From: Louis Rannou <lrannou@baylibre.com>
To: openembedded-core@lists.openembedded.org
Cc: Louis Rannou <lrannou@baylibre.com>, anuj.mittal@intel.com
Subject: [PATCH 0/3] rootfs-postcommands: replace the sysusers.d postcommand
Date: Thu, 15 Jun 2023 13:43:52 +0200 [thread overview]
Message-ID: <20230613-sysusersd-v1-0-eaddf3179773@baylibre.com> (raw)
This is a suggestion to replace the management of sysusers.d in the build.
sysusers.d is a set of configuration files to declare system users and groups
supposed to be created at boot when they do not exist.
Until now, we have a rootfs post command that checks those configuration and
creates missing users and groups. This command is defective when a home
directory or a shell is specified. The actual parsing leads to incorrect
commands such as:
`useradd --shell /sbin/nologin --uid 0 --comment "Super User" /root --system
root`
Also, it appears there is more interest for a command that checks all required
users are correctly created before the rootfs is done.
Therefore, the first patch here replaces the command `systemd_create_users` by a
command `systemd_sysusers_check` that every users/groups declared in sysusers.d
configuration files already exist in `/etc/passwd` and `/etc/group` and check at
best if the properties match.
This reveals two misconfiguration:
WARNING: memfault-image-1.0-r0 do_rootfs: User root has been defined as (root, 0, 0, root, /home/root, /bin/sh) but sysusers.d expects it as (root, 0, -, Super User, /root, -)
WARNING: memfault-image-1.0-r0 do_rootfs: Group wheel has never been defined
1. As systemd supposes the rootfs should not be configurable, whereas it is possibl
ein yocto through the variable ROOT_HOME,, a second patch suggests to replace
the sysusers.d configuration file 'basic.conf' by ours.
2. The user wheel can be used for some superuser tasks such as consulting the
systemd journal or manage printers in cups. It can also be used for su and sudo
in replacement of the sudo group. It looks good to add this in the base-passwd
files. It is not upstreamable as the debian point of view is that the wheel
group is unset by default.
Signed-off-by: Louis Rannou <lrannou@baylibre.com>
---
Louis Rannou (3):
rootfs-postcommands: change sysusers.d command
systemd: replace the sysusers.d basic configuration
base-passwd: add the wheel group
meta/classes-recipe/rootfs-postcommands.bbclass | 133 +++++++++++++++++----
.../base-passwd/0007-Add-wheel-group.patch | 20 ++++
meta/recipes-core/base-passwd/base-passwd_3.6.1.bb | 1 +
meta/recipes-core/systemd/systemd/basic.conf.in | 40 +++++++
meta/recipes-core/systemd/systemd_253.3.bb | 5 +
5 files changed, 175 insertions(+), 24 deletions(-)
---
base-commit: 8078a62739f08e60de98e194b9cd987d8c5b2e7b
change-id: 20230613-sysusersd-614778830079
Best regards,
--
Louis Rannou <lrannou@baylibre.com>
next reply other threads:[~2023-06-15 11:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-15 11:43 Louis Rannou [this message]
2023-06-15 11:43 ` [PATCH 1/3] rootfs-postcommands: change sysusers.d command Louis Rannou
2023-06-15 11:43 ` [PATCH 2/3] systemd: replace the sysusers.d basic configuration Louis Rannou
2023-06-16 16:51 ` [OE-core] " Peter Kjellerstedt
2023-06-19 12:27 ` Louis Rannou
[not found] ` <5a438786-9f24-e30d-ed84-08bf48b7bfd4@baylibre.com>
2023-06-29 13:03 ` Louis Rannou
2023-07-25 17:11 ` Peter Kjellerstedt
2023-06-15 11:43 ` [PATCH 3/3] base-passwd: add the wheel group Louis Rannou
2023-06-18 9:37 ` [OE-core] " Alexandre Belloni
2023-06-19 12:28 ` Louis Rannou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230613-sysusersd-v1-0-eaddf3179773@baylibre.com \
--to=lrannou@baylibre.com \
--cc=anuj.mittal@intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox