 ` ChenQi 2019-05-15 17:07 ` Rudolf J Streif 1 sibling, 0 replies; 21+ messages in thread From: ChenQi @ 2019-05-15 1:28 UTC (permalink / raw) To: Greg Wilson-Lindberg, Yocto list discussion On 05/15/2019 08:34 AM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > You could just use something like: useradd -P 123456 developer Best Regards, Chen Qi ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 0:34 problem adding a user Greg Wilson-Lindberg 2019-05-15 1:28 ` ChenQi @ 2019-05-15 17:07 ` Rudolf J Streif 2019-05-15 18:03 ` Greg Wilson-Lindberg 1 sibling, 1 reply; 21+ messages in thread From: Rudolf J Streif @ 2019-05-15 17:07 UTC (permalink / raw) To: Greg Wilson-Lindberg, Yocto list discussion Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 17:07 ` Rudolf J Streif @ 2019-05-15 18:03 ` Greg Wilson-Lindberg 2019-05-15 18:26 ` Rudolf J Streif 0 siblings, 1 reply; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-15 18:03 UTC (permalink / raw) To: Rudolf J Streif, Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 2676 bytes --] Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #2: Type: text/html, Size: 4445 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 18:03 ` Greg Wilson-Lindberg @ 2019-05-15 18:26 ` Rudolf J Streif 2019-05-15 18:46 ` Greg Wilson-Lindberg 0 siblings, 1 reply; 21+ messages in thread From: Rudolf J Streif @ 2019-05-15 18:26 UTC (permalink / raw) To: Greg Wilson-Lindberg, Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 3640 bytes --] Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: > > Hi Rudolf, > > Thanks for the reply, and the information on how openssl works. > > > I'm trying to create a user with the same group name so the code that > I'm using reduces to: > > EXTRA_USERS_PARAMS = "\ > useradd -p `openssl passwd test` sakura; \ > usermod -a -G sudo ${SAKURA_USER}; \ > " > I also, as you can see, removed the macros to eliminate as much > confusion as possible. > > > I still can't login in using the password 'test'. > > > I've also tried both the back-quote and the single-quote, no difference. > > Regards, > > > Greg > > ------------------------------------------------------------------------ > *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 10:07:47 AM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > Hi Greg, > > Well, I suppose I wrote the book you are referring to... > > > Using > > useradd -p PASSWORD USER > > takes the password hash for PASSWORD hence the use of openssl in: > > useadd -p `openssl passwd PASSWORD` USER > > openssl password creates the password hash using the original crypt hash > algorithm if no other options are specified. e.g. > > $ openssl passwd hello > 6hEsTksgRkeiI > > With this the first two characters of the output is the salt and the > rest is the password hash. If you want openssl to create the same result > again: > > $ openssl passwd -salt "6h" hello > 6hEsTksgRkeiI > > You can use newer algorithms like MD5 based BSD password algorithm 1: > > $ openssl passwd -1 hello > $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 > > $1 : password algorithm 1 > $4Mu8Fcs. : salt > $eIKgPP7RCYrb3lFZjhADA1 : password hash > > > If you log into the system you have to use the clear password. The > system reads the salt, creates the password hash and compares the results. > > > :rjs > > > On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > > I'm trying to use the example in "Embedded Linux Systems with the > Yocto Project" to add a user to my Yocto build. In the book the sample > code: > > > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > > > uses openssl to generate the encrypted password string to pass to > useradd. I have never been able to get this to work. When I run the > openssl > > command on the cmd line I get a different value every time, this > seems wrong, How can the password code compare against it if every encode > > produces a different value? > > > > I am getting the user added to the system, the home directory shows > up and the user is in the passwd and group files. I just can't login > to the > > account. > > > > I've obviously got something confused, any help would be appreciated. > > > > Greg Wilson-Lindberg > > > > -- > ----- > Rudolf J Streif > CEO/CTO ibeeto > +1.855.442.3396 x700 > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #2: Type: text/html, Size: 7305 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 18:26 ` Rudolf J Streif @ 2019-05-15 18:46 ` Greg Wilson-Lindberg 2019-05-15 19:31 ` Rudolf J Streif 0 siblings, 1 reply; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-15 18:46 UTC (permalink / raw) To: Rudolf J Streif, Yocto list discussion [-- Attachment #1.1: Type: text/plain, Size: 3882 bytes --] Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #1.2: Type: text/html, Size: 6067 bytes --] [-- Attachment #2: passwd --] [-- Type: application/octet-stream, Size: 1128 bytes --] root:x:0:0:root:/home/root:/bin/sh daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh mysql:x:990:987::/var/mysql:/bin/false systemd-bus-proxy:x:991:988::/:/bin/nologin polkitd:x:992:990::/etc/polkit-1:/bin/sh systemd-resolve:x:993:991::/:/bin/nologin systemd-network:x:994:992::/:/bin/nologin systemd-timesync:x:995:993::/:/bin/nologin messagebus:x:996:995::/var/lib/dbus:/bin/false sakura:x:997:997::/home/sakura:/bin/bash sshd:x:998:998::/var/run/sshd:/bin/false rpc:x:999:999::/:/bin/false nobody:x:65534:65534:nobody:/nonexistent:/bin/sh [-- Attachment #3: shadow --] [-- Type: application/octet-stream, Size: 792 bytes --] root::18031:0:99999:7::: daemon:*:18031:0:99999:7::: bin:*:18031:0:99999:7::: sys:*:18031:0:99999:7::: sync:*:18031:0:99999:7::: games:*:18031:0:99999:7::: man:*:18031:0:99999:7::: lp:*:18031:0:99999:7::: mail:*:18031:0:99999:7::: news:*:18031:0:99999:7::: uucp:*:18031:0:99999:7::: proxy:*:18031:0:99999:7::: www-data:*:18031:0:99999:7::: backup:*:18031:0:99999:7::: list:*:18031:0:99999:7::: irc:*:18031:0:99999:7::: gnats:*:18031:0:99999:7::: mysql:!:18031:0:99999:7::: systemd-bus-proxy:!:18031:0:99999:7::: polkitd:!:18031:0:99999:7::: systemd-resolve:!:18031:0:99999:7::: systemd-network:!:18031:0:99999:7::: systemd-timesync:!:18031:0:99999:7::: messagebus:!:18031:0:99999:7::: sakura:!:18031:0:99999:7::: sshd:!:18031:0:99999:7::: rpc:!:18031:0:99999:7::: nobody:*:18031:0:99999:7::: ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 18:46 ` Greg Wilson-Lindberg @ 2019-05-15 19:31 ` Rudolf J Streif 2019-05-15 20:18 ` Greg Wilson-Lindberg 0 siblings, 1 reply; 21+ messages in thread From: Rudolf J Streif @ 2019-05-15 19:31 UTC (permalink / raw) To: Greg Wilson-Lindberg, Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 4769 bytes --] The ! for the password in /etc/shadow indicates that the account is disabled: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: > > Hi Rudolf, > > 1st, yes I inherit extrausers. Attached are the passwd & shadow files. > > > It shouldn't make any difference, but I'm building this for an RPi3 > using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. > > > Greg > > ------------------------------------------------------------------------ > *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 11:26 AM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > Hi Greg, > > > > I've also tried both the back-quote and the single-quote, no difference. > > > Help me to understand this. the back-quotes are the right ones. If you > use the single ones your password in the /etc/shadow ends up being > 'openssl passwd test' (without the quotes), unless the build fails > because of a parsing error (I have not tried it). Silly question, you > did inherit extrausers class? > > > Can you post your /etc/passwd and /etc/shadow > > > I am surprised that this does not work with your setup. I have been > doing this a gazillion times always with success. > > > :rjs > > > > > On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >> >> Hi Rudolf, >> >> Thanks for the reply, and the information on how openssl works. >> >> >> I'm trying to create a user with the same group name so the code that >> I'm using reduces to: >> >> EXTRA_USERS_PARAMS = "\ >> useradd -p `openssl passwd test` sakura; \ >> usermod -a -G sudo ${SAKURA_USER}; \ >> " >> I also, as you can see, removed the macros to eliminate as much >> confusion as possible. >> >> >> I still can't login in using the password 'test'. >> >> >> I've also tried both the back-quote and the single-quote, no difference. >> >> Regards, >> >> >> Greg >> >> ------------------------------------------------------------------------ >> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >> *To:* Greg Wilson-Lindberg; Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> Hi Greg, >> >> Well, I suppose I wrote the book you are referring to... >> >> >> Using >> >> useradd -p PASSWORD USER >> >> takes the password hash for PASSWORD hence the use of openssl in: >> >> useadd -p `openssl passwd PASSWORD` USER >> >> openssl password creates the password hash using the original crypt hash >> algorithm if no other options are specified. e.g. >> >> $ openssl passwd hello >> 6hEsTksgRkeiI >> >> With this the first two characters of the output is the salt and the >> rest is the password hash. If you want openssl to create the same result >> again: >> >> $ openssl passwd -salt "6h" hello >> 6hEsTksgRkeiI >> >> You can use newer algorithms like MD5 based BSD password algorithm 1: >> >> $ openssl passwd -1 hello >> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >> >> $1 : password algorithm 1 >> $4Mu8Fcs. : salt >> $eIKgPP7RCYrb3lFZjhADA1 : password hash >> >> >> If you log into the system you have to use the clear password. The >> system reads the salt, creates the password hash and compares the >> results. >> >> >> :rjs >> >> >> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >> > I'm trying to use the example in "Embedded Linux Systems with the >> Yocto Project" to add a user to my Yocto build. In the book the >> sample code: >> > >> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >> > >> > uses openssl to generate the encrypted password string to pass to >> useradd. I have never been able to get this to work. When I run the >> openssl >> > command on the cmd line I get a different value every time, this >> seems wrong, How can the password code compare against it if every encode >> > produces a different value? >> > >> > I am getting the user added to the system, the home directory shows >> up and the user is in the passwd and group files. I just can't login >> to the >> > account. >> > >> > I've obviously got something confused, any help would be appreciated. >> > >> > Greg Wilson-Lindberg >> > >> >> -- >> ----- >> Rudolf J Streif >> CEO/CTO ibeeto >> +1.855.442.3396 x700 >> > -- > ----- > Rudolf J Streif > CEO/CTO ibeeto > +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #2: Type: text/html, Size: 10381 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 19:31 ` Rudolf J Streif @ 2019-05-15 20:18 ` Greg Wilson-Lindberg 2019-05-15 20:30 ` Rudolf J Streif 0 siblings, 1 reply; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-15 20:18 UTC (permalink / raw) To: Rudolf J Streif, Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 5073 bytes --] Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem. I had been using the extrausers class in my top level image recipe. So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes? Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 12:31 PM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user The ! for the password in /etc/shadow indicates that the account is disabled: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #2: Type: text/html, Size: 8079 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 20:18 ` Greg Wilson-Lindberg @ 2019-05-15 20:30 ` Rudolf J Streif 2019-05-15 20:53 ` Greg Wilson-Lindberg 0 siblings, 1 reply; 21+ messages in thread From: Rudolf J Streif @ 2019-05-15 20:30 UTC (permalink / raw) To: Greg Wilson-Lindberg, Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 6182 bytes --] Instead of useradd -p `openssl passwd test` sakura which attempts to add the user and set the password which fails if the user already exists, use usermod -p `openssl passwd test` sakura which sets the user's password. :rjs On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: > > Ok, I had been using the useradd class in a couple of other recipes to > allow me to copy files to the sakura user directory and another > location, but owned by sakura. That seems to have been what was > causing the problem. > > > I had been using the extrausers class in my top level image recipe. > > > So now how do I get all of this to work together? Do I need to put > everything that touches the sakura user in the same recipe? It seems > that I need to use only one of the useradd or extrausers classes? > > > Greg > > ------------------------------------------------------------------------ > *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 12:31 PM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > The ! for the password in /etc/shadow indicates that the account is > disabled: > > sakura:!:18031:0:99999:7::: > > > Either there is something wrong with the password generation or it > gets disabled by something else. Maybe it's worth trying with a plain > image without Boot2Qt or anything else. > > > :rjs > > > > On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >> >> Hi Rudolf, >> >> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >> >> >> It shouldn't make any difference, but I'm building this for an RPi3 >> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >> >> >> Greg >> >> ------------------------------------------------------------------------ >> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >> *Sent:* Wednesday, May 15, 2019 11:26 AM >> *To:* Greg Wilson-Lindberg; Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> Hi Greg, >> >> >> > I've also tried both the back-quote and the single-quote, no >> difference. >> >> >> Help me to understand this. the back-quotes are the right ones. If >> you use the single ones your password in the /etc/shadow ends up >> being 'openssl passwd test' (without the quotes), unless the build >> fails because of a parsing error (I have not tried it). Silly >> question, you did inherit extrausers class? >> >> >> Can you post your /etc/passwd and /etc/shadow >> >> >> I am surprised that this does not work with your setup. I have been >> doing this a gazillion times always with success. >> >> >> :rjs >> >> >> >> >> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >>> >>> Hi Rudolf, >>> >>> Thanks for the reply, and the information on how openssl works. >>> >>> >>> I'm trying to create a user with the same group name so the code >>> that I'm using reduces to: >>> >>> EXTRA_USERS_PARAMS = "\ >>> useradd -p `openssl passwd test` sakura; \ >>> usermod -a -G sudo ${SAKURA_USER}; \ >>> " >>> I also, as you can see, removed the macros to eliminate as much >>> confusion as possible. >>> >>> >>> I still can't login in using the password 'test'. >>> >>> >>> I've also tried both the back-quote and the single-quote, no difference. >>> >>> Regards, >>> >>> >>> Greg >>> >>> ------------------------------------------------------------------------ >>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> Hi Greg, >>> >>> Well, I suppose I wrote the book you are referring to... >>> >>> >>> Using >>> >>> useradd -p PASSWORD USER >>> >>> takes the password hash for PASSWORD hence the use of openssl in: >>> >>> useadd -p `openssl passwd PASSWORD` USER >>> >>> openssl password creates the password hash using the original crypt >>> hash >>> algorithm if no other options are specified. e.g. >>> >>> $ openssl passwd hello >>> 6hEsTksgRkeiI >>> >>> With this the first two characters of the output is the salt and the >>> rest is the password hash. If you want openssl to create the same >>> result >>> again: >>> >>> $ openssl passwd -salt "6h" hello >>> 6hEsTksgRkeiI >>> >>> You can use newer algorithms like MD5 based BSD password algorithm 1: >>> >>> $ openssl passwd -1 hello >>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >>> >>> $1 : password algorithm 1 >>> $4Mu8Fcs. : salt >>> $eIKgPP7RCYrb3lFZjhADA1 : password hash >>> >>> >>> If you log into the system you have to use the clear password. The >>> system reads the salt, creates the password hash and compares the >>> results. >>> >>> >>> :rjs >>> >>> >>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >>> > I'm trying to use the example in "Embedded Linux Systems with the >>> Yocto Project" to add a user to my Yocto build. In the book the >>> sample code: >>> > >>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >>> > >>> > uses openssl to generate the encrypted password string to pass to >>> useradd. I have never been able to get this to work. When I run the >>> openssl >>> > command on the cmd line I get a different value every time, this >>> seems wrong, How can the password code compare against it if every >>> encode >>> > produces a different value? >>> > >>> > I am getting the user added to the system, the home directory >>> shows up and the user is in the passwd and group files. I just can't >>> login to the >>> > account. >>> > >>> > I've obviously got something confused, any help would be appreciated. >>> > >>> > Greg Wilson-Lindberg >>> > >>> >>> -- >>> ----- >>> Rudolf J Streif >>> CEO/CTO ibeeto >>> +1.855.442.3396 x700 >>> >> -- >> ----- >> Rudolf J Streif >> CEO/CTO ibeeto >> +1.855.442.3396 x700 > -- > ----- > Rudolf J Streif > CEO/CTO ibeeto > +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #2: Type: text/html, Size: 15090 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 20:30 ` Rudolf J Streif @ 2019-05-15 20:53 ` Greg Wilson-Lindberg 2019-05-15 23:58 ` Rudolf Streif 0 siblings, 1 reply; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-15 20:53 UTC (permalink / raw) To: Rudolf J Streif, Yocto list discussion [-- Attachment #1.1: Type: text/plain, Size: 6915 bytes --] Thank you very much, that got me back on the right path. Maybe I'll see you at the Yocto day at the Embedded Linux Conference. Regards, Greg Wilson-Lindberg Principal Firmware Engineer | Sakura Finetek USA, Inc. 1750 W 214th Street | Torrance, CA 90501 | U.S.A. T: +1 310 783 5075 F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com> www.sakuraus.com<http://www.sakuraus.com> [cid:image002.png@01D35D7D.179A7510] [cid:image003.png@01D35D7D.179A7510] ________________________________ Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you. From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com] Sent: Wednesday, May 15, 2019 01:30 PM To: Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion <yocto@yoctoproject.org> Subject: Re: [yocto] problem adding a user Instead of useradd -p `openssl passwd test` sakura which attempts to add the user and set the password which fails if the user already exists, use usermod -p `openssl passwd test` sakura which sets the user's password. :rjs On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem. I had been using the extrausers class in my top level image recipe. So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes? Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 12:31 PM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user The ! for the password in /etc/shadow indicates that the account is disabled: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #1.2: Type: text/html, Size: 25414 bytes --] [-- Attachment #2: image001.png --] [-- Type: image/png, Size: 949 bytes --] [-- Attachment #3: image002.png --] [-- Type: image/png, Size: 1916 bytes --] [-- Attachment #4: image003.png --] [-- Type: image/png, Size: 3012 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 20:53 ` Greg Wilson-Lindberg @ 2019-05-15 23:58 ` Rudolf Streif 2019-05-20 18:54 ` Greg Wilson-Lindberg 0 siblings, 1 reply; 21+ messages in thread From: Rudolf Streif @ 2019-05-15 23:58 UTC (permalink / raw) To: Greg Wilson-Lindberg; +Cc: Yocto list discussion [-- Attachment #1.1: Type: text/plain, Size: 7663 bytes --] Glad to hear that it works now. I am planning on attending the YP DevDay. :rjs On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com> wrote: > Thank you very much, that got me back on the right path. > > Maybe I'll see you at the Yocto day at the Embedded Linux Conference. > > Regards, > > [image: cid:image001.png@01D35D7D.179A7510] > > *Greg Wilson-Lindberg * > > *Principal Firmware Engineer | Sakura Finetek USA, Inc. * > > > > 1750 W 214th Street | Torrance, CA 90501 | U.S.A. > > T: +1 310 783 5075 > > F: +1 310 618 6902 | E: gwilson@sakuraus.com > > www.sakuraus.com > > > > [image: cid:image002.png@01D35D7D.179A7510] > > [image: cid:image003.png@01D35D7D.179A7510] > ------------------------------ > > Confidentiality Notice: This e-mail transmission may contain confidential > or legally privileged information that is intended only for the individual > or entity named in the e-mail address. If you are not the intended > recipient, you are hereby notified that any disclosure, copying, > distribution, or reliance upon the contents of this e-mail is strictly > prohibited. If you have received this e-mail transmission in error, please > reply to the sender, so that Sakura Finetek USA, Inc. can arrange for > proper delivery, and then please delete the message from your inbox. Thank > you. > > > > > > *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com] > *Sent:* Wednesday, May 15, 2019 01:30 PM > *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion < > yocto@yoctoproject.org> > *Subject:* Re: [yocto] problem adding a user > > > > Instead of > > > > useradd -p `openssl passwd test` sakura > > > > which attempts to add the user and set the password which fails if the > user already exists, use > > > > usermod -p `openssl passwd test` sakura > > > > which sets the user's password. > > > > :rjs > > > > On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: > > Ok, I had been using the useradd class in a couple of other recipes to > allow me to copy files to the sakura user directory and another location, > but owned by sakura. That seems to have been what was causing the problem. > > > > I had been using the extrausers class in my top level image recipe. > > > So now how do I get all of this to work together? Do I need to put > everything that touches the sakura user in the same recipe? It seems that I > need to use only one of the useradd or extrausers classes? > > > > Greg > ------------------------------ > > *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> > <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 12:31 PM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > > > The ! for the password in /etc/shadow indicates that the account is > disabled: > > sakura:!:18031:0:99999:7::: > > > > Either there is something wrong with the password generation or it gets > disabled by something else. Maybe it's worth trying with a plain image > without Boot2Qt or anything else. > > > > :rjs > > > > > > On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: > > Hi Rudolf, > > 1st, yes I inherit extrausers. Attached are the passwd & shadow files. > > > > It shouldn't make any difference, but I'm building this for an RPi3 using > the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. > > > > Greg > ------------------------------ > > *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> > <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 11:26 AM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > > > Hi Greg, > > > > > I've also tried both the back-quote and the single-quote, no difference. > > > > Help me to understand this. the back-quotes are the right ones. If you use > the single ones your password in the /etc/shadow ends up being 'openssl > passwd test' (without the quotes), unless the build fails because of a > parsing error (I have not tried it). Silly question, you did inherit > extrausers class? > > > > Can you post your /etc/passwd and /etc/shadow > > > > I am surprised that this does not work with your setup. I have been doing > this a gazillion times always with success. > > > > :rjs > > > > > > > > On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: > > Hi Rudolf, > > Thanks for the reply, and the information on how openssl works. > > > > I'm trying to create a user with the same group name so the code that I'm > using reduces to: > > EXTRA_USERS_PARAMS = "\ > > useradd -p `openssl passwd test` sakura; \ > > usermod -a -G sudo ${SAKURA_USER}; \ > > " > > I also, as you can see, removed the macros to eliminate as much confusion > as possible. > > > > I still can't login in using the password 'test'. > > > > I've also tried both the back-quote and the single-quote, no difference. > > Regards, > > > > Greg > ------------------------------ > > *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> > <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 10:07:47 AM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > > > Hi Greg, > > Well, I suppose I wrote the book you are referring to... > > > Using > > useradd -p PASSWORD USER > > takes the password hash for PASSWORD hence the use of openssl in: > > useadd -p `openssl passwd PASSWORD` USER > > openssl password creates the password hash using the original crypt hash > algorithm if no other options are specified. e.g. > > $ openssl passwd hello > 6hEsTksgRkeiI > > With this the first two characters of the output is the salt and the > rest is the password hash. If you want openssl to create the same result > again: > > $ openssl passwd -salt "6h" hello > 6hEsTksgRkeiI > > You can use newer algorithms like MD5 based BSD password algorithm 1: > > $ openssl passwd -1 hello > $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 > > $1 : password algorithm 1 > $4Mu8Fcs. : salt > $eIKgPP7RCYrb3lFZjhADA1 : password hash > > > If you log into the system you have to use the clear password. The > system reads the salt, creates the password hash and compares the results. > > > :rjs > > > On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > > I'm trying to use the example in "Embedded Linux Systems with the Yocto > Project" to add a user to my Yocto build. In the book the sample code: > > > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > > > uses openssl to generate the encrypted password string to pass to > useradd. I have never been able to get this to work. When I run the openssl > > command on the cmd line I get a different value every time, this seems > wrong, How can the password code compare against it if every encode > > produces a different value? > > > > I am getting the user added to the system, the home directory shows up > and the user is in the passwd and group files. I just can't login to the > > account. > > > > I've obviously got something confused, any help would be appreciated. > > > > Greg Wilson-Lindberg > > > > -- > ----- > Rudolf J Streif > CEO/CTO ibeeto > +1.855.442.3396 x700 > > -- > > ----- > > Rudolf J Streif > > CEO/CTO ibeeto > > +1.855.442.3396 x700 > > -- > > ----- > > Rudolf J Streif > > CEO/CTO ibeeto > > +1.855.442.3396 x700 > > -- > > ----- > > Rudolf J Streif > > CEO/CTO ibeeto > > +1.855.442.3396 x700 > > [-- Attachment #1.2: Type: text/html, Size: 21647 bytes --] [-- Attachment #2: image001.png --] [-- Type: image/png, Size: 949 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-15 23:58 ` Rudolf Streif @ 2019-05-20 18:54 ` Greg Wilson-Lindberg 2019-05-21 12:37 ` Rudolf Streif 0 siblings, 1 reply; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-20 18:54 UTC (permalink / raw) To: Rudolf Streif; +Cc: Yocto list discussion [-- Attachment #1.1: Type: text/plain, Size: 11421 bytes --] Hi Rudolf, I've had more time to work with this and I'm still having problems getting everything to work properly. I've attached the image recipe recipe that I'm using so I don't leave any thing out that may be relevant. When I build with a password that is no more more than 8 characters long and no non-alphabetic characters: SAKURA_PASSWD = "Distract" SAKURA_PASS = "WRsDFfg1BsrDM" everything works correctly. I first tried that using the `openssl ...` form, and then I tried the -1, MD5 BSD form and had problems, so I changed to doing the openssl on the command line and making sure that I don't have any characters that display as '.' or '/'. Again, if I don't do more than 8 characters and no special characters everything works. When I changed to using 'Ds$tr@ct' it stopped working. The build finishes and the log file shows the usermod being exectued correctly: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] But when I try to sign in it doesn't work. I then tried the 10 character password 'Distracted', the build fails: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -P, --clear-password PASSWORD use clear password for the new password -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -v, --add-subuids FIRST-LAST add range of subordinate uids -V, --del-subuids FIRST-LAST remove range of subordinate uids -w, --add-subgids FIRST-LAST add range of subordinate gids -W, --del-subgids FIRST-LAST remove range of subordinate gids ERROR: scribe: usermod command did not succeed. So, even though I'm putting in the openssl output: openssl passwd -1 "Distracted" $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 that I get back from what should be a valid run of openssl, I don't see anything from the password on the usermod command line: "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" I don't understand why the short passwords and passing along the proper hash works, but not the longer password. It also doesn't make sense that I can't put in the '$' & '@' characters and have them work. Any suggestions would be greatly appreciated. Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 4:58:26 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Glad to hear that it works now. I am planning on attending the YP DevDay. :rjs On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Thank you very much, that got me back on the right path. Maybe I'll see you at the Yocto day at the Embedded Linux Conference. Regards, Greg Wilson-Lindberg Principal Firmware Engineer | Sakura Finetek USA, Inc. 1750 W 214th Street | Torrance, CA 90501 | U.S.A. T: +1 310 783 5075 F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com> www.sakuraus.com<http://www.sakuraus.com> [cid:image002.png@01D35D7D.179A7510] [cid:image003.png@01D35D7D.179A7510] ________________________________ Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you. From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>] Sent: Wednesday, May 15, 2019 01:30 PM To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>> Subject: Re: [yocto] problem adding a user Instead of useradd -p `openssl passwd test` sakura which attempts to add the user and set the password which fails if the user already exists, use usermod -p `openssl passwd test` sakura which sets the user's password. :rjs On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem. I had been using the extrausers class in my top level image recipe. So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes? Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 12:31 PM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user The ! for the password in /etc/shadow indicates that the account is disabled: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #1.2: Type: text/html, Size: 27281 bytes --] [-- Attachment #2: scribe.bb --] [-- Type: application/octet-stream, Size: 4611 bytes --] ############################################################################ ## ## Copyright (C) 2017 Sakura Finetek Inc. ## ## Custom image recipe ## ############################################################################ DESCRIPTION = "Scribe B2Qt embedded Qt5 image" PR = "r0" DEPLOY_CONF_TYPE = "Boot2Qt" IMAGE_FEATURES += "\ package-management \ ssh-server-openssh \ tools-debug \ debug-tweaks \ hwcodecs \ splash \ " # 'debug-tweaks' allows user to login as root with no password # before production need to remove debug-tweaks above # uncomment line below #IMAGE_FEATURES -= " debug-tweaks" ############################################################################ ## ## The following is only for development images, don't want this for production builds ## ############################################################################ SDKIMAGE_FEATURES += "dev-pkgs dbg-pkgs staticdev-pkgs" ############################################################################ ## ## End Development Only ## ############################################################################ inherit core-image qbsp-image inherit consistent_timestamps inherit populate_sdk_qt5 inherit extrausers DISABLE_STATIC = "" IMAGE_INSTALL += "\ packagegroup-b2qt-embedded-base \ packagegroup-b2qt-embedded-tools \ ${@bb.utils.contains("DISTRO_FEATURES", "gstreamer010", "packagegroup-b2qt-embedded-gstreamer010", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "gstreamer", "packagegroup-b2qt-embedded-gstreamer", "", d)} \ packagegroup-b2qt-qt5-modules \ packagegroup-b2qt-embedded-addons \ pcsc-lite pcsc-lite-lib acsccid \ canfestival zint \ mysql5 \ valgrind \ elfutils \ dfu-util \ can-utils \ nano \ canstart canstart-service \ scribedbconfig scribedbconfig-service \ scribeconfig \ userconfig \ lsof \ ttf-dejavu-sans ttf-dejavu-sans-mono ttf-dejavu-common ttf-dejavu-sans-condensed ttf-dejavu-serif \ ttf-droid-sans ttf-droid-sans-mono ttf-droid-sans-fallback ttf-droid-sans-japanese ttf-droid-serif \ ttf-liberation-mono ttf-liberation-sans ttf-liberation-serif \ ttf-tlwg \ ttf-ubuntu-mono ttf-ubuntu-sans \ ttf-vlgothic \ source-han-sans-cn-fonts source-han-sans-jp-fonts source-han-sans-kr-fonts source-han-sans-tw-fonts \ sudo \ " # pocketsphinx \ not going to be using this SAKURA_USER = "sakura" #SAKURA_PASSWD = "Di$tr@ctedDr1v3r" #SAKURA_PASS = "$1$Z335E28J$IKN2Uz2Oaeq616zlV/wdb0" #SAKURA_PASSWD = "Di$tr@cted" #SAKURA_PASS = "$1$78PuvI1N$PG4jA6myRVYLA8L713IUS0" ### Tested Not Working ----- Won't build SAKURA_PASSWD = "Distracted" SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" #----- Tested Working end ### Tested Not Working ----- #SAKURA_PASSWD = "Di$tr@ct" #SAKURA_PASS = "kyNsrvS0elMWU" #----- Tested Working end ### Tested Working ----- #SAKURA_PASSWD = "Distract" #SAKURA_PASS = "WRsDFfg1BsrDM" #----- Tested Working end ### Tested Working ----- #SAKURA_PASSWD = "TesTing1" #SAKURA_PASS = "Pj7iDzj01qmNE" #----- Tested Working end ### Tested Working ----- #SAKURA_PASSWD = "test" #SAKURA_PASS = "D4adHu3z2m0jQ" #----- Tested Working end # # Can only use greater than 8 character password if using other than default encryption, see -1 below # # -1 creates MD5 based BSD style hash, can handle longer than 8 character password EXTRA_USERS_PARAMS = "\ usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " #usermod -p `openssl passwd -1 ${SAKURA_PASSWD}` ${SAKURA_USER}; modify_sudoers() { sed 's/# %sudo/%sudo/' < ${IMAGE_ROOTFS}/etc/sudoers > \ ${IMAGE_ROOTFS}/etc/sudoers.tmp mv ${IMAGE_ROOTFS}/etc/sudoers.tmp ${IMAGE_ROOTFS}/etc/sudoers } ROOTFS_POSTPROCESS_COMMAND += "modify_sudoers;" addtask showvars do_showvars[nostamp] = "1" python do_showvars() { # emit only the metadata that are variables and not functions isfunc = lambda key: bool(d.getVarFlag(key, 'func', False)) vars = sorted((key for key in bb.data.keys(d) \ if not key.startswith('__'))) for var in vars: if not isfunc(var): try: val = d.getVar(var, True) except Exception as exc: bb.plain('Expansion of %s threw %s: %s' % \ (var, exc.__class__.__name__, str(exc))) bb.plain('%s="%s"' % (var, val)) } ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-20 18:54 ` Greg Wilson-Lindberg @ 2019-05-21 12:37 ` Rudolf Streif 2019-05-21 18:09 ` Greg Wilson-Lindberg 0 siblings, 1 reply; 21+ messages in thread From: Rudolf Streif @ 2019-05-21 12:37 UTC (permalink / raw) To: Greg Wilson-Lindberg; +Cc: Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 12754 bytes --] Greg, usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash: usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; :rjs On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com> wrote: > Hi Rudolf, > > I've had more time to work with this and I'm still having problems getting > everything to work properly. I've attached the image recipe recipe that I'm > using so I don't leave any thing out that may be relevant. > > When I build with a password that is no more more than 8 characters long > and no non-alphabetic characters: > > SAKURA_PASSWD = "Distract" > SAKURA_PASS = "WRsDFfg1BsrDM" > > everything works correctly. > > I first tried that using the `openssl ...` form, and then I tried the > -1, MD5 BSD form and had problems, so I changed to doing the openssl > on the command line and making sure that I don't have any characters > that display as '.' or '/'. Again, if I don't do more than 8 characters > and no special characters everything works. > > When I changed to using 'Ds$tr@ct' it stopped working. The build finishes > and the log file shows the usermod being exectued correctly: > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] > > But when I try to sign in it doesn't work. > > I then tried the 10 character password 'Distracted', the build fails: > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] > Usage: usermod [options] LOGIN > > Options: > -c, --comment COMMENT new value of the GECOS field > -d, --home HOME_DIR new home directory for the user account > -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE > -f, --inactive INACTIVE set password inactive after expiration > to INACTIVE > -g, --gid GROUP force use GROUP as new primary group > -G, --groups GROUPS new list of supplementary GROUPS > -a, --append append the user to the supplemental GROUPS > mentioned by the -G option without removing > him/her from other groups > -h, --help display this help message and exit > -l, --login NEW_LOGIN new value of the login name > -L, --lock lock the user account > -m, --move-home move contents of the home directory to the > new location (use only with -d) > -o, --non-unique allow using duplicate (non-unique) UID > -p, --password PASSWORD use encrypted password for the new password > -P, --clear-password PASSWORD use clear password for the new password > -R, --root CHROOT_DIR directory to chroot into > -s, --shell SHELL new login shell for the user account > -u, --uid UID new UID for the user account > -U, --unlock unlock the user account > -v, --add-subuids FIRST-LAST add range of subordinate uids > -V, --del-subuids FIRST-LAST remove range of subordinate uids > -w, --add-subgids FIRST-LAST add range of subordinate gids > -W, --del-subgids FIRST-LAST remove range of subordinate gids > > ERROR: scribe: usermod command did not succeed. > > So, even though I'm putting in the openssl output: > openssl passwd -1 "Distracted" > $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 > > that I get back from what should be a valid run of openssl, I don't see anything > from the password on the usermod command line: > "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" > > I don't understand why the short passwords and passing along the proper hash works, > but not the longer password. > > It also doesn't make sense that I can't put in the '$' & '@' characters and > have them work. > > Any suggestions would be greatly appreciated. > > Greg > > ------------------------------ > *From:* Rudolf Streif <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 4:58:26 PM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > Glad to hear that it works now. I am planning on attending the YP DevDay. > > :rjs > > On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com> > wrote: > >> Thank you very much, that got me back on the right path. >> >> Maybe I'll see you at the Yocto day at the Embedded Linux Conference. >> >> Regards, >> >> [image: cid:image001.png@01D35D7D.179A7510] >> >> *Greg Wilson-Lindberg * >> >> *Principal Firmware Engineer | Sakura Finetek USA, Inc. * >> >> >> >> 1750 W 214th Street | Torrance, CA 90501 | U.S.A. >> >> T: +1 310 783 5075 >> >> F: +1 310 618 6902 | E: gwilson@sakuraus.com >> >> www.sakuraus.com >> >> >> >> [image: cid:image002.png@01D35D7D.179A7510] >> >> [image: cid:image003.png@01D35D7D.179A7510] >> ------------------------------ >> >> Confidentiality Notice: This e-mail transmission may contain confidential >> or legally privileged information that is intended only for the individual >> or entity named in the e-mail address. If you are not the intended >> recipient, you are hereby notified that any disclosure, copying, >> distribution, or reliance upon the contents of this e-mail is strictly >> prohibited. If you have received this e-mail transmission in error, please >> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for >> proper delivery, and then please delete the message from your inbox. Thank >> you. >> >> >> >> >> >> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com] >> *Sent:* Wednesday, May 15, 2019 01:30 PM >> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list discussion >> <yocto@yoctoproject.org> >> *Subject:* Re: [yocto] problem adding a user >> >> >> >> Instead of >> >> >> >> useradd -p `openssl passwd test` sakura >> >> >> >> which attempts to add the user and set the password which fails if the >> user already exists, use >> >> >> >> usermod -p `openssl passwd test` sakura >> >> >> >> which sets the user's password. >> >> >> >> :rjs >> >> >> >> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: >> >> Ok, I had been using the useradd class in a couple of other recipes to >> allow me to copy files to the sakura user directory and another location, >> but owned by sakura. That seems to have been what was causing the problem. >> >> >> >> I had been using the extrausers class in my top level image recipe. >> >> >> So now how do I get all of this to work together? Do I need to put >> everything that touches the sakura user in the same recipe? It seems that I >> need to use only one of the useradd or extrausers classes? >> >> >> >> Greg >> ------------------------------ >> >> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >> <rudolf.streif@ibeeto.com> >> *Sent:* Wednesday, May 15, 2019 12:31 PM >> *To:* Greg Wilson-Lindberg; Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> >> >> The ! for the password in /etc/shadow indicates that the account is >> disabled: >> >> sakura:!:18031:0:99999:7::: >> >> >> >> Either there is something wrong with the password generation or it gets >> disabled by something else. Maybe it's worth trying with a plain image >> without Boot2Qt or anything else. >> >> >> >> :rjs >> >> >> >> >> >> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >> >> Hi Rudolf, >> >> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >> >> >> >> It shouldn't make any difference, but I'm building this for an RPi3 using >> the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >> >> >> >> Greg >> ------------------------------ >> >> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >> <rudolf.streif@ibeeto.com> >> *Sent:* Wednesday, May 15, 2019 11:26 AM >> *To:* Greg Wilson-Lindberg; Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> >> >> Hi Greg, >> >> >> >> > I've also tried both the back-quote and the single-quote, no difference. >> >> >> >> Help me to understand this. the back-quotes are the right ones. If you >> use the single ones your password in the /etc/shadow ends up being 'openssl >> passwd test' (without the quotes), unless the build fails because of a >> parsing error (I have not tried it). Silly question, you did inherit >> extrausers class? >> >> >> >> Can you post your /etc/passwd and /etc/shadow >> >> >> >> I am surprised that this does not work with your setup. I have been doing >> this a gazillion times always with success. >> >> >> >> :rjs >> >> >> >> >> >> >> >> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >> >> Hi Rudolf, >> >> Thanks for the reply, and the information on how openssl works. >> >> >> >> I'm trying to create a user with the same group name so the code that I'm >> using reduces to: >> >> EXTRA_USERS_PARAMS = "\ >> >> useradd -p `openssl passwd test` sakura; \ >> >> usermod -a -G sudo ${SAKURA_USER}; \ >> >> " >> >> I also, as you can see, removed the macros to eliminate as much confusion >> as possible. >> >> >> >> I still can't login in using the password 'test'. >> >> >> >> I've also tried both the back-quote and the single-quote, no difference. >> >> Regards, >> >> >> >> Greg >> ------------------------------ >> >> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >> <rudolf.streif@ibeeto.com> >> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >> *To:* Greg Wilson-Lindberg; Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> >> >> Hi Greg, >> >> Well, I suppose I wrote the book you are referring to... >> >> >> Using >> >> useradd -p PASSWORD USER >> >> takes the password hash for PASSWORD hence the use of openssl in: >> >> useadd -p `openssl passwd PASSWORD` USER >> >> openssl password creates the password hash using the original crypt hash >> algorithm if no other options are specified. e.g. >> >> $ openssl passwd hello >> 6hEsTksgRkeiI >> >> With this the first two characters of the output is the salt and the >> rest is the password hash. If you want openssl to create the same result >> again: >> >> $ openssl passwd -salt "6h" hello >> 6hEsTksgRkeiI >> >> You can use newer algorithms like MD5 based BSD password algorithm 1: >> >> $ openssl passwd -1 hello >> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >> >> $1 : password algorithm 1 >> $4Mu8Fcs. : salt >> $eIKgPP7RCYrb3lFZjhADA1 : password hash >> >> >> If you log into the system you have to use the clear password. The >> system reads the salt, creates the password hash and compares the results. >> >> >> :rjs >> >> >> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >> > I'm trying to use the example in "Embedded Linux Systems with the Yocto >> Project" to add a user to my Yocto build. In the book the sample code: >> > >> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >> > >> > uses openssl to generate the encrypted password string to pass to >> useradd. I have never been able to get this to work. When I run the openssl >> > command on the cmd line I get a different value every time, this seems >> wrong, How can the password code compare against it if every encode >> > produces a different value? >> > >> > I am getting the user added to the system, the home directory shows up >> and the user is in the passwd and group files. I just can't login to the >> > account. >> > >> > I've obviously got something confused, any help would be appreciated. >> > >> > Greg Wilson-Lindberg >> > >> >> -- >> ----- >> Rudolf J Streif >> CEO/CTO ibeeto >> +1.855.442.3396 x700 >> >> -- >> >> ----- >> >> Rudolf J Streif >> >> CEO/CTO ibeeto >> >> +1.855.442.3396 x700 >> >> -- >> >> ----- >> >> Rudolf J Streif >> >> CEO/CTO ibeeto >> >> +1.855.442.3396 x700 >> >> -- >> >> ----- >> >> Rudolf J Streif >> >> CEO/CTO ibeeto >> >> +1.855.442.3396 x700 >> >> [-- Attachment #2: Type: text/html, Size: 28054 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-21 12:37 ` Rudolf Streif @ 2019-05-21 18:09 ` Greg Wilson-Lindberg 2019-05-22 19:42 ` Rudolf Streif 0 siblings, 1 reply; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-21 18:09 UTC (permalink / raw) To: Rudolf Streif; +Cc: Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 12686 bytes --] Rudolf, Something else is happening to me. I changed to this in the image recipe: SAKURA_USER = "sakura" SAKURA_PASSWD = "Distracted" SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " deleting all of the commented out lines, and I get this in the log file: ..../scribe/1.0-r0/rootfs -p '' sakura] nothing between the single quotes. It's acting like SAKURA_PASS is not defined. This is only happening when I'm trying the MD5 password. Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com> Sent: Tuesday, May 21, 2019 5:37:23 AM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Greg, usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash: usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; :rjs On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Hi Rudolf, I've had more time to work with this and I'm still having problems getting everything to work properly. I've attached the image recipe recipe that I'm using so I don't leave any thing out that may be relevant. When I build with a password that is no more more than 8 characters long and no non-alphabetic characters: SAKURA_PASSWD = "Distract" SAKURA_PASS = "WRsDFfg1BsrDM" everything works correctly. I first tried that using the `openssl ...` form, and then I tried the -1, MD5 BSD form and had problems, so I changed to doing the openssl on the command line and making sure that I don't have any characters that display as '.' or '/'. Again, if I don't do more than 8 characters and no special characters everything works. When I changed to using 'Ds$tr@ct' it stopped working. The build finishes and the log file shows the usermod being exectued correctly: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] But when I try to sign in it doesn't work. I then tried the 10 character password 'Distracted', the build fails: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -P, --clear-password PASSWORD use clear password for the new password -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -v, --add-subuids FIRST-LAST add range of subordinate uids -V, --del-subuids FIRST-LAST remove range of subordinate uids -w, --add-subgids FIRST-LAST add range of subordinate gids -W, --del-subgids FIRST-LAST remove range of subordinate gids ERROR: scribe: usermod command did not succeed. So, even though I'm putting in the openssl output: openssl passwd -1 "Distracted" $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 that I get back from what should be a valid run of openssl, I don't see anything from the password on the usermod command line: "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" I don't understand why the short passwords and passing along the proper hash works, but not the longer password. It also doesn't make sense that I can't put in the '$' & '@' characters and have them work. Any suggestions would be greatly appreciated. Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> Sent: Wednesday, May 15, 2019 4:58:26 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Glad to hear that it works now. I am planning on attending the YP DevDay. :rjs On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Thank you very much, that got me back on the right path. Maybe I'll see you at the Yocto day at the Embedded Linux Conference. Regards, Greg Wilson-Lindberg Principal Firmware Engineer | Sakura Finetek USA, Inc. 1750 W 214th Street | Torrance, CA 90501 | U.S.A. T: +1 310 783 5075 F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com> www.sakuraus.com<http://www.sakuraus.com> [cid:image002.png@01D35D7D.179A7510] [cid:image003.png@01D35D7D.179A7510] ________________________________ Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you. From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>] Sent: Wednesday, May 15, 2019 01:30 PM To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>> Subject: Re: [yocto] problem adding a user Instead of useradd -p `openssl passwd test` sakura which attempts to add the user and set the password which fails if the user already exists, use usermod -p `openssl passwd test` sakura which sets the user's password. :rjs On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem. I had been using the extrausers class in my top level image recipe. So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes? Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 12:31 PM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user The ! for the password in /etc/shadow indicates that the account is disabled: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 [-- Attachment #2: Type: text/html, Size: 30278 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-21 18:09 ` Greg Wilson-Lindberg @ 2019-05-22 19:42 ` Rudolf Streif 2019-05-22 20:28 ` Greg Wilson-Lindberg 0 siblings, 1 reply; 21+ messages in thread From: Rudolf Streif @ 2019-05-22 19:42 UTC (permalink / raw) To: Greg Wilson-Lindberg; +Cc: Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 14311 bytes --] Greg, Can you share the logfile via Pastebin? :rjs On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com> wrote: > Rudolf, > > Something else is happening to me. I changed to this in the image recipe: > > SAKURA_USER = "sakura" > > SAKURA_PASSWD = "Distracted" > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > > deleting all of the commented out lines, and I get this in the log file: > > > ..../scribe/1.0-r0/rootfs -p '' sakura] > > > nothing between the single quotes. It's acting like SAKURA_PASS is not > defined. > > This is only happening when I'm trying the MD5 password. > > > Greg > ------------------------------ > *From:* Rudolf Streif <rudolf.streif@ibeeto.com> > *Sent:* Tuesday, May 21, 2019 5:37:23 AM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > Greg, > > usermod does not work for the MD5 algorithm with the explicit password > hash as it contains the $ field delimiters which are interpreted by the > shell executing the usermod command. Use single quotes around the password > hash: > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; > > :rjs > > On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com> > wrote: > >> Hi Rudolf, >> >> I've had more time to work with this and I'm still having problems getting >> everything to work properly. I've attached the image recipe recipe that I'm >> using so I don't leave any thing out that may be relevant. >> >> When I build with a password that is no more more than 8 characters long >> and no non-alphabetic characters: >> >> SAKURA_PASSWD = "Distract" >> SAKURA_PASS = "WRsDFfg1BsrDM" >> >> everything works correctly. >> >> I first tried that using the `openssl ...` form, and then I tried the >> -1, MD5 BSD form and had problems, so I changed to doing the openssl >> on the command line and making sure that I don't have any characters >> that display as '.' or '/'. Again, if I don't do more than 8 characters >> and no special characters everything works. >> >> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes >> and the log file shows the usermod being exectued correctly: >> >> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] >> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] >> >> But when I try to sign in it doesn't work. >> >> I then tried the 10 character password 'Distracted', the build fails: >> >> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] >> Usage: usermod [options] LOGIN >> >> Options: >> -c, --comment COMMENT new value of the GECOS field >> -d, --home HOME_DIR new home directory for the user account >> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE >> -f, --inactive INACTIVE set password inactive after expiration >> to INACTIVE >> -g, --gid GROUP force use GROUP as new primary group >> -G, --groups GROUPS new list of supplementary GROUPS >> -a, --append append the user to the supplemental GROUPS >> mentioned by the -G option without removing >> him/her from other groups >> -h, --help display this help message and exit >> -l, --login NEW_LOGIN new value of the login name >> -L, --lock lock the user account >> -m, --move-home move contents of the home directory to the >> new location (use only with -d) >> -o, --non-unique allow using duplicate (non-unique) UID >> -p, --password PASSWORD use encrypted password for the new password >> -P, --clear-password PASSWORD use clear password for the new password >> -R, --root CHROOT_DIR directory to chroot into >> -s, --shell SHELL new login shell for the user account >> -u, --uid UID new UID for the user account >> -U, --unlock unlock the user account >> -v, --add-subuids FIRST-LAST add range of subordinate uids >> -V, --del-subuids FIRST-LAST remove range of subordinate uids >> -w, --add-subgids FIRST-LAST add range of subordinate gids >> -W, --del-subgids FIRST-LAST remove range of subordinate gids >> >> ERROR: scribe: usermod command did not succeed. >> >> So, even though I'm putting in the openssl output: >> openssl passwd -1 "Distracted" >> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 >> >> that I get back from what should be a valid run of openssl, I don't see anything >> from the password on the usermod command line: >> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" >> >> I don't understand why the short passwords and passing along the proper hash works, >> but not the longer password. >> >> It also doesn't make sense that I can't put in the '$' & '@' characters and >> have them work. >> >> Any suggestions would be greatly appreciated. >> >> Greg >> >> ------------------------------ >> *From:* Rudolf Streif <rudolf.streif@ibeeto.com> >> *Sent:* Wednesday, May 15, 2019 4:58:26 PM >> *To:* Greg Wilson-Lindberg >> *Cc:* Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> Glad to hear that it works now. I am planning on attending the YP DevDay. >> >> :rjs >> >> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com> >> wrote: >> >>> Thank you very much, that got me back on the right path. >>> >>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference. >>> >>> Regards, >>> >>> [image: cid:image001.png@01D35D7D.179A7510] >>> >>> *Greg Wilson-Lindberg * >>> >>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. * >>> >>> >>> >>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A. >>> >>> T: +1 310 783 5075 >>> >>> F: +1 310 618 6902 | E: gwilson@sakuraus.com >>> >>> www.sakuraus.com >>> >>> >>> >>> [image: cid:image002.png@01D35D7D.179A7510] >>> >>> [image: cid:image003.png@01D35D7D.179A7510] >>> ------------------------------ >>> >>> Confidentiality Notice: This e-mail transmission may contain >>> confidential or legally privileged information that is intended only for >>> the individual or entity named in the e-mail address. If you are not the >>> intended recipient, you are hereby notified that any disclosure, copying, >>> distribution, or reliance upon the contents of this e-mail is strictly >>> prohibited. If you have received this e-mail transmission in error, please >>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for >>> proper delivery, and then please delete the message from your inbox. Thank >>> you. >>> >>> >>> >>> >>> >>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com] >>> *Sent:* Wednesday, May 15, 2019 01:30 PM >>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list >>> discussion <yocto@yoctoproject.org> >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> Instead of >>> >>> >>> >>> useradd -p `openssl passwd test` sakura >>> >>> >>> >>> which attempts to add the user and set the password which fails if the >>> user already exists, use >>> >>> >>> >>> usermod -p `openssl passwd test` sakura >>> >>> >>> >>> which sets the user's password. >>> >>> >>> >>> :rjs >>> >>> >>> >>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: >>> >>> Ok, I had been using the useradd class in a couple of other recipes to >>> allow me to copy files to the sakura user directory and another location, >>> but owned by sakura. That seems to have been what was causing the problem. >>> >>> >>> >>> I had been using the extrausers class in my top level image recipe. >>> >>> >>> So now how do I get all of this to work together? Do I need to put >>> everything that touches the sakura user in the same recipe? It seems that I >>> need to use only one of the useradd or extrausers classes? >>> >>> >>> >>> Greg >>> ------------------------------ >>> >>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>> <rudolf.streif@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 12:31 PM >>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> The ! for the password in /etc/shadow indicates that the account is >>> disabled: >>> >>> sakura:!:18031:0:99999:7::: >>> >>> >>> >>> Either there is something wrong with the password generation or it gets >>> disabled by something else. Maybe it's worth trying with a plain image >>> without Boot2Qt or anything else. >>> >>> >>> >>> :rjs >>> >>> >>> >>> >>> >>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >>> >>> Hi Rudolf, >>> >>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >>> >>> >>> >>> It shouldn't make any difference, but I'm building this for an RPi3 >>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >>> >>> >>> >>> Greg >>> ------------------------------ >>> >>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>> <rudolf.streif@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 11:26 AM >>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> Hi Greg, >>> >>> >>> >>> > I've also tried both the back-quote and the single-quote, no >>> difference. >>> >>> >>> >>> Help me to understand this. the back-quotes are the right ones. If you >>> use the single ones your password in the /etc/shadow ends up being 'openssl >>> passwd test' (without the quotes), unless the build fails because of a >>> parsing error (I have not tried it). Silly question, you did inherit >>> extrausers class? >>> >>> >>> >>> Can you post your /etc/passwd and /etc/shadow >>> >>> >>> >>> I am surprised that this does not work with your setup. I have been >>> doing this a gazillion times always with success. >>> >>> >>> >>> :rjs >>> >>> >>> >>> >>> >>> >>> >>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >>> >>> Hi Rudolf, >>> >>> Thanks for the reply, and the information on how openssl works. >>> >>> >>> >>> I'm trying to create a user with the same group name so the code that >>> I'm using reduces to: >>> >>> EXTRA_USERS_PARAMS = "\ >>> >>> useradd -p `openssl passwd test` sakura; \ >>> >>> usermod -a -G sudo ${SAKURA_USER}; \ >>> >>> " >>> >>> I also, as you can see, removed the macros to eliminate as much >>> confusion as possible. >>> >>> >>> >>> I still can't login in using the password 'test'. >>> >>> >>> >>> I've also tried both the back-quote and the single-quote, no difference. >>> >>> Regards, >>> >>> >>> >>> Greg >>> ------------------------------ >>> >>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>> <rudolf.streif@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> Hi Greg, >>> >>> Well, I suppose I wrote the book you are referring to... >>> >>> >>> Using >>> >>> useradd -p PASSWORD USER >>> >>> takes the password hash for PASSWORD hence the use of openssl in: >>> >>> useadd -p `openssl passwd PASSWORD` USER >>> >>> openssl password creates the password hash using the original crypt hash >>> algorithm if no other options are specified. e.g. >>> >>> $ openssl passwd hello >>> 6hEsTksgRkeiI >>> >>> With this the first two characters of the output is the salt and the >>> rest is the password hash. If you want openssl to create the same result >>> again: >>> >>> $ openssl passwd -salt "6h" hello >>> 6hEsTksgRkeiI >>> >>> You can use newer algorithms like MD5 based BSD password algorithm 1: >>> >>> $ openssl passwd -1 hello >>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >>> >>> $1 : password algorithm 1 >>> $4Mu8Fcs. : salt >>> $eIKgPP7RCYrb3lFZjhADA1 : password hash >>> >>> >>> If you log into the system you have to use the clear password. The >>> system reads the salt, creates the password hash and compares the >>> results. >>> >>> >>> :rjs >>> >>> >>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >>> > I'm trying to use the example in "Embedded Linux Systems with the >>> Yocto Project" to add a user to my Yocto build. In the book the sample code: >>> > >>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >>> > >>> > uses openssl to generate the encrypted password string to pass to >>> useradd. I have never been able to get this to work. When I run the openssl >>> > command on the cmd line I get a different value every time, this seems >>> wrong, How can the password code compare against it if every encode >>> > produces a different value? >>> > >>> > I am getting the user added to the system, the home directory shows up >>> and the user is in the passwd and group files. I just can't login to the >>> > account. >>> > >>> > I've obviously got something confused, any help would be appreciated. >>> > >>> > Greg Wilson-Lindberg >>> > >>> >>> -- >>> ----- >>> Rudolf J Streif >>> CEO/CTO ibeeto >>> +1.855.442.3396 x700 >>> >>> -- >>> >>> ----- >>> >>> Rudolf J Streif >>> >>> CEO/CTO ibeeto >>> >>> +1.855.442.3396 x700 >>> >>> -- >>> >>> ----- >>> >>> Rudolf J Streif >>> >>> CEO/CTO ibeeto >>> >>> +1.855.442.3396 x700 >>> >>> -- >>> >>> ----- >>> >>> Rudolf J Streif >>> >>> CEO/CTO ibeeto >>> >>> +1.855.442.3396 x700 >>> >>> -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc. [-- Attachment #2: Type: text/html, Size: 29957 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-22 19:42 ` Rudolf Streif @ 2019-05-22 20:28 ` Greg Wilson-Lindberg 2019-05-23 20:40 ` Rudolf Streif 0 siblings, 1 reply; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-22 20:28 UTC (permalink / raw) To: Rudolf Streif; +Cc: Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 13408 bytes --] Rudolf, Here is the first half of the file, the whole file is over the 500k limit of free pastebin: https://pastebin.com/UcnKebce And here is the 2nd half of the file: https://pastebin.com/9117tdUU Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com> Sent: Wednesday, May 22, 2019 12:42:40 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Greg, Can you share the logfile via Pastebin? :rjs On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Rudolf, Something else is happening to me. I changed to this in the image recipe: SAKURA_USER = "sakura" SAKURA_PASSWD = "Distracted" SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " deleting all of the commented out lines, and I get this in the log file: ..../scribe/1.0-r0/rootfs -p '' sakura] nothing between the single quotes. It's acting like SAKURA_PASS is not defined. This is only happening when I'm trying the MD5 password. Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> Sent: Tuesday, May 21, 2019 5:37:23 AM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Greg, usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash: usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; :rjs On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Hi Rudolf, I've had more time to work with this and I'm still having problems getting everything to work properly. I've attached the image recipe recipe that I'm using so I don't leave any thing out that may be relevant. When I build with a password that is no more more than 8 characters long and no non-alphabetic characters: SAKURA_PASSWD = "Distract" SAKURA_PASS = "WRsDFfg1BsrDM" everything works correctly. I first tried that using the `openssl ...` form, and then I tried the -1, MD5 BSD form and had problems, so I changed to doing the openssl on the command line and making sure that I don't have any characters that display as '.' or '/'. Again, if I don't do more than 8 characters and no special characters everything works. When I changed to using 'Ds$tr@ct' it stopped working. The build finishes and the log file shows the usermod being exectued correctly: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] But when I try to sign in it doesn't work. I then tried the 10 character password 'Distracted', the build fails: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -P, --clear-password PASSWORD use clear password for the new password -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -v, --add-subuids FIRST-LAST add range of subordinate uids -V, --del-subuids FIRST-LAST remove range of subordinate uids -w, --add-subgids FIRST-LAST add range of subordinate gids -W, --del-subgids FIRST-LAST remove range of subordinate gids ERROR: scribe: usermod command did not succeed. So, even though I'm putting in the openssl output: openssl passwd -1 "Distracted" $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 that I get back from what should be a valid run of openssl, I don't see anything from the password on the usermod command line: "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" I don't understand why the short passwords and passing along the proper hash works, but not the longer password. It also doesn't make sense that I can't put in the '$' & '@' characters and have them work. Any suggestions would be greatly appreciated. Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> Sent: Wednesday, May 15, 2019 4:58:26 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Glad to hear that it works now. I am planning on attending the YP DevDay. :rjs On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Thank you very much, that got me back on the right path. Maybe I'll see you at the Yocto day at the Embedded Linux Conference. Regards, Greg Wilson-Lindberg Principal Firmware Engineer | Sakura Finetek USA, Inc. 1750 W 214th Street | Torrance, CA 90501 | U.S.A. T: +1 310 783 5075 F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com> www.sakuraus.com<http://www.sakuraus.com> [cid:image002.png@01D35D7D.179A7510] [cid:image003.png@01D35D7D.179A7510] ________________________________ Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you. From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>] Sent: Wednesday, May 15, 2019 01:30 PM To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>> Subject: Re: [yocto] problem adding a user Instead of useradd -p `openssl passwd test` sakura which attempts to add the user and set the password which fails if the user already exists, use usermod -p `openssl passwd test` sakura which sets the user's password. :rjs On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem. I had been using the extrausers class in my top level image recipe. So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes? Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 12:31 PM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user The ! for the password in /etc/shadow indicates that the account is disabled: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc. [-- Attachment #2: Type: text/html, Size: 31462 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-22 20:28 ` Greg Wilson-Lindberg @ 2019-05-23 20:40 ` Rudolf Streif 2019-05-23 21:44 ` Leon Woestenberg 2019-05-24 2:11 ` Khem Raj 0 siblings, 2 replies; 21+ messages in thread From: Rudolf Streif @ 2019-05-23 20:40 UTC (permalink / raw) To: Greg Wilson-Lindberg; +Cc: Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 16677 bytes --] Greg, It eluded me earlier but in both instances the variable containing the password does not seem to be expanded. First version without the single quotes: SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] and with the quotes: SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura] It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase? :rjs On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com> wrote: > Rudolf, > > Here is the first half of the file, the whole file is over the 500k limit > of free pastebin: > > https://pastebin.com/UcnKebce > > > And here is the 2nd half of the file: > > https://pastebin.com/9117tdUU > > > Greg > ------------------------------ > *From:* Rudolf Streif <rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 22, 2019 12:42:40 PM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > Greg, > Can you share the logfile via Pastebin? > :rjs > > On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg < > GWilson@sakuraus.com> wrote: > >> Rudolf, >> >> Something else is happening to me. I changed to this in the image recipe: >> >> SAKURA_USER = "sakura" >> >> SAKURA_PASSWD = "Distracted" >> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" >> >> EXTRA_USERS_PARAMS = "\ >> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ >> usermod -a -G sudo,dialout ${SAKURA_USER}; \ >> " >> >> deleting all of the commented out lines, and I get this in the log file: >> >> >> ..../scribe/1.0-r0/rootfs -p '' sakura] >> >> >> nothing between the single quotes. It's acting like SAKURA_PASS is not >> defined. >> >> This is only happening when I'm trying the MD5 password. >> >> >> Greg >> ------------------------------ >> *From:* Rudolf Streif <rudolf.streif@ibeeto.com> >> *Sent:* Tuesday, May 21, 2019 5:37:23 AM >> *To:* Greg Wilson-Lindberg >> *Cc:* Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> Greg, >> >> usermod does not work for the MD5 algorithm with the explicit password >> hash as it contains the $ field delimiters which are interpreted by the >> shell executing the usermod command. Use single quotes around the password >> hash: >> >> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; >> >> :rjs >> >> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com> >> wrote: >> >>> Hi Rudolf, >>> >>> I've had more time to work with this and I'm still having problems getting >>> everything to work properly. I've attached the image recipe recipe that I'm >>> using so I don't leave any thing out that may be relevant. >>> >>> When I build with a password that is no more more than 8 characters long >>> and no non-alphabetic characters: >>> >>> SAKURA_PASSWD = "Distract" >>> SAKURA_PASS = "WRsDFfg1BsrDM" >>> >>> everything works correctly. >>> >>> I first tried that using the `openssl ...` form, and then I tried the >>> -1, MD5 BSD form and had problems, so I changed to doing the openssl >>> on the command line and making sure that I don't have any characters >>> that display as '.' or '/'. Again, if I don't do more than 8 characters >>> and no special characters everything works. >>> >>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes >>> and the log file shows the usermod being exectued correctly: >>> >>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] >>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] >>> >>> But when I try to sign in it doesn't work. >>> >>> I then tried the 10 character password 'Distracted', the build fails: >>> >>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] >>> Usage: usermod [options] LOGIN >>> >>> Options: >>> -c, --comment COMMENT new value of the GECOS field >>> -d, --home HOME_DIR new home directory for the user account >>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE >>> -f, --inactive INACTIVE set password inactive after expiration >>> to INACTIVE >>> -g, --gid GROUP force use GROUP as new primary group >>> -G, --groups GROUPS new list of supplementary GROUPS >>> -a, --append append the user to the supplemental GROUPS >>> mentioned by the -G option without removing >>> him/her from other groups >>> -h, --help display this help message and exit >>> -l, --login NEW_LOGIN new value of the login name >>> -L, --lock lock the user account >>> -m, --move-home move contents of the home directory to the >>> new location (use only with -d) >>> -o, --non-unique allow using duplicate (non-unique) UID >>> -p, --password PASSWORD use encrypted password for the new password >>> -P, --clear-password PASSWORD use clear password for the new password >>> -R, --root CHROOT_DIR directory to chroot into >>> -s, --shell SHELL new login shell for the user account >>> -u, --uid UID new UID for the user account >>> -U, --unlock unlock the user account >>> -v, --add-subuids FIRST-LAST add range of subordinate uids >>> -V, --del-subuids FIRST-LAST remove range of subordinate uids >>> -w, --add-subgids FIRST-LAST add range of subordinate gids >>> -W, --del-subgids FIRST-LAST remove range of subordinate gids >>> >>> ERROR: scribe: usermod command did not succeed. >>> >>> So, even though I'm putting in the openssl output: >>> openssl passwd -1 "Distracted" >>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 >>> >>> that I get back from what should be a valid run of openssl, I don't see anything >>> from the password on the usermod command line: >>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" >>> >>> I don't understand why the short passwords and passing along the proper hash works, >>> but not the longer password. >>> >>> It also doesn't make sense that I can't put in the '$' & '@' characters and >>> have them work. >>> >>> Any suggestions would be greatly appreciated. >>> >>> Greg >>> >>> ------------------------------ >>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM >>> *To:* Greg Wilson-Lindberg >>> *Cc:* Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> Glad to hear that it works now. I am planning on attending the YP >>> DevDay. >>> >>> :rjs >>> >>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com> >>> wrote: >>> >>>> Thank you very much, that got me back on the right path. >>>> >>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference. >>>> >>>> Regards, >>>> >>>> [image: cid:image001.png@01D35D7D.179A7510] >>>> >>>> *Greg Wilson-Lindberg * >>>> >>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. * >>>> >>>> >>>> >>>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A. >>>> >>>> T: +1 310 783 5075 >>>> >>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com >>>> >>>> www.sakuraus.com >>>> >>>> >>>> >>>> [image: cid:image002.png@01D35D7D.179A7510] >>>> >>>> [image: cid:image003.png@01D35D7D.179A7510] >>>> ------------------------------ >>>> >>>> Confidentiality Notice: This e-mail transmission may contain >>>> confidential or legally privileged information that is intended only for >>>> the individual or entity named in the e-mail address. If you are not the >>>> intended recipient, you are hereby notified that any disclosure, copying, >>>> distribution, or reliance upon the contents of this e-mail is strictly >>>> prohibited. If you have received this e-mail transmission in error, please >>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for >>>> proper delivery, and then please delete the message from your inbox. Thank >>>> you. >>>> >>>> >>>> >>>> >>>> >>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com] >>>> *Sent:* Wednesday, May 15, 2019 01:30 PM >>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list >>>> discussion <yocto@yoctoproject.org> >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> Instead of >>>> >>>> >>>> >>>> useradd -p `openssl passwd test` sakura >>>> >>>> >>>> >>>> which attempts to add the user and set the password which fails if the >>>> user already exists, use >>>> >>>> >>>> >>>> usermod -p `openssl passwd test` sakura >>>> >>>> >>>> >>>> which sets the user's password. >>>> >>>> >>>> >>>> :rjs >>>> >>>> >>>> >>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: >>>> >>>> Ok, I had been using the useradd class in a couple of other recipes to >>>> allow me to copy files to the sakura user directory and another location, >>>> but owned by sakura. That seems to have been what was causing the problem. >>>> >>>> >>>> >>>> I had been using the extrausers class in my top level image recipe. >>>> >>>> >>>> So now how do I get all of this to work together? Do I need to put >>>> everything that touches the sakura user in the same recipe? It seems that I >>>> need to use only one of the useradd or extrausers classes? >>>> >>>> >>>> >>>> Greg >>>> ------------------------------ >>>> >>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>>> <rudolf.streif@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 12:31 PM >>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> The ! for the password in /etc/shadow indicates that the account is >>>> disabled: >>>> >>>> sakura:!:18031:0:99999:7::: >>>> >>>> >>>> >>>> Either there is something wrong with the password generation or it gets >>>> disabled by something else. Maybe it's worth trying with a plain image >>>> without Boot2Qt or anything else. >>>> >>>> >>>> >>>> :rjs >>>> >>>> >>>> >>>> >>>> >>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >>>> >>>> Hi Rudolf, >>>> >>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >>>> >>>> >>>> >>>> It shouldn't make any difference, but I'm building this for an RPi3 >>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >>>> >>>> >>>> >>>> Greg >>>> ------------------------------ >>>> >>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>>> <rudolf.streif@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 11:26 AM >>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> Hi Greg, >>>> >>>> >>>> >>>> > I've also tried both the back-quote and the single-quote, no >>>> difference. >>>> >>>> >>>> >>>> Help me to understand this. the back-quotes are the right ones. If you >>>> use the single ones your password in the /etc/shadow ends up being 'openssl >>>> passwd test' (without the quotes), unless the build fails because of a >>>> parsing error (I have not tried it). Silly question, you did inherit >>>> extrausers class? >>>> >>>> >>>> >>>> Can you post your /etc/passwd and /etc/shadow >>>> >>>> >>>> >>>> I am surprised that this does not work with your setup. I have been >>>> doing this a gazillion times always with success. >>>> >>>> >>>> >>>> :rjs >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >>>> >>>> Hi Rudolf, >>>> >>>> Thanks for the reply, and the information on how openssl works. >>>> >>>> >>>> >>>> I'm trying to create a user with the same group name so the code that >>>> I'm using reduces to: >>>> >>>> EXTRA_USERS_PARAMS = "\ >>>> >>>> useradd -p `openssl passwd test` sakura; \ >>>> >>>> usermod -a -G sudo ${SAKURA_USER}; \ >>>> >>>> " >>>> >>>> I also, as you can see, removed the macros to eliminate as much >>>> confusion as possible. >>>> >>>> >>>> >>>> I still can't login in using the password 'test'. >>>> >>>> >>>> >>>> I've also tried both the back-quote and the single-quote, no difference. >>>> >>>> Regards, >>>> >>>> >>>> >>>> Greg >>>> ------------------------------ >>>> >>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>>> <rudolf.streif@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> Hi Greg, >>>> >>>> Well, I suppose I wrote the book you are referring to... >>>> >>>> >>>> Using >>>> >>>> useradd -p PASSWORD USER >>>> >>>> takes the password hash for PASSWORD hence the use of openssl in: >>>> >>>> useadd -p `openssl passwd PASSWORD` USER >>>> >>>> openssl password creates the password hash using the original crypt >>>> hash >>>> algorithm if no other options are specified. e.g. >>>> >>>> $ openssl passwd hello >>>> 6hEsTksgRkeiI >>>> >>>> With this the first two characters of the output is the salt and the >>>> rest is the password hash. If you want openssl to create the same >>>> result >>>> again: >>>> >>>> $ openssl passwd -salt "6h" hello >>>> 6hEsTksgRkeiI >>>> >>>> You can use newer algorithms like MD5 based BSD password algorithm 1: >>>> >>>> $ openssl passwd -1 hello >>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >>>> >>>> $1 : password algorithm 1 >>>> $4Mu8Fcs. : salt >>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash >>>> >>>> >>>> If you log into the system you have to use the clear password. The >>>> system reads the salt, creates the password hash and compares the >>>> results. >>>> >>>> >>>> :rjs >>>> >>>> >>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >>>> > I'm trying to use the example in "Embedded Linux Systems with the >>>> Yocto Project" to add a user to my Yocto build. In the book the sample code: >>>> > >>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >>>> > >>>> > uses openssl to generate the encrypted password string to pass to >>>> useradd. I have never been able to get this to work. When I run the openssl >>>> > command on the cmd line I get a different value every time, this >>>> seems wrong, How can the password code compare against it if every encode >>>> > produces a different value? >>>> > >>>> > I am getting the user added to the system, the home directory shows >>>> up and the user is in the passwd and group files. I just can't login to the >>>> > account. >>>> > >>>> > I've obviously got something confused, any help would be appreciated. >>>> > >>>> > Greg Wilson-Lindberg >>>> > >>>> >>>> -- >>>> ----- >>>> Rudolf J Streif >>>> CEO/CTO ibeeto >>>> +1.855.442.3396 x700 >>>> >>>> -- >>>> >>>> ----- >>>> >>>> Rudolf J Streif >>>> >>>> CEO/CTO ibeeto >>>> >>>> +1.855.442.3396 x700 >>>> >>>> -- >>>> >>>> ----- >>>> >>>> Rudolf J Streif >>>> >>>> CEO/CTO ibeeto >>>> >>>> +1.855.442.3396 x700 >>>> >>>> -- >>>> >>>> ----- >>>> >>>> Rudolf J Streif >>>> >>>> CEO/CTO ibeeto >>>> >>>> +1.855.442.3396 x700 >>>> >>>> > > -- > Rudolf J Streif > CEO/CTO > ibeeto, Streif Enterprises Inc. > -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc. [-- Attachment #2: Type: text/html, Size: 36707 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-23 20:40 ` Rudolf Streif @ 2019-05-23 21:44 ` Leon Woestenberg 2019-05-23 22:43 ` Greg Wilson-Lindberg 2019-05-24 2:11 ` Khem Raj 1 sibling, 1 reply; 21+ messages in thread From: Leon Woestenberg @ 2019-05-23 21:44 UTC (permalink / raw) To: Rudolf Streif; +Cc: Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 17941 bytes --] Hello Rudolf, Greg, On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.streif@ibeeto.com> wrote: > > It eluded me earlier but in both instances the variable containing the > password does not seem to be expanded. > Could it be the spaces around the = equal sign must be removed? https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts Regards, Leon > First version without the single quotes: > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > results in: > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] > > and with the quotes: > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > results in: > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura] > > It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase? > > :rjs > > > On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com> > wrote: > >> Rudolf, >> >> Here is the first half of the file, the whole file is over the 500k >> limit of free pastebin: >> >> https://pastebin.com/UcnKebce >> >> >> And here is the 2nd half of the file: >> >> https://pastebin.com/9117tdUU >> >> >> Greg >> ------------------------------ >> *From:* Rudolf Streif <rudolf.streif@ibeeto.com> >> *Sent:* Wednesday, May 22, 2019 12:42:40 PM >> *To:* Greg Wilson-Lindberg >> *Cc:* Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> Greg, >> Can you share the logfile via Pastebin? >> :rjs >> >> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg < >> GWilson@sakuraus.com> wrote: >> >>> Rudolf, >>> >>> Something else is happening to me. I changed to this in the image recipe: >>> >>> SAKURA_USER = "sakura" >>> >>> SAKURA_PASSWD = "Distracted" >>> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" >>> >>> EXTRA_USERS_PARAMS = "\ >>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ >>> usermod -a -G sudo,dialout ${SAKURA_USER}; \ >>> " >>> >>> deleting all of the commented out lines, and I get this in the log file: >>> >>> >>> ..../scribe/1.0-r0/rootfs -p '' sakura] >>> >>> >>> nothing between the single quotes. It's acting like SAKURA_PASS is not >>> defined. >>> >>> This is only happening when I'm trying the MD5 password. >>> >>> >>> Greg >>> ------------------------------ >>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com> >>> *Sent:* Tuesday, May 21, 2019 5:37:23 AM >>> *To:* Greg Wilson-Lindberg >>> *Cc:* Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> Greg, >>> >>> usermod does not work for the MD5 algorithm with the explicit password >>> hash as it contains the $ field delimiters which are interpreted by the >>> shell executing the usermod command. Use single quotes around the password >>> hash: >>> >>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; >>> >>> :rjs >>> >>> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com> >>> wrote: >>> >>>> Hi Rudolf, >>>> >>>> I've had more time to work with this and I'm still having problems getting >>>> everything to work properly. I've attached the image recipe recipe that I'm >>>> using so I don't leave any thing out that may be relevant. >>>> >>>> When I build with a password that is no more more than 8 characters long >>>> and no non-alphabetic characters: >>>> >>>> SAKURA_PASSWD = "Distract" >>>> SAKURA_PASS = "WRsDFfg1BsrDM" >>>> >>>> everything works correctly. >>>> >>>> I first tried that using the `openssl ...` form, and then I tried the >>>> -1, MD5 BSD form and had problems, so I changed to doing the openssl >>>> on the command line and making sure that I don't have any characters >>>> that display as '.' or '/'. Again, if I don't do more than 8 characters >>>> and no special characters everything works. >>>> >>>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes >>>> and the log file shows the usermod being exectued correctly: >>>> >>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] >>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] >>>> >>>> But when I try to sign in it doesn't work. >>>> >>>> I then tried the 10 character password 'Distracted', the build fails: >>>> >>>> NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] >>>> Usage: usermod [options] LOGIN >>>> >>>> Options: >>>> -c, --comment COMMENT new value of the GECOS field >>>> -d, --home HOME_DIR new home directory for the user account >>>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE >>>> -f, --inactive INACTIVE set password inactive after expiration >>>> to INACTIVE >>>> -g, --gid GROUP force use GROUP as new primary group >>>> -G, --groups GROUPS new list of supplementary GROUPS >>>> -a, --append append the user to the supplemental GROUPS >>>> mentioned by the -G option without removing >>>> him/her from other groups >>>> -h, --help display this help message and exit >>>> -l, --login NEW_LOGIN new value of the login name >>>> -L, --lock lock the user account >>>> -m, --move-home move contents of the home directory to the >>>> new location (use only with -d) >>>> -o, --non-unique allow using duplicate (non-unique) UID >>>> -p, --password PASSWORD use encrypted password for the new password >>>> -P, --clear-password PASSWORD use clear password for the new password >>>> -R, --root CHROOT_DIR directory to chroot into >>>> -s, --shell SHELL new login shell for the user account >>>> -u, --uid UID new UID for the user account >>>> -U, --unlock unlock the user account >>>> -v, --add-subuids FIRST-LAST add range of subordinate uids >>>> -V, --del-subuids FIRST-LAST remove range of subordinate uids >>>> -w, --add-subgids FIRST-LAST add range of subordinate gids >>>> -W, --del-subgids FIRST-LAST remove range of subordinate gids >>>> >>>> ERROR: scribe: usermod command did not succeed. >>>> >>>> So, even though I'm putting in the openssl output: >>>> openssl passwd -1 "Distracted" >>>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 >>>> >>>> that I get back from what should be a valid run of openssl, I don't see anything >>>> from the password on the usermod command line: >>>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" >>>> >>>> I don't understand why the short passwords and passing along the proper hash works, >>>> but not the longer password. >>>> >>>> It also doesn't make sense that I can't put in the '$' & '@' characters and >>>> have them work. >>>> >>>> Any suggestions would be greatly appreciated. >>>> >>>> Greg >>>> >>>> ------------------------------ >>>> *From:* Rudolf Streif <rudolf.streif@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM >>>> *To:* Greg Wilson-Lindberg >>>> *Cc:* Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> Glad to hear that it works now. I am planning on attending the YP >>>> DevDay. >>>> >>>> :rjs >>>> >>>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com> >>>> wrote: >>>> >>>>> Thank you very much, that got me back on the right path. >>>>> >>>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference. >>>>> >>>>> Regards, >>>>> >>>>> [image: cid:image001.png@01D35D7D.179A7510] >>>>> >>>>> *Greg Wilson-Lindberg * >>>>> >>>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. * >>>>> >>>>> >>>>> >>>>> 1750 W 214 >>>>> <https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street >>>>> | Torrance, CA 90501 | U.S.A. >>>>> >>>>> T: +1 310 783 5075 >>>>> >>>>> F: +1 310 618 6902 | E: gwilson@sakuraus.com >>>>> >>>>> www.sakuraus.com >>>>> >>>>> >>>>> >>>>> [image: cid:image002.png@01D35D7D.179A7510] >>>>> >>>>> [image: cid:image003.png@01D35D7D.179A7510] >>>>> ------------------------------ >>>>> >>>>> Confidentiality Notice: This e-mail transmission may contain >>>>> confidential or legally privileged information that is intended only for >>>>> the individual or entity named in the e-mail address. If you are not the >>>>> intended recipient, you are hereby notified that any disclosure, copying, >>>>> distribution, or reliance upon the contents of this e-mail is strictly >>>>> prohibited. If you have received this e-mail transmission in error, please >>>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for >>>>> proper delivery, and then please delete the message from your inbox. Thank >>>>> you. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Rudolf J Streif [mailto:rudolf.streif@ibeeto.com] >>>>> *Sent:* Wednesday, May 15, 2019 01:30 PM >>>>> *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com>; Yocto list >>>>> discussion <yocto@yoctoproject.org> >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> Instead of >>>>> >>>>> >>>>> >>>>> useradd -p `openssl passwd test` sakura >>>>> >>>>> >>>>> >>>>> which attempts to add the user and set the password which fails if the >>>>> user already exists, use >>>>> >>>>> >>>>> >>>>> usermod -p `openssl passwd test` sakura >>>>> >>>>> >>>>> >>>>> which sets the user's password. >>>>> >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> >>>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: >>>>> >>>>> Ok, I had been using the useradd class in a couple of other recipes to >>>>> allow me to copy files to the sakura user directory and another location, >>>>> but owned by sakura. That seems to have been what was causing the problem. >>>>> >>>>> >>>>> >>>>> I had been using the extrausers class in my top level image recipe. >>>>> >>>>> >>>>> So now how do I get all of this to work together? Do I need to put >>>>> everything that touches the sakura user in the same recipe? It seems that I >>>>> need to use only one of the useradd or extrausers classes? >>>>> >>>>> >>>>> >>>>> Greg >>>>> ------------------------------ >>>>> >>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>>>> <rudolf.streif@ibeeto.com> >>>>> *Sent:* Wednesday, May 15, 2019 12:31 PM >>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> The ! for the password in /etc/shadow indicates that the account is >>>>> disabled: >>>>> >>>>> sakura:!:18031:0:99999:7::: >>>>> >>>>> >>>>> >>>>> Either there is something wrong with the password generation or it >>>>> gets disabled by something else. Maybe it's worth trying with a plain image >>>>> without Boot2Qt or anything else. >>>>> >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >>>>> >>>>> Hi Rudolf, >>>>> >>>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >>>>> >>>>> >>>>> >>>>> It shouldn't make any difference, but I'm building this for an RPi3 >>>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >>>>> >>>>> >>>>> >>>>> Greg >>>>> ------------------------------ >>>>> >>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>>>> <rudolf.streif@ibeeto.com> >>>>> *Sent:* Wednesday, May 15, 2019 11:26 AM >>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> Hi Greg, >>>>> >>>>> >>>>> >>>>> > I've also tried both the back-quote and the single-quote, no >>>>> difference. >>>>> >>>>> >>>>> >>>>> Help me to understand this. the back-quotes are the right ones. If you >>>>> use the single ones your password in the /etc/shadow ends up being 'openssl >>>>> passwd test' (without the quotes), unless the build fails because of a >>>>> parsing error (I have not tried it). Silly question, you did inherit >>>>> extrausers class? >>>>> >>>>> >>>>> >>>>> Can you post your /etc/passwd and /etc/shadow >>>>> >>>>> >>>>> >>>>> I am surprised that this does not work with your setup. I have been >>>>> doing this a gazillion times always with success. >>>>> >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >>>>> >>>>> Hi Rudolf, >>>>> >>>>> Thanks for the reply, and the information on how openssl works. >>>>> >>>>> >>>>> >>>>> I'm trying to create a user with the same group name so the code that >>>>> I'm using reduces to: >>>>> >>>>> EXTRA_USERS_PARAMS = "\ >>>>> >>>>> useradd -p `openssl passwd test` sakura; \ >>>>> >>>>> usermod -a -G sudo ${SAKURA_USER}; \ >>>>> >>>>> " >>>>> >>>>> I also, as you can see, removed the macros to eliminate as much >>>>> confusion as possible. >>>>> >>>>> >>>>> >>>>> I still can't login in using the password 'test'. >>>>> >>>>> >>>>> >>>>> I've also tried both the back-quote and the single-quote, no >>>>> difference. >>>>> >>>>> Regards, >>>>> >>>>> >>>>> >>>>> Greg >>>>> ------------------------------ >>>>> >>>>> *From:* Rudolf J Streif <rudolf.streif@ibeeto.com> >>>>> <rudolf.streif@ibeeto.com> >>>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> Hi Greg, >>>>> >>>>> Well, I suppose I wrote the book you are referring to... >>>>> >>>>> >>>>> Using >>>>> >>>>> useradd -p PASSWORD USER >>>>> >>>>> takes the password hash for PASSWORD hence the use of openssl in: >>>>> >>>>> useadd -p `openssl passwd PASSWORD` USER >>>>> >>>>> openssl password creates the password hash using the original crypt >>>>> hash >>>>> algorithm if no other options are specified. e.g. >>>>> >>>>> $ openssl passwd hello >>>>> 6hEsTksgRkeiI >>>>> >>>>> With this the first two characters of the output is the salt and the >>>>> rest is the password hash. If you want openssl to create the same >>>>> result >>>>> again: >>>>> >>>>> $ openssl passwd -salt "6h" hello >>>>> 6hEsTksgRkeiI >>>>> >>>>> You can use newer algorithms like MD5 based BSD password algorithm 1: >>>>> >>>>> $ openssl passwd -1 hello >>>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >>>>> >>>>> $1 : password algorithm 1 >>>>> $4Mu8Fcs. : salt >>>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash >>>>> >>>>> >>>>> If you log into the system you have to use the clear password. The >>>>> system reads the salt, creates the password hash and compares the >>>>> results. >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >>>>> > I'm trying to use the example in "Embedded Linux Systems with the >>>>> Yocto Project" to add a user to my Yocto build. In the book the sample code: >>>>> > >>>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >>>>> > >>>>> > uses openssl to generate the encrypted password string to pass to >>>>> useradd. I have never been able to get this to work. When I run the openssl >>>>> > command on the cmd line I get a different value every time, this >>>>> seems wrong, How can the password code compare against it if every encode >>>>> > produces a different value? >>>>> > >>>>> > I am getting the user added to the system, the home directory shows >>>>> up and the user is in the passwd and group files. I just can't login to the >>>>> > account. >>>>> > >>>>> > I've obviously got something confused, any help would be appreciated. >>>>> > >>>>> > Greg Wilson-Lindberg >>>>> > >>>>> >>>>> -- >>>>> ----- >>>>> Rudolf J Streif >>>>> CEO/CTO ibeeto >>>>> +1.855.442.3396 x700 >>>>> >>>>> -- >>>>> >>>>> ----- >>>>> >>>>> Rudolf J Streif >>>>> >>>>> CEO/CTO ibeeto >>>>> >>>>> +1.855.442.3396 x700 >>>>> >>>>> -- >>>>> >>>>> ----- >>>>> >>>>> Rudolf J Streif >>>>> >>>>> CEO/CTO ibeeto >>>>> >>>>> +1.855.442.3396 x700 >>>>> >>>>> -- >>>>> >>>>> ----- >>>>> >>>>> Rudolf J Streif >>>>> >>>>> CEO/CTO ibeeto >>>>> >>>>> +1.855.442.3396 x700 >>>>> >>>>> >> >> -- >> Rudolf J Streif >> CEO/CTO >> ibeeto, Streif Enterprises Inc. >> > > > -- > Rudolf J Streif > CEO/CTO > ibeeto, Streif Enterprises Inc. > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto > -- Leon Woestenberg leon@sidebranch.com T: +31 40 711 42 76 M: +31 6 472 30 372 Sidebranch Embedded Systems Eindhoven, The Netherlands http://www.sidebranch.com [-- Attachment #2: Type: text/html, Size: 39668 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-23 21:44 ` Leon Woestenberg @ 2019-05-23 22:43 ` Greg Wilson-Lindberg 0 siblings, 0 replies; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-23 22:43 UTC (permalink / raw) To: Leon Woestenberg, Rudolf Streif; +Cc: Yocto list discussion [-- Attachment #1: Type: text/plain, Size: 16318 bytes --] Hi Leon & Rudolf, I first changed to SAKURA1_1PASS, with no change in symptoms, I then deleted the spaces, again not change. Next I just copied the hash into the usermod line: usermod -p '$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0' ${SAKURA_USER}; \ And again I get nothing in the output just the adjacent single quotes " '' ". Something is removing the encoded hash. Greg ________________________________ From: Leon Woestenberg <leon@sidebranch.com> Sent: Thursday, May 23, 2019 2:44:04 PM To: Rudolf Streif Cc: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hello Rudolf, Greg, On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> wrote: It eluded me earlier but in both instances the variable containing the password does not seem to be expanded. Could it be the spaces around the = equal sign must be removed? https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts Regards, Leon First version without the single quotes: SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] and with the quotes: SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura] It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb<http://scribe.bb> recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase? :rjs On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Rudolf, Here is the first half of the file, the whole file is over the 500k limit of free pastebin: https://pastebin.com/UcnKebce And here is the 2nd half of the file: https://pastebin.com/9117tdUU Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> Sent: Wednesday, May 22, 2019 12:42:40 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Greg, Can you share the logfile via Pastebin? :rjs On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Rudolf, Something else is happening to me. I changed to this in the image recipe: SAKURA_USER = "sakura" SAKURA_PASSWD = "Distracted" SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " deleting all of the commented out lines, and I get this in the log file: ..../scribe/1.0-r0/rootfs -p '' sakura] nothing between the single quotes. It's acting like SAKURA_PASS is not defined. This is only happening when I'm trying the MD5 password. Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> Sent: Tuesday, May 21, 2019 5:37:23 AM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Greg, usermod does not work for the MD5 algorithm with the explicit password hash as it contains the $ field delimiters which are interpreted by the shell executing the usermod command. Use single quotes around the password hash: usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; :rjs On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Hi Rudolf, I've had more time to work with this and I'm still having problems getting everything to work properly. I've attached the image recipe recipe that I'm using so I don't leave any thing out that may be relevant. When I build with a password that is no more more than 8 characters long and no non-alphabetic characters: SAKURA_PASSWD = "Distract" SAKURA_PASS = "WRsDFfg1BsrDM" everything works correctly. I first tried that using the `openssl ...` form, and then I tried the -1, MD5 BSD form and had problems, so I changed to doing the openssl on the command line and making sure that I don't have any characters that display as '.' or '/'. Again, if I don't do more than 8 characters and no special characters everything works. When I changed to using 'Ds$tr@ct' it stopped working. The build finishes and the log file shows the usermod being exectued correctly: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] But when I try to sign in it doesn't work. I then tried the 10 character password 'Distracted', the build fails: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -P, --clear-password PASSWORD use clear password for the new password -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -v, --add-subuids FIRST-LAST add range of subordinate uids -V, --del-subuids FIRST-LAST remove range of subordinate uids -w, --add-subgids FIRST-LAST add range of subordinate gids -W, --del-subgids FIRST-LAST remove range of subordinate gids ERROR: scribe: usermod command did not succeed. So, even though I'm putting in the openssl output: openssl passwd -1 "Distracted" $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 that I get back from what should be a valid run of openssl, I don't see anything from the password on the usermod command line: "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" I don't understand why the short passwords and passing along the proper hash works, but not the longer password. It also doesn't make sense that I can't put in the '$' & '@' characters and have them work. Any suggestions would be greatly appreciated. Greg ________________________________ From: Rudolf Streif <rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>> Sent: Wednesday, May 15, 2019 4:58:26 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Glad to hear that it works now. I am planning on attending the YP DevDay. :rjs On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>> wrote: Thank you very much, that got me back on the right path. Maybe I'll see you at the Yocto day at the Embedded Linux Conference. Regards, Greg Wilson-Lindberg Principal Firmware Engineer | Sakura Finetek USA, Inc. 1750 W 214<https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street | Torrance, CA 90501 | U.S.A. T: +1 310 783 5075 F: +1 310 618 6902 | E: gwilson@sakuraus.com<mailto:gwilson@sakuraus.com> www.sakuraus.com<http://www.sakuraus.com> [cid:image002.png@01D35D7D.179A7510] [cid:image003.png@01D35D7D.179A7510] ________________________________ Confidentiality Notice: This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that Sakura Finetek USA, Inc. can arrange for proper delivery, and then please delete the message from your inbox. Thank you. From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com<mailto:rudolf.streif@ibeeto.com>] Sent: Wednesday, May 15, 2019 01:30 PM To: Greg Wilson-Lindberg <GWilson@sakuraus.com<mailto:GWilson@sakuraus.com>>; Yocto list discussion <yocto@yoctoproject.org<mailto:yocto@yoctoproject.org>> Subject: Re: [yocto] problem adding a user Instead of useradd -p `openssl passwd test` sakura which attempts to add the user and set the password which fails if the user already exists, use usermod -p `openssl passwd test` sakura which sets the user's password. :rjs On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: Ok, I had been using the useradd class in a couple of other recipes to allow me to copy files to the sakura user directory and another location, but owned by sakura. That seems to have been what was causing the problem. I had been using the extrausers class in my top level image recipe. So now how do I get all of this to work together? Do I need to put everything that touches the sakura user in the same recipe? It seems that I need to use only one of the useradd or extrausers classes? Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 12:31 PM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user The ! for the password in /etc/shadow indicates that the account is disabled: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets disabled by something else. Maybe it's worth trying with a plain image without Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use the single ones your password in the /etc/shadow ends up being 'openssl passwd test' (without the quotes), unless the build fails because of a parsing error (I have not tried it). Silly question, you did inherit extrausers class? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing this a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm using reduces to: EXTRA_USERS_PARAMS = "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion as possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif <rudolf.streif@ibeeto.com><mailto:rudolf.streif@ibeeto.com> Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc. -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc. -- _______________________________________________ yocto mailing list yocto@yoctoproject.org<mailto:yocto@yoctoproject.org> https://lists.yoctoproject.org/listinfo/yocto -- Leon Woestenberg leon@sidebranch.com<mailto:leon@sidebranch.com> T: +31 40 711 42 76 M: +31 6 472 30 372 Sidebranch Embedded Systems Eindhoven, The Netherlands http://www.sidebranch.com<http://www.sidebranch.com/> [http://www.sidebranch.nl/sites/default/files/images/unnamed.png] [-- Attachment #2: Type: text/html, Size: 41516 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-23 20:40 ` Rudolf Streif 2019-05-23 21:44 ` Leon Woestenberg @ 2019-05-24 2:11 ` Khem Raj 2019-05-24 18:45 ` Greg Wilson-Lindberg 1 sibling, 1 reply; 21+ messages in thread From: Khem Raj @ 2019-05-24 2:11 UTC (permalink / raw) To: Rudolf Streif, Greg Wilson-Lindberg; +Cc: Yocto list discussion On 5/23/19 1:40 PM, Rudolf Streif wrote: > Greg, > > It eluded me earlier but in both instances the variable containing the > password does not seem to be expanded. > > First version without the single quotes: > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > results in: > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] > > and with the quotes: > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > results in: > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura] > > It looks as if the variable SAKURA_PASS is not set at all. I looked at > your scribe.bb <http://scribe.bb> recipe you attached earlier but I > could not find any reason why the variable is not set. Is there a chance > that it is overridden somewhere elase? > This is correct with one small nit that we need to escape some characters which has special meaning for shell. e.g. $ e.g. in local.conf something like below INHERIT += "extrausers" EXTRA_USERS_PARAMS += "\ useradd sakura; \ usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \ " might work as you expect. > :rjs > > > On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > Rudolf, > > Here is the first half of the file, the whole file is over the 500k > limit of free pastebin: > > https://pastebin.com/UcnKebce > > > And here is the 2nd half of the file: > > https://pastebin.com/9117tdUU > > > Greg > > ------------------------------------------------------------------------ > *From:* Rudolf Streif <rudolf.streif@ibeeto.com > <mailto:rudolf.streif@ibeeto.com>> > *Sent:* Wednesday, May 22, 2019 12:42:40 PM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > Greg, > Can you share the logfile via Pastebin? > :rjs > > On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > Rudolf, > > Something else is happening to me. I changed to this in the > image recipe: > > SAKURA_USER = "sakura" > > SAKURA_PASSWD = "Distracted" > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > > deleting all of the commented out lines, and I get this in the > log file: > > > ..../scribe/1.0-r0/rootfs -p '' sakura] > > > nothing between the single quotes. It's acting like SAKURA_PASS > is not defined. > > This is only happening when I'm trying the MD5 password. > > > Greg > > ------------------------------------------------------------------------ > *From:* Rudolf Streif <rudolf.streif@ibeeto.com > <mailto:rudolf.streif@ibeeto.com>> > *Sent:* Tuesday, May 21, 2019 5:37:23 AM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > Greg, > > usermod does not work for the MD5 algorithm with the explicit > password hash as it contains the $ field delimiters which are > interpreted by the shell executing the usermod command. Use > single quotes around the password hash: > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; > > :rjs > > On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > Hi Rudolf, > > I've had more time to work with this and I'm still having problems getting > everything to work properly. I've attached the image recipe recipe that I'm > using so I don't leave any thing out that may be relevant. > > When I build with a password that is no more more than 8 characters long > and no non-alphabetic characters: > > SAKURA_PASSWD = "Distract" > SAKURA_PASS = "WRsDFfg1BsrDM" > > everything works correctly. > > I first tried that using the `openssl ...` form, and then I tried the > -1, MD5 BSD form and had problems, so I changed to doing the openssl > on the command line and making sure that I don't have any characters > that display as '.' or '/'. Again, if I don't do more than 8 characters > and no special characters everything works. > > When I changed to using 'Ds$tr@ct' it stopped working. The build finishes > and the log file shows the usermod being exectued correctly: > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G sudo,dialout sakura] > > But when I try to sign in it doesn't work. > > I then tried the 10 character password 'Distracted', the build fails: > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] > Usage: usermod [options] LOGIN > > Options: > -c, --comment COMMENT new value of the GECOS field > -d, --home HOME_DIR new home directory for the user account > -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE > -f, --inactive INACTIVE set password inactive after expiration > to INACTIVE > -g, --gid GROUP force use GROUP as new primary group > -G, --groups GROUPS new list of supplementary GROUPS > -a, --append append the user to the supplemental GROUPS > mentioned by the -G option without removing > him/her from other groups > -h, --help display this help message and exit > -l, --login NEW_LOGIN new value of the login name > -L, --lock lock the user account > -m, --move-home move contents of the home directory to the > new location (use only with -d) > -o, --non-unique allow using duplicate (non-unique) UID > -p, --password PASSWORD use encrypted password for the new password > -P, --clear-password PASSWORD use clear password for the new password > -R, --root CHROOT_DIR directory to chroot into > -s, --shell SHELL new login shell for the user account > -u, --uid UID new UID for the user account > -U, --unlock unlock the user account > -v, --add-subuids FIRST-LAST add range of subordinate uids > -V, --del-subuids FIRST-LAST remove range of subordinate uids > -w, --add-subgids FIRST-LAST add range of subordinate gids > -W, --del-subgids FIRST-LAST remove range of subordinate gids > > ERROR: scribe: usermod command did not succeed. > > So, even though I'm putting in the openssl output: > openssl passwd -1 "Distracted" > $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 > > that I get back from what should be a valid run of openssl, I don't see anything > from the password on the usermod command line: > "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" > > I don't understand why the short passwords and passing along the proper hash works, > but not the longer password. > > It also doesn't make sense that I can't put in the '$' & '@' characters and > have them work. > > Any suggestions would be greatly appreciated. > > Greg > > ------------------------------------------------------------------------ > *From:* Rudolf Streif <rudolf.streif@ibeeto.com > <mailto:rudolf.streif@ibeeto.com>> > *Sent:* Wednesday, May 15, 2019 4:58:26 PM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > Glad to hear that it works now. I am planning on attending > the YP DevDay. > > :rjs > > On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > Thank you very much, that got me back on the right path.____ > > Maybe I'll see you at the Yocto day at the Embedded > Linux Conference.____ > > Regards,____ > > cid:image001.png@01D35D7D.179A7510____ > > *Greg Wilson-Lindberg ____* > > *Principal Firmware Engineer | Sakura Finetek USA, Inc. > ____* > > *____* > > 1750 W 214^th Street | Torrance, CA 90501 | U.S.A. ____ > > T: +1 310 783 5075 ____ > > F: +1 310 618 6902 | E: gwilson@sakuraus.com > <mailto:gwilson@sakuraus.com>____ > > www.sakuraus.com <http://www.sakuraus.com>____ > > ____ > > cid:image002.png@01D35D7D.179A7510____ > > > > cid:image003.png@01D35D7D.179A7510____ > > ------------------------------------------------------------------------ > > Confidentiality Notice: This e-mail transmission may > contain confidential or legally privileged information > that is intended only for the individual or entity named > in the e-mail address. If you are not the intended > recipient, you are hereby notified that any disclosure, > copying, distribution, or reliance upon the contents of > this e-mail is strictly prohibited. If you have received > this e-mail transmission in error, please reply to the > sender, so that Sakura Finetek USA, Inc. can arrange for > proper delivery, and then please delete the message from > your inbox. Thank you.____ > > __ __ > > __ __ > > *From:*Rudolf J Streif [mailto:rudolf.streif@ibeeto.com > <mailto:rudolf.streif@ibeeto.com>] > *Sent:* Wednesday, May 15, 2019 01:30 PM > *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com > <mailto:GWilson@sakuraus.com>>; Yocto list discussion > <yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>> > *Subject:* Re: [yocto] problem adding a user____ > > __ __ > > Instead of____ > > __ __ > > useradd -p `openssl passwd test` sakura____ > > __ __ > > which attempts to add the user and set the password > which fails if the user already exists, use____ > > __ __ > > usermod -p `openssl passwd test` sakura____ > > __ __ > > which sets the user's password.____ > > __ __ > > :rjs____ > > __ __ > > On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____ > > Ok, I had been using the useradd class in a couple > of other recipes to allow me to copy files to the > sakura user directory and another location, but > owned by sakura. That seems to have been what was > causing the problem.____ > > __ __ > > I had been using the extrausers class in my > top level image recipe.____ > > > So now how do I get all of this to work together? Do > I need to put everything that touches the sakura > user in the same recipe? It seems that I need to use > only one of the useradd or extrausers classes?____ > > __ __ > > Greg____ > > ------------------------------------------------------------------------ > > *From:*Rudolf J Streif <rudolf.streif@ibeeto.com> > <mailto:rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 12:31 PM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user____ > > ____ > > The ! for the password in /etc/shadow indicates that > the account is disabled:____ > > sakura:!:18031:0:99999:7:::____ > > __ __ > > Either there is something wrong with the password > generation or it gets disabled by something else. > Maybe it's worth trying with a plain image without > Boot2Qt or anything else.____ > > __ __ > > :rjs____ > > __ __ > > __ __ > > On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:____ > > Hi Rudolf,____ > > 1st, yes I inherit extrausers. Attached are the > passwd & shadow files.____ > > __ __ > > It shouldn't make any difference, but I'm > building this for an RPi3 using the Qt Boot2Qt > version of the Yocto environment, distro 2.5.3.____ > > __ __ > > Greg____ > > ------------------------------------------------------------------------ > > *From:*Rudolf J Streif > <rudolf.streif@ibeeto.com> > <mailto:rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 11:26 AM > *To:* Greg Wilson-Lindberg; Yocto list discussion > *Subject:* Re: [yocto] problem adding a user____ > > ____ > > Hi Greg,____ > > __ __ > > > I've also tried both the back-quote and the single-quote, no difference.____ > > __ __ > > Help me to understand this. the back-quotes are > the right ones. If you use the single ones your > password in the /etc/shadow ends up being > 'openssl passwd test' (without the quotes), > unless the build fails because of a parsing > error (I have not tried it). Silly question, you > did inherit extrausers class?____ > > __ __ > > Can you post your /etc/passwd and /etc/shadow____ > > __ __ > > I am surprised that this does not work with your > setup. I have been doing this a gazillion times > always with success.____ > > __ __ > > :rjs____ > > __ __ > > __ __ > > __ __ > > On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:____ > > Hi Rudolf,____ > > Thanks for the reply, and the information on > how openssl works.____ > > __ __ > > I'm trying to create a user with the same > group name so the code that I'm using > reduces to:____ > > EXTRA_USERS_PARAMS = "\____ > > useradd -p `openssl passwd test` sakura; \____ > > usermod -a -G sudo ${SAKURA_USER}; \____ > > "____ > > I also, as you can see, removed the macros > to eliminate as much confusion as possible. ____ > > __ __ > > I still can't login in using > the password 'test'.____ > > __ __ > > I've also tried both the back-quote and the > single-quote, no difference.____ > > Regards,____ > > __ __ > > Greg____ > > ------------------------------------------------------------------------ > > *From:*Rudolf J Streif > <rudolf.streif@ibeeto.com> > <mailto:rudolf.streif@ibeeto.com> > *Sent:* Wednesday, May 15, 2019 10:07:47 AM > *To:* Greg Wilson-Lindberg; Yocto list > discussion > *Subject:* Re: [yocto] problem adding a user____ > > ____ > > Hi Greg, > > Well, I suppose I wrote the book you are > referring to... > > > Using > > useradd -p PASSWORD USER > > takes the password hash for PASSWORD hence > the use of openssl in: > > useadd -p `openssl passwd PASSWORD` USER > > openssl password creates the password hash > using the original crypt hash > algorithm if no other options are specified. > e.g. > > $ openssl passwd hello > 6hEsTksgRkeiI > > With this the first two characters of the > output is the salt and the > rest is the password hash. If you want > openssl to create the same result > again: > > $ openssl passwd -salt "6h" hello > 6hEsTksgRkeiI > > You can use newer algorithms like MD5 based > BSD password algorithm 1: > > $ openssl passwd -1 hello > $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 > > $1 : password algorithm 1 > $4Mu8Fcs. : salt > $eIKgPP7RCYrb3lFZjhADA1 : password hash > > > If you log into the system you have to use > the clear password. The > system reads the salt, creates the password > hash and compares the results. > > > :rjs > > > On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > > I'm trying to use the example in "Embedded Linux Systems with the Yocto Project" to add a user to my Yocto build. In the book the sample code: > > > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > > > uses openssl to generate the encrypted password string to pass to useradd. I have never been able to get this to work. When I run the openssl > > command on the cmd line I get a different value every time, this seems wrong, How can the password code compare against it if every encode > > produces a different value? > > > > I am getting the user added to the system, the home directory shows up and the user is in the passwd and group files. I just can't login to the > > account. > > > > I've obviously got something confused, any help would be appreciated. > > > > Greg Wilson-Lindberg > > > > -- > ----- > Rudolf J Streif > CEO/CTO ibeeto > +1.855.442.3396 x700____ > > -- ____ > > -----____ > > Rudolf J Streif____ > > CEO/CTO ibeeto____ > > +1.855.442.3396 x700____ > > -- ____ > > -----____ > > Rudolf J Streif____ > > CEO/CTO ibeeto____ > > +1.855.442.3396 x700____ > > -- ____ > > -----____ > > Rudolf J Streif____ > > CEO/CTO ibeeto____ > > +1.855.442.3396 x700____ > > > > -- > Rudolf J Streif > CEO/CTO > ibeeto, Streif Enterprises Inc. > > > > -- > Rudolf J Streif > CEO/CTO > ibeeto, Streif Enterprises Inc. > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: problem adding a user 2019-05-24 2:11 ` Khem Raj @ 2019-05-24 18:45 ` Greg Wilson-Lindberg 0 siblings, 0 replies; 21+ messages in thread From: Greg Wilson-Lindberg @ 2019-05-24 18:45 UTC (permalink / raw) To: Khem Raj, Rudolf Streif; +Cc: Yocto list discussion Hi Khem, > -----Original Message----- > From: Khem Raj [mailto:raj.khem@gmail.com] > Sent: Thursday, May 23, 2019 07:11 PM > To: Rudolf Streif <rudolf.streif@ibeeto.com>; Greg Wilson-Lindberg > <GWilson@sakuraus.com> > Cc: Yocto list discussion <yocto@yoctoproject.org> > Subject: Re: [yocto] problem adding a user > > > > On 5/23/19 1:40 PM, Rudolf Streif wrote: > > Greg, > > > > It eluded me earlier but in both instances the variable containing the > > password does not seem to be expanded. > > > > First version without the single quotes: > > > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > > > EXTRA_USERS_PARAMS = "\ > > usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ > > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > > " > > results in: > > > > NOTE: scribe: Performing usermod with [-R > > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor > > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] > > > > and with the quotes: > > > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > > > EXTRA_USERS_PARAMS = "\ > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > > " > > results in: > > NOTE: scribe: Performing usermod with [-R > > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor > > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura] > > > > It looks as if the variable SAKURA_PASS is not set at all. I looked at > > your scribe.bb <http://scribe.bb> recipe you attached earlier but I > > could not find any reason why the variable is not set. Is there a > > chance that it is overridden somewhere elase? > > > > > This is correct with one small nit that we need to escape some characters which has > special meaning for shell. e.g. $ > > e.g. in local.conf something like below > > INHERIT += "extrausers" > > EXTRA_USERS_PARAMS += "\ > useradd sakura; \ > usermod -p '\$1\$QVO3K6Ii\$fvkoDKnlzz3d5uVoL7KcM0' sakura; \ " > > might work as you expect. This does leave the hash in the usermod command line finally. So it is possible to pass MD5 hashes through if the '$' are escaped. I can't use non-alphabetic characters, i.e replace 's' with '$', and 'a' with '@', I can't login with those changes. But MD5 hashes of alphabetic only passwords work for the cases that I have tested. I can also pass the escaped hash in to usermod as a macro. It looks like I've got something that I can work with. Thanks to all for the help that you have so kindly given, Greg > > > :rjs > > > > > > On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg > > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > > > Rudolf, > > > > Here is the first half of the file, the whole file is over the 500k > > limit of free pastebin: > > > > https://pastebin.com/UcnKebce > > > > > > And here is the 2nd half of the file: > > > > https://pastebin.com/9117tdUU > > > > > > Greg > > > > ------------------------------------------------------------------------ > > *From:* Rudolf Streif <rudolf.streif@ibeeto.com > > <mailto:rudolf.streif@ibeeto.com>> > > *Sent:* Wednesday, May 22, 2019 12:42:40 PM > > *To:* Greg Wilson-Lindberg > > *Cc:* Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user > > Greg, > > Can you share the logfile via Pastebin? > > :rjs > > > > On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg > > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > > > Rudolf, > > > > Something else is happening to me. I changed to this in the > > image recipe: > > > > SAKURA_USER = "sakura" > > > > SAKURA_PASSWD = "Distracted" > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > > > EXTRA_USERS_PARAMS = "\ > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > > " > > > > deleting all of the commented out lines, and I get this in the > > log file: > > > > > > ..../scribe/1.0-r0/rootfs -p '' sakura] > > > > > > nothing between the single quotes. It's acting like SAKURA_PASS > > is not defined. > > > > This is only happening when I'm trying the MD5 password. > > > > > > Greg > > > > ------------------------------------------------------------------------ > > *From:* Rudolf Streif <rudolf.streif@ibeeto.com > > <mailto:rudolf.streif@ibeeto.com>> > > *Sent:* Tuesday, May 21, 2019 5:37:23 AM > > *To:* Greg Wilson-Lindberg > > *Cc:* Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user > > Greg, > > > > usermod does not work for the MD5 algorithm with the explicit > > password hash as it contains the $ field delimiters which are > > interpreted by the shell executing the usermod command. Use > > single quotes around the password hash: > > > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; > > > > :rjs > > > > On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg > > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > > > Hi Rudolf, > > > > I've had more time to work with this and I'm still having problems getting > > everything to work properly. I've attached the image recipe recipe that I'm > > using so I don't leave any thing out that may be relevant. > > > > When I build with a password that is no more more than 8 characters long > > and no non-alphabetic characters: > > > > SAKURA_PASSWD = "Distract" > > SAKURA_PASS = "WRsDFfg1BsrDM" > > > > everything works correctly. > > > > I first tried that using the `openssl ...` form, and then I tried the > > -1, MD5 BSD form and had problems, so I changed to doing the openssl > > on the command line and making sure that I don't have any characters > > that display as '.' or '/'. Again, if I don't do more than 8 characters > > and no special characters everything works. > > > > When I changed to using 'Ds$tr@ct' it stopped working. The build finishes > > and the log file shows the usermod being exectued correctly: > > > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt- > 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux- > gnueabi/scribe/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] > > NOTE: scribe: Performing usermod with [-R > > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/wor > > k/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -a -G > > sudo,dialout sakura] > > > > But when I try to sign in it doesn't work. > > > > I then tried the 10 character password 'Distracted', the build fails: > > > > NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt- > 5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux- > gnueabi/scribe/1.0-r0/rootfs -p sakura] > > Usage: usermod [options] LOGIN > > > > Options: > > -c, --comment COMMENT new value of the GECOS field > > -d, --home HOME_DIR new home directory for the user account > > -e, --expiredate EXPIRE_DATE set account expiration date to > EXPIRE_DATE > > -f, --inactive INACTIVE set password inactive after expiration > > to INACTIVE > > -g, --gid GROUP force use GROUP as new primary group > > -G, --groups GROUPS new list of supplementary GROUPS > > -a, --append append the user to the supplemental GROUPS > > mentioned by the -G option without removing > > him/her from other groups > > -h, --help display this help message and exit > > -l, --login NEW_LOGIN new value of the login name > > -L, --lock lock the user account > > -m, --move-home move contents of the home directory to the > > new location (use only with -d) > > -o, --non-unique allow using duplicate (non-unique) UID > > -p, --password PASSWORD use encrypted password for the new > password > > -P, --clear-password PASSWORD use clear password for the new > password > > -R, --root CHROOT_DIR directory to chroot into > > -s, --shell SHELL new login shell for the user account > > -u, --uid UID new UID for the user account > > -U, --unlock unlock the user account > > -v, --add-subuids FIRST-LAST add range of subordinate uids > > -V, --del-subuids FIRST-LAST remove range of subordinate uids > > -w, --add-subgids FIRST-LAST add range of subordinate gids > > -W, --del-subgids FIRST-LAST remove range of > > subordinate gids > > > > ERROR: scribe: usermod command did not succeed. > > > > So, even though I'm putting in the openssl output: > > openssl passwd -1 "Distracted" > > $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 > > > > that I get back from what should be a valid run of openssl, I don't see > anything > > from the password on the usermod command line: > > "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" > > > > I don't understand why the short passwords and passing along the proper > hash works, > > but not the longer password. > > > > It also doesn't make sense that I can't put in the '$' & '@' characters and > > have them work. > > > > Any suggestions would be greatly appreciated. > > > > Greg > > > > ------------------------------------------------------------------------ > > *From:* Rudolf Streif <rudolf.streif@ibeeto.com > > <mailto:rudolf.streif@ibeeto.com>> > > *Sent:* Wednesday, May 15, 2019 4:58:26 PM > > *To:* Greg Wilson-Lindberg > > *Cc:* Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user > > Glad to hear that it works now. I am planning on attending > > the YP DevDay. > > > > :rjs > > > > On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg > > <GWilson@sakuraus.com <mailto:GWilson@sakuraus.com>> wrote: > > > > Thank you very much, that got me back on the right > > path.____ > > > > Maybe I'll see you at the Yocto day at the Embedded > > Linux Conference.____ > > > > Regards,____ > > > > cid:image001.png@01D35D7D.179A7510____ > > > > *Greg Wilson-Lindberg ____* > > > > *Principal Firmware Engineer | Sakura Finetek USA, Inc. > > ____* > > > > *____* > > > > 1750 W 214^th Street | Torrance, CA 90501 | U.S.A. > > ____ > > > > T: +1 310 783 5075 ____ > > > > F: +1 310 618 6902 | E: gwilson@sakuraus.com > > <mailto:gwilson@sakuraus.com>____ > > > > www.sakuraus.com <http://www.sakuraus.com>____ > > > > ____ > > > > cid:image002.png@01D35D7D.179A7510____ > > > > > > > > cid:image003.png@01D35D7D.179A7510____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > Confidentiality Notice: This e-mail transmission may > > contain confidential or legally privileged information > > that is intended only for the individual or entity named > > in the e-mail address. If you are not the intended > > recipient, you are hereby notified that any disclosure, > > copying, distribution, or reliance upon the contents of > > this e-mail is strictly prohibited. If you have received > > this e-mail transmission in error, please reply to the > > sender, so that Sakura Finetek USA, Inc. can arrange for > > proper delivery, and then please delete the message from > > your inbox. Thank you.____ > > > > __ __ > > > > __ __ > > > > *From:*Rudolf J Streif [mailto:rudolf.streif@ibeeto.com > > <mailto:rudolf.streif@ibeeto.com>] > > *Sent:* Wednesday, May 15, 2019 01:30 PM > > *To:* Greg Wilson-Lindberg <GWilson@sakuraus.com > > <mailto:GWilson@sakuraus.com>>; Yocto list discussion > > <yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>> > > *Subject:* Re: [yocto] problem adding a user____ > > > > __ __ > > > > Instead of____ > > > > __ __ > > > > useradd -p `openssl passwd test` sakura____ > > > > __ __ > > > > which attempts to add the user and set the password > > which fails if the user already exists, use____ > > > > __ __ > > > > usermod -p `openssl passwd test` sakura____ > > > > __ __ > > > > which sets the user's password.____ > > > > __ __ > > > > :rjs____ > > > > __ __ > > > > On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:____ > > > > Ok, I had been using the useradd class in a couple > > of other recipes to allow me to copy files to the > > sakura user directory and another location, but > > owned by sakura. That seems to have been what was > > causing the problem.____ > > > > __ __ > > > > I had been using the extrausers class in my > > top level image recipe.____ > > > > > > So now how do I get all of this to work together? Do > > I need to put everything that touches the sakura > > user in the same recipe? It seems that I need to use > > only one of the useradd or extrausers classes?____ > > > > __ __ > > > > Greg____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > *From:*Rudolf J Streif <rudolf.streif@ibeeto.com> > > <mailto:rudolf.streif@ibeeto.com> > > *Sent:* Wednesday, May 15, 2019 12:31 PM > > *To:* Greg Wilson-Lindberg; Yocto list discussion > > *Subject:* Re: [yocto] problem adding a user____ > > > > ____ > > > > The ! for the password in /etc/shadow indicates that > > the account is disabled:____ > > > > sakura:!:18031:0:99999:7:::____ > > > > __ __ > > > > Either there is something wrong with the password > > generation or it gets disabled by something else. > > Maybe it's worth trying with a plain image without > > Boot2Qt or anything else.____ > > > > __ __ > > > > :rjs____ > > > > __ __ > > > > __ __ > > > > On 5/15/19 11:46 AM, Greg Wilson-Lindberg > > wrote:____ > > > > Hi Rudolf,____ > > > > 1st, yes I inherit extrausers. Attached are the > > passwd & shadow files.____ > > > > __ __ > > > > It shouldn't make any difference, but I'm > > building this for an RPi3 using the Qt Boot2Qt > > version of the Yocto environment, distro > > 2.5.3.____ > > > > __ __ > > > > Greg____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > *From:*Rudolf J Streif > > <rudolf.streif@ibeeto.com> > > <mailto:rudolf.streif@ibeeto.com> > > *Sent:* Wednesday, May 15, 2019 11:26 AM > > *To:* Greg Wilson-Lindberg; Yocto list discussion > > *Subject:* Re: [yocto] problem adding a > > user____ > > > > ____ > > > > Hi Greg,____ > > > > __ __ > > > > > I've also tried both the back-quote and the > > single-quote, no difference.____ > > > > __ __ > > > > Help me to understand this. the back-quotes are > > the right ones. If you use the single ones your > > password in the /etc/shadow ends up being > > 'openssl passwd test' (without the quotes), > > unless the build fails because of a parsing > > error (I have not tried it). Silly question, you > > did inherit extrausers class?____ > > > > __ __ > > > > Can you post your /etc/passwd and > > /etc/shadow____ > > > > __ __ > > > > I am surprised that this does not work with your > > setup. I have been doing this a gazillion times > > always with success.____ > > > > __ __ > > > > :rjs____ > > > > __ __ > > > > __ __ > > > > __ __ > > > > On 5/15/19 11:03 AM, Greg Wilson-Lindberg > > wrote:____ > > > > Hi Rudolf,____ > > > > Thanks for the reply, and the information on > > how openssl works.____ > > > > __ __ > > > > I'm trying to create a user with the same > > group name so the code that I'm using > > reduces to:____ > > > > EXTRA_USERS_PARAMS = "\____ > > > > useradd -p `openssl passwd test` > > sakura; \____ > > > > usermod -a -G sudo ${SAKURA_USER}; > > \____ > > > > "____ > > > > I also, as you can see, removed the macros > > to eliminate as much confusion as > > possible. ____ > > > > __ __ > > > > I still can't login in using > > the password 'test'.____ > > > > __ __ > > > > I've also tried both the back-quote and the > > single-quote, no difference.____ > > > > Regards,____ > > > > __ __ > > > > Greg____ > > > > > > ---------------------------------------------------------------------- > > -- > > > > *From:*Rudolf J Streif > > <rudolf.streif@ibeeto.com> > > <mailto:rudolf.streif@ibeeto.com> > > *Sent:* Wednesday, May 15, 2019 10:07:47 AM > > *To:* Greg Wilson-Lindberg; Yocto list > > discussion > > *Subject:* Re: [yocto] problem adding a > > user____ > > > > ____ > > > > Hi Greg, > > > > Well, I suppose I wrote the book you are > > referring to... > > > > > > Using > > > > useradd -p PASSWORD USER > > > > takes the password hash for PASSWORD hence > > the use of openssl in: > > > > useadd -p `openssl passwd PASSWORD` USER > > > > openssl password creates the password hash > > using the original crypt hash > > algorithm if no other options are specified. > > e.g. > > > > $ openssl passwd hello > > 6hEsTksgRkeiI > > > > With this the first two characters of the > > output is the salt and the > > rest is the password hash. If you want > > openssl to create the same result > > again: > > > > $ openssl passwd -salt "6h" hello > > 6hEsTksgRkeiI > > > > You can use newer algorithms like MD5 based > > BSD password algorithm 1: > > > > $ openssl passwd -1 hello > > $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 > > > > $1 : password algorithm 1 > > $4Mu8Fcs. : salt > > $eIKgPP7RCYrb3lFZjhADA1 : password hash > > > > > > If you log into the system you have to use > > the clear password. The > > system reads the salt, creates the password > > hash and compares the results. > > > > > > :rjs > > > > > > On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > > > I'm trying to use the example in "Embedded Linux Systems > with the Yocto Project" to add a user to my Yocto build. In the book the sample > code: > > > > > > useradd -p `openssl passwd ${DEV_PASSWORD}` > developer; \ > > > > > > uses openssl to generate the encrypted password string to > pass to useradd. I have never been able to get this to work. When I run the openssl > > > command on the cmd line I get a different value every time, > this seems wrong, How can the password code compare against it if every encode > > > produces a different value? > > > > > > I am getting the user added to the system, the home directory > shows up and the user is in the passwd and group files. I just can't login to the > > > account. > > > > > > I've obviously got something confused, any help would be > appreciated. > > > > > > Greg Wilson-Lindberg > > > > > > > -- > > ----- > > Rudolf J Streif > > CEO/CTO ibeeto > > +1.855.442.3396 x700____ > > > > -- ____ > > > > -----____ > > > > Rudolf J Streif____ > > > > CEO/CTO ibeeto____ > > > > +1.855.442.3396 x700____ > > > > -- ____ > > > > -----____ > > > > Rudolf J Streif____ > > > > CEO/CTO ibeeto____ > > > > +1.855.442.3396 x700____ > > > > -- ____ > > > > -----____ > > > > Rudolf J Streif____ > > > > CEO/CTO ibeeto____ > > > > +1.855.442.3396 x700____ > > > > > > > > -- > > Rudolf J Streif > > CEO/CTO > > ibeeto, Streif Enterprises Inc. > > > > > > > > -- > > Rudolf J Streif > > CEO/CTO > > ibeeto, Streif Enterprises Inc. > > ^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2019-05-24 18:45 UTC | newest] Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-05-15 0:34 problem adding a user Greg Wilson-Lindberg 2019-05-15 1:28 ` ChenQi 2019-05-15 17:07 ` Rudolf J Streif 2019-05-15 18:03 ` Greg Wilson-Lindberg 2019-05-15 18:26 ` Rudolf J Streif 2019-05-15 18:46 ` Greg Wilson-Lindberg 2019-05-15 19:31 ` Rudolf J Streif 2019-05-15 20:18 ` Greg Wilson-Lindberg 2019-05-15 20:30 ` Rudolf J Streif 2019-05-15 20:53 ` Greg Wilson-Lindberg 2019-05-15 23:58 ` Rudolf Streif 2019-05-20 18:54 ` Greg Wilson-Lindberg 2019-05-21 12:37 ` Rudolf Streif 2019-05-21 18:09 ` Greg Wilson-Lindberg 2019-05-22 19:42 ` Rudolf Streif 2019-05-22 20:28 ` Greg Wilson-Lindberg 2019-05-23 20:40 ` Rudolf Streif 2019-05-23 21:44 ` Leon Woestenberg 2019-05-23 22:43 ` Greg Wilson-Lindberg 2019-05-24 2:11 ` Khem Raj 2019-05-24 18:45 ` Greg Wilson-Lindberg
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.