Extending user add

All of lore.kernel.org
 help / color / mirror / Atom feed

* Extending user add
@ 2016-03-03 13:40 Gary Thomas
  2016-03-03 16:00 ` Mark Hatle
  0 siblings, 1 reply; 2+ messages in thread
From: Gary Thomas @ 2016-03-03 13:40 UTC (permalink / raw)
  To: yocto

I have a recipe which creates a user on my target.  This works as expected.

Is there a way to add/adjust the home directory created for this user?  In
particular, I'd like to create/change the ~user/.ssh directory for special
SSH setups.

The package I'm building has some very special packaging requirements that I'm
having a few issues with. Can I expect this statement to work in do_install()
(or do_install_append())?
   chown newuser:newuser ${D}/somefile

Thanks

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Extending user add
  2016-03-03 13:40 Extending user add Gary Thomas
@ 2016-03-03 16:00 ` Mark Hatle
  0 siblings, 0 replies; 2+ messages in thread
From: Mark Hatle @ 2016-03-03 16:00 UTC (permalink / raw)
  To: Gary Thomas, yocto

On 3/3/16 7:40 AM, Gary Thomas wrote:
> I have a recipe which creates a user on my target.  This works as expected.
> 
> Is there a way to add/adjust the home directory created for this user?  In
> particular, I'd like to create/change the ~user/.ssh directory for special
> SSH setups.

You would need to likely do this in some post install action.  You can either
setup the config using sed/group/cat -- or copy a pre-canned configuration that
was installed by the package.

> The package I'm building has some very special packaging requirements that I'm
> having a few issues with. Can I expect this statement to work in do_install()
> (or do_install_append())?
>    chown newuser:newuser ${D}/somefile

As long as the recipe properly defines the users/groups (or requires a recipe
that does).  The user/group combination should be available for your usage in
do_install.

...

You should be careful using packages to configure a user account or passwords.
(This is distinctly different from a -system- account, that does not offer
interactive login.)

A package, if available on an upgrade server, can be individually downloaded and
any configuration information can be ripped out of it.  I've seen more then one
package that people are dumping plain text passwords in the post install script
of an RPM.  pretty easy to hack the default accounts in that case!  (opkg/deb
are no more secure in that case.)

Instead you should use use post rootfs install actions.  They are significantly
more secure mechanism to configure the system.  I typically recommend using a
package to add 'standard users', but with login disabled (passwd set to '*').
Then in the post rootfs action, set your default passwords, import login keys
(for ssh), etc.  This way they are never packaged.

> Thanks
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-03-03 16:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-03 13:40 Extending user add Gary Thomas
2016-03-03 16:00 ` Mark Hatle

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.