Re: Extending user add

[Mark Hatle <mark.hatle@windriver.com>]

On 3/3/16 7:40 AM, Gary Thomas wrote:
> I have a recipe which creates a user on my target.  This works as expected.
> 
> Is there a way to add/adjust the home directory created for this user?  In
> particular, I'd like to create/change the ~user/.ssh directory for special
> SSH setups.

You would need to likely do this in some post install action.  You can either
setup the config using sed/group/cat -- or copy a pre-canned configuration that
was installed by the package.

> The package I'm building has some very special packaging requirements that I'm
> having a few issues with. Can I expect this statement to work in do_install()
> (or do_install_append())?
>    chown newuser:newuser ${D}/somefile

As long as the recipe properly defines the users/groups (or requires a recipe
that does).  The user/group combination should be available for your usage in
do_install.

...

You should be careful using packages to configure a user account or passwords.
(This is distinctly different from a -system- account, that does not offer
interactive login.)

A package, if available on an upgrade server, can be individually downloaded and
any configuration information can be ripped out of it.  I've seen more then one
package that people are dumping plain text passwords in the post install script
of an RPM.  pretty easy to hack the default accounts in that case!  (opkg/deb
are no more secure in that case.)

Instead you should use use post rootfs install actions.  They are significantly
more secure mechanism to configure the system.  I typically recommend using a
package to add 'standard users', but with login disabled (passwd set to '*').
Then in the post rootfs action, set your default passwords, import login keys
(for ssh), etc.  This way they are never packaged.

> Thanks
>