From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id C59A9E00B5F; Thu, 23 May 2019 15:43:49 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-HAM-Report: * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low * trust * [209.222.82.66 listed in list.dnswl.org] * 0.0 HTML_MESSAGE BODY: HTML included in message Received: from 13pmail.ess.barracuda.com (13pmail.ess.barracuda.com [209.222.82.66]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id 79128E00B43 for ; Thu, 23 May 2019 15:43:46 -0700 (PDT) Received: from SFAMAIL.SAKURAUS.LOCAL (mail.sakuraus.com [12.26.104.5]) by mx11.us-east-2b.ess.aws.cudaops.com (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NO); Thu, 23 May 2019 22:43:36 +0000 Received: from SFAMAIL.SAKURAUS.LOCAL (10.16.3.8) by SFAMAIL.SAKURAUS.LOCAL (10.16.3.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Thu, 23 May 2019 15:43:34 -0700 Received: from SFAMAIL.SAKURAUS.LOCAL ([::1]) by SFAMAIL.SAKURAUS.LOCAL ([::1]) with mapi id 15.01.0669.032; Thu, 23 May 2019 15:43:34 -0700 From: Greg Wilson-Lindberg To: Leon Woestenberg , Rudolf Streif Thread-Topic: [yocto] problem adding a user Thread-Index: AdUKtI8UMCSaJnTQT92qAk6aHgoNcgAxtVKA//+VNhqAAIDUAP//it/KgACHQwD//5XyzoAAeniAgAB1FWD//8UQAADh/nIyADP4PIAABivTZgA6+RwAAA1kF0sAJu9PgAACNJsAAAy2oB0= Date: Thu, 23 May 2019 22:43:34 +0000 Message-ID: References: <2086bca8f57442acac5ba11c3d2712f1@sakuraus.com> <3d82053c-8db7-15af-34b8-18657749e026@ibeeto.com> <59388987f9de418abb8598790a3d3e7f@sakuraus.com> <04dbfa63-d5a5-1aff-9d4a-87cbd9f44b5c@ibeeto.com> <20cf7cd05ce54a439d05109439572db8@sakuraus.com> <2503a68b-2283-cac8-1e5d-11d0885598a7@ibeeto.com> <1d6f238b62354df8a92873769755990b@sakuraus.com> <53a4b80ae8984dbfb5c74e7e543d7a7a@sakuraus.com> <595b0462ab83447ba6c637d71f534bcb@sakuraus.com> , In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.16.5.239] MIME-Version: 1.0 X-BESS-ID: 1558651416-893021-32056-35487-1 X-BESS-VER: 2019.1_20190522.2309 X-BESS-Apparent-Source-IP: 12.26.104.5 X-BESS-Outbound-Spam-Score: 0.00 X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.213722 [from cloudscan45.us-east-2a.ess.aws.cudaops.com] Rule breakdown below pts rule name description ---- ---------------------- -------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message 0.00 BSF_BESS_OUTBOUND META: BESS Outbound X-BESS-Outbound-Spam-Status: SCORE=0.00 using account:ESS29408 scores of KILL_LEVEL=7.0 tests=HTML_MESSAGE, BSF_BESS_OUTBOUND X-BESS-BRTS-Status: 1 Cc: Yocto list discussion Subject: Re: problem adding a user X-BeenThere: yocto@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Discussion of all things Yocto Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 May 2019 22:43:49 -0000 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_e23aa53be35e45b09a2d64704da73ec6sakurauscom_" --_000_e23aa53be35e45b09a2d64704da73ec6sakurauscom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Leon & Rudolf, I first changed to SAKURA1_1PASS, with no change in symptoms, I then delete= d the spaces, again not change. Next I just copied the hash into the usermod line: usermod -p '$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0' ${SAKURA_USER}; \ And again I get nothing in the output just the adjacent single quotes " '' = ". Something is removing the encoded hash. Greg ________________________________ From: Leon Woestenberg Sent: Thursday, May 23, 2019 2:44:04 PM To: Rudolf Streif Cc: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hello Rudolf, Greg, On Thu, 23 May 2019 at 22:43, Rudolf Streif > wrote: It eluded me earlier but in both instances the variable containing the pass= word does not seem to be expanded. Could it be the spaces around the =3D equal sign must be removed? https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignme= nts-in-shell-scripts Regards, Leon First version without the single quotes: SAKURA_PASS =3D "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS =3D "\ usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-= build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri= be/1.0-r0/rootfs -p sakura] and with the quotes: SAKURA_PASS =3D "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS =3D "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-= build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri= be/1.0-r0/rootfs -p '' sakura] It looks as if the variable SAKURA_PASS is not set at all. I looked at your= scribe.bb recipe you attached earlier but I could not fi= nd any reason why the variable is not set. Is there a chance that it is ove= rridden somewhere elase? :rjs On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg > wrote: Rudolf, Here is the first half of the file, the whole file is over the 500k limit = of free pastebin: https://pastebin.com/UcnKebce And here is the 2nd half of the file: https://pastebin.com/9117tdUU Greg ________________________________ From: Rudolf Streif > Sent: Wednesday, May 22, 2019 12:42:40 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Greg, Can you share the logfile via Pastebin? :rjs On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg > wrote: Rudolf, Something else is happening to me. I changed to this in the image recipe: SAKURA_USER =3D "sakura" SAKURA_PASSWD =3D "Distracted" SAKURA_PASS =3D "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS =3D "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " deleting all of the commented out lines, and I get this in the log file: ..../scribe/1.0-r0/rootfs -p '' sakura] nothing between the single quotes. It's acting like SAKURA_PASS is not defi= ned. This is only happening when I'm trying the MD5 password. Greg ________________________________ From: Rudolf Streif > Sent: Tuesday, May 21, 2019 5:37:23 AM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Greg, usermod does not work for the MD5 algorithm with the explicit password hash= as it contains the $ field delimiters which are interpreted by the shell e= xecuting the usermod command. Use single quotes around the password hash: usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; :rjs On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg > wrote: Hi Rudolf, I've had more time to work with this and I'm still having problems getting everything to work properly. I've attached the image recipe recipe that I'm using so I don't leave any thing out that may be relevant. When I build with a password that is no more more than 8 characters long and no non-alphabetic characters: SAKURA_PASSWD =3D "Distract" SAKURA_PASS =3D "WRsDFfg1BsrDM" everything works correctly. I first tried that using the `openssl ...` form, and then I tried the -1, MD5 BSD form and had problems, so I changed to doing the openssl on the command line and making sure that I don't have any characters that display as '.' or '/'. Again, if I don't do more than 8 characters and no special characters everything works. When I changed to using 'Ds$tr@ct' it stopped working. The build finishes and the log file shows the usermod being exectued correctly: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-= build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri= be/1.0-r0/rootfs -p kyNsrvS0elMWU sakura] NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-= build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri= be/1.0-r0/rootfs -a -G sudo,dialout sakura] But when I try to sign in it doesn't work. I then tried the 10 character password 'Distracted', the build fails: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-= build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri= be/1.0-r0/rootfs -p sakura] Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -P, --clear-password PASSWORD use clear password for the new password -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -v, --add-subuids FIRST-LAST add range of subordinate uids -V, --del-subuids FIRST-LAST remove range of subordinate uids -w, --add-subgids FIRST-LAST add range of subordinate gids -W, --del-subgids FIRST-LAST remove range of subordinate gids ERROR: scribe: usermod command did not succeed. So, even though I'm putting in the openssl output: openssl passwd -1 "Distracted" $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 that I get back from what should be a valid run of openssl, I don't see any= thing from the password on the usermod command line: "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" I don't understand why the short passwords and passing along the proper has= h works, but not the longer password. It also doesn't make sense that I can't put in the '$' & '@' characters and have them work. Any suggestions would be greatly appreciated. Greg ________________________________ From: Rudolf Streif > Sent: Wednesday, May 15, 2019 4:58:26 PM To: Greg Wilson-Lindberg Cc: Yocto list discussion Subject: Re: [yocto] problem adding a user Glad to hear that it works now. I am planning on attending the YP DevDay. :rjs On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg > wrote: Thank you very much, that got me back on the right path. Maybe I'll see you at the Yocto day at the Embedded Linux Conference. Regards, Greg Wilson-Lindberg Principal Firmware Engineer | Sakura Finetek USA, Inc. 1750 W 214th Street | Torrance, CA 90501 | U.S.A. T: +1 310 783 5075 F: +1 310 618 6902 | E: gwilson@sakuraus.com www.sakuraus.com [cid:image002.png@01D35D7D.179A7510] [cid:image003.png@01D35D7D.179A7510] ________________________________ Confidentiality Notice: This e-mail transmission may contain confidential o= r legally privileged information that is intended only for the individual o= r entity named in the e-mail address. If you are not the intended recipient= , you are hereby notified that any disclosure, copying, distribution, or re= liance upon the contents of this e-mail is strictly prohibited. If you have= received this e-mail transmission in error, please reply to the sender, so= that Sakura Finetek USA, Inc. can arrange for proper delivery, and then pl= ease delete the message from your inbox. Thank you. From: Rudolf J Streif [mailto:rudolf.streif@ibeeto.com] Sent: Wednesday, May 15, 2019 01:30 PM To: Greg Wilson-Lindberg = >; Yocto list discussion > Subject: Re: [yocto] problem adding a user Instead of useradd -p `openssl passwd test` sakura which attempts to add the user and set the password which fails if the user= already exists, use usermod -p `openssl passwd test` sakura which sets the user's password. :rjs On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: Ok, I had been using the useradd class in a couple of other recipes to allo= w me to copy files to the sakura user directory and another location, but o= wned by sakura. That seems to have been what was causing the problem. I had been using the extrausers class in my top level image recipe. So now how do I get all of this to work together? Do I need to put everythi= ng that touches the sakura user in the same recipe? It seems that I need to= use only one of the useradd or extrausers classes? Greg ________________________________ From: Rudolf J Streif Sent: Wednesday, May 15, 2019 12:31 PM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user The ! for the password in /etc/shadow indicates that the account is disable= d: sakura:!:18031:0:99999:7::: Either there is something wrong with the password generation or it gets dis= abled by something else. Maybe it's worth trying with a plain image without= Boot2Qt or anything else. :rjs On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, 1st, yes I inherit extrausers. Attached are the passwd & shadow files. It shouldn't make any difference, but I'm building this for an RPi3 using t= he Qt Boot2Qt version of the Yocto environment, distro 2.5.3. Greg ________________________________ From: Rudolf J Streif Sent: Wednesday, May 15, 2019 11:26 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, > I've also tried both the back-quote and the single-quote, no difference. Help me to understand this. the back-quotes are the right ones. If you use = the single ones your password in the /etc/shadow ends up being 'openssl pas= swd test' (without the quotes), unless the build fails because of a parsing= error (I have not tried it). Silly question, you did inherit extrausers cl= ass? Can you post your /etc/passwd and /etc/shadow I am surprised that this does not work with your setup. I have been doing t= his a gazillion times always with success. :rjs On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: Hi Rudolf, Thanks for the reply, and the information on how openssl works. I'm trying to create a user with the same group name so the code that I'm u= sing reduces to: EXTRA_USERS_PARAMS =3D "\ useradd -p `openssl passwd test` sakura; \ usermod -a -G sudo ${SAKURA_USER}; \ " I also, as you can see, removed the macros to eliminate as much confusion a= s possible. I still can't login in using the password 'test'. I've also tried both the back-quote and the single-quote, no difference. Regards, Greg ________________________________ From: Rudolf J Streif Sent: Wednesday, May 15, 2019 10:07:47 AM To: Greg Wilson-Lindberg; Yocto list discussion Subject: Re: [yocto] problem adding a user Hi Greg, Well, I suppose I wrote the book you are referring to... Using useradd -p PASSWORD USER takes the password hash for PASSWORD hence the use of openssl in: useadd -p `openssl passwd PASSWORD` USER openssl password creates the password hash using the original crypt hash algorithm if no other options are specified. e.g. $ openssl passwd hello 6hEsTksgRkeiI With this the first two characters of the output is the salt and the rest is the password hash. If you want openssl to create the same result again: $ openssl passwd -salt "6h" hello 6hEsTksgRkeiI You can use newer algorithms like MD5 based BSD password algorithm 1: $ openssl passwd -1 hello $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 $1 : password algorithm 1 $4Mu8Fcs. : salt $eIKgPP7RCYrb3lFZjhADA1 : password hash If you log into the system you have to use the clear password. The system reads the salt, creates the password hash and compares the results. :rjs On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: > I'm trying to use the example in "Embedded Linux Systems with the Yocto P= roject" to add a user to my Yocto build. In the book the sample code: > > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ > > uses openssl to generate the encrypted password string to pass to useradd= . I have never been able to get this to work. When I run the openssl > command on the cmd line I get a different value every time, this seems wr= ong, How can the password code compare against it if every encode > produces a different value? > > I am getting the user added to the system, the home directory shows up an= d the user is in the passwd and group files. I just can't login to the > account. > > I've obviously got something confused, any help would be appreciated. > > Greg Wilson-Lindberg > -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3396 x700 -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc. -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc. -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- Leon Woestenberg leon@sidebranch.com T: +31 40 711 42 76 M: +31 6 472 30 372 Sidebranch Embedded Systems Eindhoven, The Netherlands http://www.sidebranch.com [http://www.sidebranch.nl/sites/default/files/images/unnamed.png] --_000_e23aa53be35e45b09a2d64704da73ec6sakurauscom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Leon & Rudolf,

I first changed to SAKURA1_1PASS, with no change in symptoms, I then del= eted the spaces, again not change.

Next I just copied the hash into the usermod line:


    usermod -p '$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0' ${SAKURA_USER}; \=
=0A=
And again I get nothing in the output just the adjacent single quotes "= ; '' ". Something is removing the encoded hash.


Greg

From: Leon Woestenberg <= leon@sidebranch.com>
Sent: Thursday, May 23, 2019 2:44:04 PM
To: Rudolf Streif
Cc: Greg Wilson-Lindberg; Yocto list discussion
Subject: Re: [yocto] problem adding a user
 
Hello Rudolf, Greg,

On Thu, 23 May 2019 at 22:43, Rudolf = Streif <rudolf.streif@ibeeto= .com> wrote:

It eluded me earlier but in both instances the variable containing the= password does not seem to be expanded.

Could it be the spaces around the =3D equal sign must be = removed?

Regards, Leon


First version without the single quotes:

SAKURA_PASS =3D "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS =3D "\
    usermod -p ${SAKURA_PASS} ${SAKURA_U= SER}; \
    usermod -a -G sudo,dialout ${SAKURA_= USER}; \
    "
results in:

NOTE: s=
cribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-R=
Pi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-=
r0/rootfs -p sakura]
and with the quotes:
SAKURA_PASS =3D "$1$QVO=
3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"

EXTRA_USERS_PARAMS =3D &qu=
ot;\
    usermod=
 -p '${SAKURA_PASS}' ${SAKURA_USER}; \
    usermod -a -G sudo,dialout ${SAKURA_USER}; \
    "<=
br>
results in:<=
/span>
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5=
.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-=
gnueabi/scribe/1.0-r0/rootfs -p '' sakura]
It looks as if the variable SAKURA_PASS is n=
ot set at all. I looked at your scribe.bb recipe you attached earlier but I could not find any reas=
on why the variable is not set. Is there a chance that it is overridden som=
ewhere elase?
:rjs

On Wed, May 22, 2019 at 1:28 PM Greg = Wilson-Lindberg <GWilson@sakuraus.com> wrote:

Rudolf,

Here is the first half of the file,  the whole file is over th= e 500k limit of free pastebin:

https://pastebin.com/UcnKeb= ce


And here is the 2nd half of the file:

https://pastebin.com/9117td= UU


Greg

From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 22, 2019 12:42:40 PM
To: Greg Wilson-Lindberg
Cc: Yocto list discussion
Subject: Re: [yocto] problem adding a user
 
Greg,
Can you share the logfile via Pastebin?
:rjs

On Tue, May 21, 2019 at 11:09 AM Greg= Wilson-Lindberg <GWilson@sakuraus.com> wrote:

Rudolf,

Something else is happening to me. I changed to this in the image recipe= :







SAKURA_USER =3D "sakura"



SAKURA_PASSWD =3D "Distracted"

SAKURA_PASS =3D "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"



EXTRA_USERS_PARAMS =3D "\

    usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \

    usermod -a -G sudo,dialout ${SAKURA_USER}; \

    "




deleting all of the commented out lines, and I get this in the log =
file:







..../scribe/1.0-r0/rootfs -p '' sakura]









nothing between the single quotes. It's a=
cting like SAKURA_PASS is not defined.


This is only happening when I'm trying th=
e MD5 password.







Greg







From: Rudolf Streif <rudolf.streif@ibeeto.com>

Sent: Tuesday, May 21, 2019 5:37:23 AM

To: Greg Wilson-Lindberg

Cc: Yocto list discussion

Subject: Re: [yocto] problem adding a user

 






Greg,






usermod does not work for the MD5 algorithm with the expl=
icit password hash as it contains the $ field delimiters which are interpre=
ted by the shell executing the usermod command. Use single quotes around th=
e password hash:







usermod -p '${SAKURA_PASS}' ${SAKURA_USER};









:rjs








On Mon, May 20, 2019, 11:55 Greg Wils=
on-Lindberg <G=
Wilson@sakuraus.com> wrote:














Hi Rudolf,

I've had more time to work with this and I'm still having problems getting=
=20
everything to work properly. I've attached the image recipe recipe that I'm=
=20
using so I don't leave any thing out that may be relevant.

When I build with a password that is no more more than 8 characters long
and no non-alphabetic characters:


SAKURA_PASSWD =
=3D "Distract"
SAKURA_PASS =3D "WRsDFfg1BsrDM"



everything works correctly.=20

I first tried that using the `openssl ...` form, and then I tried the=20
-1, MD5 BSD form and had problems, so I changed to doing the openssl=20
on the command line and making sure that I don't have any characters=20
that display as '.' or '/'. Again, if I don't do more than 8 characters
and no special characters everything works.

When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
and the log file shows the usermod being exectued correctly:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-=
build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri=
be/1.0-r0/rootfs -p kyNsrvS0elMWU sakura]
NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-=
build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri=
be/1.0-r0/rootfs -a -G sudo,dialout sakura]

But when I try to sign in it doesn't work.

I then tried the 10 character password 'Distracted', the build fails:

NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-=
build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scri=
be/1.0-r0/rootfs -p sakura]
Usage: usermod [options] LOGIN

Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -P, --clear-password PASSWORD use clear password for the new password
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
  -v, --add-subuids FIRST-LAST  add range of subordinate uids
  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
  -w, --add-subgids FIRST-LAST  add range of subordinate gids
  -W, --del-subgids FIRST-LAST  remove range of subordinate gids

ERROR: scribe: usermod command did not succeed.

So, even though I'm putting in the openssl output:
openssl passwd -1 "Distracted"
$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0

that I get back from what should be a valid run of openssl, I don't see any=
thing
from the password on the usermod command line:
 "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"

I don't understand why the short passwords and passing along the proper has=
h works,=20
but not the longer password.

It also doesn't make sense that I can't put in the '$' & '@' characters=
 and=20
have them work.

Any suggestions would be greatly appreciated.


Gre=
g












From: Rudolf Streif <rudolf.streif@ibeeto.com>
Sent: Wednesday, May 15, 2019 4:58:26 PM

To: Greg Wilson-Lindberg

Cc: Yocto list discussion

Subject: Re: [yocto] problem adding a user

 






Glad to hear that it works now. I am planning on attendin=
g the YP DevDay.






:rjs








On Wed, May 15, 2019, 13:53 Greg Wils=
on-Lindberg <GWilson@sakuraus.com> wrote:










Thank you very much, that got me back on the right path=
.


Maybe I'll see you at the Yocto day at the Embedded Lin=
ux Conference.


Regards,


















Greg Wilson-Lindberg 









=
Principal Firmware Engineer | Sakura Finetek USA, Inc. 











1750 W 214th Street | Torrance,
 CA 90501 | U.S.A.  








T: +1 310 783 5075 









F: +1 310 618 6902 | E: gwilson@sakuraus.com  
    








www.sakuraus.com        =
;   









&nbs=
p;














3D"cid:image002.png@01D35D7D.179A7510"




3D"cid:image003.png@01D35D7=


























Conf=
identiality Notice: This e-mail transmission may contain confidential or le=
gally privileged information that is intended
 only for the individual or entity named in the e-mail address. If you are =
not the intended recipient, you are hereby notified that any disclosure, co=
pying, distribution, or reliance upon the contents of this e-mail is strict=
ly prohibited. If you have received
 this e-mail transmission in error, please reply to the sender, so that Sak=
ura Finetek USA, Inc. can arrange for proper delivery, and then please dele=
te the message from your inbox. Thank you.








 




 








From: Rudolf J Streif [mailto:=
rudolf.streif@ibeeto.com]


Sent: Wednesday, May 15, 2019 01:30 PM

To: Greg Wilson-Lindberg <GWilson@sakuraus.com&g=
t;; Yocto list discussion <yocto@yoctoproject.org>=


Subject: Re: [yocto] problem adding a user






 


Instead of


 


useradd -p `openssl passwd test` sakura


 


which attempts to add the user and set the password which fails if the u=
ser already exists, use


 


usermod -p `openssl passwd test` sakura


 


which sets the user's password.


 


:rjs


 




On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:








Ok, I had been using the =
useradd class in a couple of other recipes to allow me to copy files to the=
 sakura user directory and another location, but owned by sakura. That seem=
s to have been what was causing the
 problem.


 


I had been using the extr=
ausers class in my top level image recipe.




So now how do I get all of this to work together? Do I need to put everythi=
ng that touches the sakura user in the same recipe? It seems that I need to=
 use only one of the useradd or extrausers classes?



 




Greg












From: Rudolf J Streif

<rudolf.streif@ibeeto.com>

Sent: Wednesday, May 15, 2019 12:31 PM

To: Greg Wilson-Lindberg; Yocto list discussion

Subject: Re: [yocto] problem adding a user





 =
;








The ! for the password in=
 /etc/shadow indicates that the account is disabled:

sakura:!:18031:0:99999:7:=
::


 


Either there is something=
 wrong with the password generation or it gets disabled by something else. =
Maybe it's worth trying with a plain image without Boot2Qt or anything else=
.


 


:rjs=



 


 




On 5/=
15/19 11:46 AM, Greg Wilson-Lindberg wrote:








Hi Rudolf,<=
/span>


1st, yes I inherit extrau=
sers. Attached are the passwd & shadow files.


 


It shouldn't make any dif=
ference, but I'm building this for an RPi3 using the Qt Boot2Qt version of =
the Yocto environment, distro 2.5.3.


 


Greg












From: Rudolf J Streif

<rudolf.streif@ibeeto.com>

Sent: Wednesday, May 15, 2019 11:26 AM

To: Greg Wilson-Lindberg; Yocto list discussion

Subject: Re: [yocto] problem adding a user





 =
;








Hi Greg,


 


> I've also tried both=
 the back-quote and the single-quote, no difference.

 


Help me to understand thi=
s. the back-quotes are the right ones. If you use the single ones your pass=
word in the /etc/shadow ends up being 'openssl passwd test' (without the qu=
otes), unless the build fails because
 of a parsing error (I have not tried it). Silly question, you did inherit =
extrausers class?


 


Can you post your /etc/pa=
sswd and /etc/shadow


 


I am surprised that this =
does not work with your setup. I have been doing this a gazillion times alw=
ays with success.


 


:rjs=



 


 


 




On 5/=
15/19 11:03 AM, Greg Wilson-Lindberg wrote:










Hi Rudolf,<=
/span>


Thanks for the reply, and=
 the information on how openssl works.


 


I'm trying to create a us=
er with the same group name so the code that I'm using reduces to:




EXTRA_USERS_PARAMS =3D "\


    useradd -p `openssl pass=
wd test` sakura; \


    usermod -a -G sudo ${SAK=
URA_USER}; \


    "



I als=
o, as you can see, removed the macros to eliminate as much confusion as pos=
sible.



 


I still can't login in us=
ing the password 'test'.


 


I've also tried both the =
back-quote and the single-quote, no difference.


Regards,


 


Greg=













From: Rudolf J Streif

<rudolf.streif@ibeeto.com>

Sent: Wednesday, May 15, 2019 10:07:47 AM

To: Greg Wilson-Lindberg; Yocto list discussion

Subject: Re: [yocto] problem adding a user





 =
;










Hi Greg,



Well, I suppose I wrote the book you are referring to...





Using



useradd -p PASSWORD USER



takes the password hash for PASSWORD hence the use of openssl in:



useadd -p `openssl passwd PASSWORD` USER



openssl password creates the password hash using the original crypt hash 
algorithm if no other options are specified. e.g.



$ openssl passwd hello

6hEsTksgRkeiI



With this the first two characters of the output is the salt and the 

rest is the password hash. If you want openssl to create the same result 
again:



$ openssl passwd -salt "6h" hello

6hEsTksgRkeiI



You can use newer algorithms like MD5 based BSD password algorithm 1:



$ openssl passwd -1 hello

$1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1



$1 : password algorithm 1

$4Mu8Fcs. : salt

$eIKgPP7RCYrb3lFZjhADA1 : password hash





If you log into the system you have to use the clear password. The 

system reads the salt, creates the password hash and compares the results.<=
br>




:rjs





On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:

> I'm trying to use the example in "Embedded Linux Systems with the=
 Yocto Project" to add a user to my Yocto build. In the book the sampl=
e code:

>

>     useradd -p `openssl passwd ${DEV_PASSWORD}` de=
veloper; \

>

> uses openssl to generate the encrypted password string to pass to user=
add. I have never been able to get this to work. When I run the openssl

> command on the cmd line I get a different value every time, this seems=
 wrong, How can the password code compare against it if every encode

> produces a different value?

>

> I am getting the user added to the system, the home directory shows up=
 and the user is in the passwd and group files. I just can't login to the
> account.

>

> I've obviously got something confused, any help would be appreciated.<=
br>
>

> Greg Wilson-Lindberg

>   



-- 

-----

Rudolf J Streif

CEO/CTO ibeeto

+1.855.442.3396 x700






-- 


-----


Rudolf J Streif


CEO/CTO ibeeto


+1.855.442.3396 x700










-- 


-----


Rudolf J Streif


CEO/CTO ibeeto


+1.855.442.3396 x700










-- 


-----


Rudolf J Streif


CEO/CTO ibeeto


+1.855.442.3396 x700


































-- 




Rudolf J Streif

CEO/CTO


ibeeto, Streif Enterprises Inc.




















-- 




Rudolf J Streif

CEO/CTO


ibeeto, Streif Enterprises Inc.





-- 

_______________________________________________

yocto mailing list

yocto@yoctoproj=
ect.org

https://lists.yoctoproject.org/listinfo/yocto







-- 






Leon Woestenberg




T: +31 40 711 42 76


M: +31 6 472 30 372









Sidebranch


Embedded Systems

Eindhoven, The Nether=
lands

http://www.sidebranch.com





























--_000_e23aa53be35e45b09a2d64704da73ec6sakurauscom_--