[PATCH 0/3] Add ability to set clear text password and remove zap_root_password function

[PATCH 0/3] Add ability to set clear text password and remove zap_root_password function

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

This patchset mainly contains two changes:
1. Add the ability to set clear text password
   The third patch serves as an example of how to do this in a recipe.
   An additional patch has been sent to poky@yoctoproject.org, which adds extra information to
   local.conf.sample.extended about this issue.
2. Remove the zap_root_password function to make things work correctly if 'debug-tweaks' is not in
   IMAGE_FEATRUES.


The following changes since commit 853f5db48f4cfcb34345938b583874fe5b6fc678:

  nativesdk.bbclass: support nativesdk to override with the PACKAGES_DYNAMIC statement (2013-12-09 21:36:33 +0000)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib ChenQi/cleartext-password
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=ChenQi/cleartext-password

Chen Qi (3):
  shadow-native: allow for setting password in clear text
  image.bbclass: remove zap_root_password
  useradd-example: add example for setting clear text password

 .../recipes-skeleton/useradd/useradd-example.bb    |    3 +-
 meta/classes/core-image.bbclass                    |    3 -
 meta/classes/image.bbclass                         |    9 +-
 .../allow-for-setting-password-in-clear-text.patch |  208 ++++++++++++++++++++
 meta/recipes-extended/shadow/shadow.inc            |    1 +
 5 files changed, 212 insertions(+), 12 deletions(-)
 create mode 100644 meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch

-- 
1.7.9.5

[PATCH 1/3] shadow-native: allow for setting password in clear text

[Qi.Chen]

From: Chen Qi <qi.chen@windriver.com>

Allow user to set password in clear text. This is convenient when
we're building out an image.

This feature is mainly used by useradd.bbclass and extrausers.bbclass.

This patch adds a new option '-P' to useradd, usermod, groupadd and groupmod
commands provided by shadow-native. The shadow package on target and in SDK
will not be affected.

[YOCTO #5365]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 .../allow-for-setting-password-in-clear-text.patch |  208 ++++++++++++++++++++
 meta/recipes-extended/shadow/shadow.inc            |    1 +
 2 files changed, 209 insertions(+)
 create mode 100644 meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch

diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
new file mode 100644
index 0000000..eafb935
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
@@ -0,0 +1,208 @@
+Upstream-Status: Inappropriate [OE specific]
+
+Allow for setting password in clear text.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+---
+ src/Makefile.am |    8 ++++----
+ src/groupadd.c  |    8 +++++++-
+ src/groupmod.c  |    9 ++++++++-
+ src/useradd.c   |    9 +++++++--
+ src/usermod.c   |   10 ++++++++--
+ 5 files changed, 34 insertions(+), 10 deletions(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 6a3b4c5..1ffdbc6 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -76,10 +76,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
+ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+ chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+ gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
++groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+ groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+ groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
+-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
++groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+ grpck_LDADD    = $(LDADD) $(LIBSELINUX)
+ grpconv_LDADD  = $(LDADD) $(LIBSELINUX)
+ grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
+@@ -99,9 +99,9 @@ su_SOURCES     = \
+ 	suauth.c
+ su_LDADD       = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+ sulogin_LDADD  = $(LDADD) $(LIBCRYPT)
+-useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
++useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+ userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+-usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
++usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+ vipw_LDADD     = $(LDADD) $(LIBSELINUX)
+ 
+ install-am: all-am
+diff --git a/src/groupadd.c b/src/groupadd.c
+index 66b38de..3157486 100644
+--- a/src/groupadd.c
++++ b/src/groupadd.c
+@@ -124,6 +124,7 @@ static void usage (void)
+ 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
+ 	                "                                (non-unique) GID\n"), stderr);
+ 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), stderr);
++	(void) fputs (_("  -P, --clear-password PASSWORD use this clear text password for the new group\n"), stderr);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
+ 	(void) fputs (_("  -r, --system                  create a system account\n"), stderr);
+ 	(void) fputs ("\n", stderr);
+@@ -388,13 +389,14 @@ static void process_flags (int argc, char **argv)
+ 		{"key", required_argument, NULL, 'K'},
+ 		{"non-unique", no_argument, NULL, 'o'},
+ 		{"password", required_argument, NULL, 'p'},
++		{"clear-password", required_argument, NULL, 'P'},
+ 		{"root", required_argument, NULL, 'R'},
+ 		{"system", no_argument, NULL, 'r'},
+ 		{NULL, 0, NULL, '\0'}
+ 	};
+ 
+ 	while ((c =
+-		getopt_long (argc, argv, "fg:hK:op:R:r", long_options,
++		getopt_long (argc, argv, "fg:hK:op:P:R:r", long_options,
+ 		             &option_index)) != -1) {
+ 		switch (c) {
+ 		case 'f':
+@@ -446,6 +448,10 @@ static void process_flags (int argc, char **argv)
+ 			pflg = true;
+ 			group_passwd = optarg;
+ 			break;
++		case 'P':
++			pflg = true;
++			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
++			break;
+ 		case 'R':
+ 			if ('/' != optarg[0]) {
+ 				fprintf (stderr,
+diff --git a/src/groupmod.c b/src/groupmod.c
+index 27eb159..17acbc3 100644
+--- a/src/groupmod.c
++++ b/src/groupmod.c
+@@ -127,6 +127,8 @@ static void usage (void)
+ 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), stderr);
+ 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
+ 	                "                                PASSWORD\n"), stderr);
++	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this (clear text)\n"
++	                "                                PASSWORD\n"), stderr);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
+ 	(void) fputs ("\n", stderr);
+ 	exit (E_USAGE);
+@@ -348,11 +350,12 @@ static void process_flags (int argc, char **argv)
+ 		{"new-name", required_argument, NULL, 'n'},
+ 		{"non-unique", no_argument, NULL, 'o'},
+ 		{"password", required_argument, NULL, 'p'},
++		{"clear-password", required_argument, NULL, 'P'},
+ 		{"root", required_argument, NULL, 'R'},
+ 		{NULL, 0, NULL, '\0'}
+ 	};
+ 	while ((c =
+-		getopt_long (argc, argv, "g:hn:op:R:",
++		getopt_long (argc, argv, "g:hn:op:P:R:",
+ 		             long_options, &option_index)) != -1) {
+ 		switch (c) {
+ 		case 'g':
+@@ -376,6 +379,10 @@ static void process_flags (int argc, char **argv)
+ 			group_passwd = optarg;
+ 			pflg = true;
+ 			break;
++		case 'P':
++			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
++			pflg = true;
++			break;
+ 		case 'R':
+ 			if ('/' != optarg[0]) {
+ 				fprintf (stderr,
+diff --git a/src/useradd.c b/src/useradd.c
+index 2102630..390909c 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -716,6 +716,7 @@ static void usage (void)
+ 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
+ 	                "                                (non-unique) UID\n"), stderr);
+ 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), stderr);
++	(void) fputs (_("  -P, --clear-password PASSWORD clear text password of the new account\n"), stderr);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
+ 	(void) fputs (_("  -r, --system                  create a system account\n"), stderr);
+ 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), stderr);
+@@ -1035,6 +1036,7 @@ static void process_flags (int argc, char **argv)
+ 			{"no-user-group", no_argument, NULL, 'N'},
+ 			{"non-unique", no_argument, NULL, 'o'},
+ 			{"password", required_argument, NULL, 'p'},
++			{"clear-password", required_argument, NULL, 'P'},
+ 			{"root", required_argument, NULL, 'R'},
+ 			{"system", no_argument, NULL, 'r'},
+ 			{"shell", required_argument, NULL, 's'},
+@@ -1047,9 +1049,9 @@ static void process_flags (int argc, char **argv)
+ 		};
+ 		while ((c = getopt_long (argc, argv,
+ #ifdef WITH_SELINUX
+-		                         "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:",
++		                         "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:UZ:",
+ #else
+-		                         "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U",
++		                         "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:U",
+ #endif
+ 		                         long_options, NULL)) != -1) {
+ 			switch (c) {
+@@ -1214,6 +1216,9 @@ static void process_flags (int argc, char **argv)
+ 				}
+ 				user_pass = optarg;
+ 				break;
++			case 'P':	/* set clear text password */
++				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
++				break;
+ 			case 'R':
+ 				/* no-op since we handled this in process_root_flag() earlier */
+ 				break;
+diff --git a/src/usermod.c b/src/usermod.c
+index 8363597..f4c1cee 100644
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -325,6 +325,7 @@ static void usage (void)
+ 	         "                                new location (use only with -d)\n"
+ 	         "  -o, --non-unique              allow using duplicate (non-unique) UID\n"
+ 	         "  -p, --password PASSWORD       use encrypted password for the new password\n"
++	         "  -P, --clear-password PASSWORD       use clear text password for the new password\n"
+ 	         "  -R  --root CHROOT_DIR         directory to chroot into\n"
+ 	         "  -s, --shell SHELL             new login shell for the user account\n"
+ 	         "  -u, --uid UID                 new UID for the user account\n"
+@@ -950,6 +951,7 @@ static void process_flags (int argc, char **argv)
+ 			{"move-home", no_argument, NULL, 'm'},
+ 			{"non-unique", no_argument, NULL, 'o'},
+ 			{"password", required_argument, NULL, 'p'},
++			{"clear-password", required_argument, NULL, 'P'},
+ 			{"root", required_argument, NULL, 'R'},
+ #ifdef WITH_SELINUX
+ 			{"selinux-user", required_argument, NULL, 'Z'},
+@@ -961,9 +963,9 @@ static void process_flags (int argc, char **argv)
+ 		};
+ 		while ((c = getopt_long (argc, argv,
+ #ifdef WITH_SELINUX
+-			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
++			                 "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UZ:",
+ #else
+-			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
++			                 "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U",
+ #endif
+ 			                 long_options, NULL)) != -1) {
+ 			switch (c) {
+@@ -1055,6 +1057,10 @@ static void process_flags (int argc, char **argv)
+ 				user_pass = optarg;
+ 				pflg = true;
+ 				break;
++			case 'P':
++				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
++				pflg = true;
++				break;
+ 			case 'R':
+ 				/* no-op since we handled this in process_root_flag() earlier */
+ 				break;
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 33ecc7d..f77a78a 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -32,6 +32,7 @@ SRC_URI_append_class-native = " \
            file://disable-syslog.patch \
            file://useradd.patch \
            file://add_root_cmd_groupmems.patch \
+           file://allow-for-setting-password-in-clear-text.patch \
            "
 SRC_URI_append_class-nativesdk = " \
            file://add_root_cmd_options.patch \
-- 
1.7.9.5

[PATCH 2/3] image.bbclass: remove zap_root_password

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

This function replaces the root password with '*' if 'debug-tweaks'
is not in IMAGE_FEATURES. As a result, if we don't have 'debug-tweaks',
we would be locked out of the system. That means, if the user uses a
bbappend file for base-passwd to set the root password, he would not be
able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set
the root password, he would still not be able to login as root.

In a word, this function should be removed to make things work correctly.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/classes/core-image.bbclass |    3 ---
 meta/classes/image.bbclass      |    9 +--------
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
index e7c34e2..5ee0d6d 100644
--- a/meta/classes/core-image.bbclass
+++ b/meta/classes/core-image.bbclass
@@ -73,8 +73,5 @@ inherit image
 # Create /etc/timestamp during image construction to give a reasonably sane default time setting
 ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
 
-# Zap the root password if debug-tweaks feature is not enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
-
 # Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}'
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 168f283..a5ef244 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -562,13 +562,6 @@ rootfs_uninstall_unneeded () {
 	fi
 }
 
-# set '*' as the root password so the images
-# can decide if they want it or not
-zap_root_password () {
-	sed 's%^root:[^:]*:%root:*:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new
-	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
-} 
-
 # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string
 ssh_allow_empty_password () {
 	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
@@ -648,7 +641,7 @@ rootfs_sysroot_relativelinks () {
 	sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT}
 }
 
-EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
+EXPORT_FUNCTIONS remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
 
 do_fetch[noexec] = "1"
 do_unpack[noexec] = "1"
-- 
1.7.9.5

[PATCH 3/3] useradd-example: add example for setting clear text password

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

Use '-P' option for user3 to set a clear text password. This is supposed
to serve as an example of how to set clear text password in recipes.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 .../recipes-skeleton/useradd/useradd-example.bb    |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb b/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
index 53d2340..2f8d9b0 100644
--- a/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
+++ b/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb
@@ -32,7 +32,8 @@ USERADD_PACKAGES = "${PN} ${PN}-user3"
 USERADD_PARAM_${PN} = "-u 1200 -d /home/user1 -r -s /bin/bash user1; -u 1201 -d /home/user2 -r -s /bin/bash user2"
 
 # user3 will be managed in the useradd-example-user3 pacakge:
-USERADD_PARAM_${PN}-user3 = "-u 1202 -d /home/user3 -r -s /bin/bash user3"
+# As an example, we use the -P option to set clear text password for user3
+USERADD_PARAM_${PN}-user3 = "-u 1202 -d /home/user3 -r -s /bin/bash -P 'user3' user3"
 
 # GROUPADD_PARAM works the same way, which you set to the options
 # you'd normally pass to the groupadd command. This will create
-- 
1.7.9.5

Re: [PATCH 2/3] image.bbclass: remove zap_root_password

[Paul Eggleton]

Hi Qi,

On Tuesday 10 December 2013 17:58:51 Qi.Chen@windriver.com wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
> 
> This function replaces the root password with '*' if 'debug-tweaks'
> is not in IMAGE_FEATURES. As a result, if we don't have 'debug-tweaks',
> we would be locked out of the system. That means, if the user uses a
> bbappend file for base-passwd to set the root password, he would not be
> able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set
> the root password, he would still not be able to login as root.
> 
> In a word, this function should be removed to make things work correctly.

Er, unless I'm missing something about what you're adding in the other patch, 
you *cannot* simply remove this. The intentional design of the existing code 
is that having "debug-tweaks" in IMAGE_FEATURES means that you can log in as 
root with no password; but most importantly if "debug-tweaks" is not present 
you cannot log in at all as root (in the absence of anything that sets the 
root password, of course). Any changes must preserve this behaviour.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre

Re: [PATCH 2/3] image.bbclass: remove zap_root_password

[Mark Hatle]

On 12/10/13, 6:15 AM, Paul Eggleton wrote:
> Hi Qi,
>
> On Tuesday 10 December 2013 17:58:51 Qi.Chen@windriver.com wrote:
>> From: Chen Qi <Qi.Chen@windriver.com>
>>
>> This function replaces the root password with '*' if 'debug-tweaks'
>> is not in IMAGE_FEATURES. As a result, if we don't have 'debug-tweaks',
>> we would be locked out of the system. That means, if the user uses a
>> bbappend file for base-passwd to set the root password, he would not be
>> able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set
>> the root password, he would still not be able to login as root.
>>
>> In a word, this function should be removed to make things work correctly.
>
> Er, unless I'm missing something about what you're adding in the other patch,
> you *cannot* simply remove this. The intentional design of the existing code
> is that having "debug-tweaks" in IMAGE_FEATURES means that you can log in as
> root with no password; but most importantly if "debug-tweaks" is not present
> you cannot log in at all as root (in the absence of anything that sets the
> root password, of course). Any changes must preserve this behaviour.

I agree.  The default behavior on most systems should be absolutely no way to 
directly login as root.  Instead logins should occur based on a non-privileged 
user.  (The other patches in that set look good to me.)

--Mark

> Cheers,
> Paul
>

Re: [PATCH 2/3] image.bbclass: remove zap_root_password

[ChenQi]

On 12/10/2013 11:36 PM, Mark Hatle wrote:
> On 12/10/13, 6:15 AM, Paul Eggleton wrote:
>> Hi Qi,
>>
>> On Tuesday 10 December 2013 17:58:51 Qi.Chen@windriver.com wrote:
>>> From: Chen Qi <Qi.Chen@windriver.com>
>>>
>>> This function replaces the root password with '*' if 'debug-tweaks'
>>> is not in IMAGE_FEATURES. As a result, if we don't have 'debug-tweaks',
>>> we would be locked out of the system. That means, if the user uses a
>>> bbappend file for base-passwd to set the root password, he would not be
>>> able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set
>>> the root password, he would still not be able to login as root.
>>>
>>> In a word, this function should be removed to make things work 
>>> correctly.
>>
>> Er, unless I'm missing something about what you're adding in the 
>> other patch,
>> you *cannot* simply remove this. The intentional design of the 
>> existing code
>> is that having "debug-tweaks" in IMAGE_FEATURES means that you can 
>> log in as
>> root with no password; but most importantly if "debug-tweaks" is not 
>> present
>> you cannot log in at all as root (in the absence of anything that 
>> sets the
>> root password, of course). Any changes must preserve this behaviour.
>
> I agree.  The default behavior on most systems should be absolutely no 
> way to directly login as root.  Instead logins should occur based on a 
> non-privileged user.  (The other patches in that set look good to me.)
>
> --Mark
>
>> Cheers,
>> Paul
>>
>

Mark & Paul,

Thanks for your explanation.

I think what we really want is to disallow *empty* root password if 
'debug-tweaks' is not in IMAGE_FEATRUES. And if the root password has 
already been set (via bbappend file or via EXTRA_USERS_PARAMS), we 
should not zap that password. Maybe the function should be 
zap_empty_root_password?

What do you think?

Best Regards,
Chen Qi

> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
>