[PATCH] ref-manual: Update how to set a useradd password

[PATCH] ref-manual: Update how to set a useradd password

[Daiane Angolini]

Partial fix for [YOCTO 14605]

Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
---
 documentation/ref-manual/classes.rst | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index ffaad9bfc..b09f83b28 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -590,19 +590,25 @@ Here is an example that uses this class in an image recipe::
        "
 
 Here is an example that adds two users named "tester-jim" and "tester-sue" and assigns
-passwords::
+passwords. First on host, create the password hash::
+
+   mkpasswd -m sha512crypt tester01
+
+The resultant hash is set to a variable and used in ``useradd`` command parameters.
+Remember to escape the character ``$``::
 
    inherit extrausers
+   PASSWD = "\$6\$kt.uxYMp9O9.Yxqd\$SBaJTucixmPm7/WjFL2CjUGMHTqtw8KPK0yxpYw.tGWWHlnOwkUwZ0Pa6vR724Te/E5./V.wua4HT/h0li8Lw/"
    EXTRA_USERS_PARAMS = "\
-       useradd -P tester01 tester-jim; \
-       useradd -P tester01 tester-sue; \
+       useradd -p '${PASSWD} tester-jim; \
+       useradd -p '${PASSWD} tester-sue; \
        "
 
-Finally, here is an example that sets the root password to "1876*18"::
+Finally, here is an example that sets the root password::
 
    inherit extrausers
    EXTRA_USERS_PARAMS = "\
-       usermod -P 1876*18 root; \
+       usermod -p '${PASSWD} root; \
        "
 
 .. _ref-classes-features_check:
-- 
2.30.2

Re: [docs] [PATCH] ref-manual: Update how to set a useradd password

[Michael Opdenacker]

On 10/21/21 3:19 PM, Michael Opdenacker wrote:
>
> And when I tried to log in with user "alice" and the password, I got:
> "crypt method not supported by libcrypt? (SHA512)"
>
> Not sure our instructions are enough here...


Actually, if I generate the password with "mkpasswd -m sha256crypt bob",
everything works fine. Not sure libcrypt in Poky's "core-image-minimal"
is sufficient.

What about using sha256crypt instead?

If you don't have time right now, I'll be happy to propose a V2 of your
patch if you are interested.
Cheers,

Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [docs] [PATCH] ref-manual: Update how to set a useradd password

[Daiane Angolini]

On Thu, Oct 21, 2021 at 10:32 AM Michael Opdenacker
<michael.opdenacker@bootlin.com> wrote:
>
>
> On 10/21/21 3:19 PM, Michael Opdenacker wrote:
> >
> > And when I tried to log in with user "alice" and the password, I got:
> > "crypt method not supported by libcrypt? (SHA512)"
> >
> > Not sure our instructions are enough here...
>
>
> Actually, if I generate the password with "mkpasswd -m sha256crypt bob",
> everything works fine. Not sure libcrypt in Poky's "core-image-minimal"
> is sufficient.
>
> What about using sha256crypt instead?

One of my sources of doubt on the initial patch is exactly that there
is a whole world around how to create a password.

And the main purpose of the patch is to inform one that a clear text
password is not supported any longer.

So, from my perspective, it's ok to use your command instead.


>
> If you don't have time right now, I'll be happy to propose a V2 of your
> patch if you are interested.

Let me work on this today! I think I can handle this. Thanks for the offer =D

Daiane
> Cheers,
>
> Michael.
>
> --
> Michael Opdenacker, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
>

Re: [docs] [PATCH] ref-manual: Update how to set a useradd password

[Daiane Angolini]

On Thu, Oct 21, 2021 at 9:30 AM Michael Opdenacker
<michael.opdenacker@bootlin.com> wrote:
>
> Oi Daiane
>
Hi Michael

> Many thanks for the patch!
>
> On 10/20/21 7:25 PM, Daiane Angolini wrote:
> > Hi
> >
> > I am not completely sure of some details on this patch. Any
> > suggestions to make it better, please let me know.
> >
> > There is a bug [1] and the commit which changed this behavior is [2]
> >
> > [1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=14605
> > [2] http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-extended/shadow?id=759df7395908f18b3b68f28d043ac9ebd42dd0c8
>
>
> Your patch looks perfectly good to me. I'm currently testing it.
> Why do you say that it only partially fixes [YOCTO 14605]?

Because I think something is also needed from the oe-core perspective.
Something like this:
https://lists.openembedded.org/g/openembedded-core/message/157090

But I'm still working on it

Thanks for reviewing and testing the patch.


Daiane
>
> Thanks again,
> Michael.
>
> --
> Michael Opdenacker, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
>

Re: [docs] [PATCH] ref-manual: Update how to set a useradd password

[Michael Opdenacker]

Oi Daiane

Many thanks for the patch!

On 10/20/21 7:25 PM, Daiane Angolini wrote:
> Hi
>
> I am not completely sure of some details on this patch. Any
> suggestions to make it better, please let me know.
>
> There is a bug [1] and the commit which changed this behavior is [2]
>
> [1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=14605
> [2] http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-extended/shadow?id=759df7395908f18b3b68f28d043ac9ebd42dd0c8


Your patch looks perfectly good to me. I'm currently testing it.
Why do you say that it only partially fixes [YOCTO 14605]?

Thanks again,
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [docs] [PATCH] ref-manual: Update how to set a useradd password

[Daiane Angolini]

Hi

I am not completely sure of some details on this patch. Any
suggestions to make it better, please let me know.

There is a bug [1] and the commit which changed this behavior is [2]

[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=14605
[2] http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-extended/shadow?id=759df7395908f18b3b68f28d043ac9ebd42dd0c8

Regards,
Daiane

On Wed, Oct 20, 2021 at 2:06 PM Daiane Angolini via
lists.yoctoproject.org
<daiane.angolini=foundries.io@lists.yoctoproject.org> wrote:
>
> Partial fix for [YOCTO 14605]
>
> Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
> ---
>  documentation/ref-manual/classes.rst | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
> index ffaad9bfc..b09f83b28 100644
> --- a/documentation/ref-manual/classes.rst
> +++ b/documentation/ref-manual/classes.rst
> @@ -590,19 +590,25 @@ Here is an example that uses this class in an image recipe::
>         "
>
>  Here is an example that adds two users named "tester-jim" and "tester-sue" and assigns
> -passwords::
> +passwords. First on host, create the password hash::
> +
> +   mkpasswd -m sha512crypt tester01
> +
> +The resultant hash is set to a variable and used in ``useradd`` command parameters.
> +Remember to escape the character ``$``::
>
>     inherit extrausers
> +   PASSWD = "\$6\$kt.uxYMp9O9.Yxqd\$SBaJTucixmPm7/WjFL2CjUGMHTqtw8KPK0yxpYw.tGWWHlnOwkUwZ0Pa6vR724Te/E5./V.wua4HT/h0li8Lw/"
>     EXTRA_USERS_PARAMS = "\
> -       useradd -P tester01 tester-jim; \
> -       useradd -P tester01 tester-sue; \
> +       useradd -p '${PASSWD} tester-jim; \
> +       useradd -p '${PASSWD} tester-sue; \
>         "
>
> -Finally, here is an example that sets the root password to "1876*18"::
> +Finally, here is an example that sets the root password::
>
>     inherit extrausers
>     EXTRA_USERS_PARAMS = "\
> -       usermod -P 1876*18 root; \
> +       usermod -p '${PASSWD} root; \
>         "
>
>  .. _ref-classes-features_check:
> --
> 2.30.2
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2014): https://lists.yoctoproject.org/g/docs/message/2014
> Mute This Topic: https://lists.yoctoproject.org/mt/86470322/5992125
> Group Owner: docs+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/docs/unsub [daiane.angolini@foundries.io]
> -=-=-=-=-=-=-=-=-=-=-=-
>