User login fails despite successful creation with useradd class on NVIDIA Jetson AGX Orin #nvidia-jetson-agx-orin #yocto

User login fails despite successful creation with useradd class on NVIDIA Jetson AGX Orin #nvidia-jetson-agx-orin #yocto

[felix.beck]

[-- Attachment #1: Type: text/plain, Size: 2073 bytes --]

Hello Yocto community,
I'm experiencing a persistent login issue with a custom Yocto image for **NVIDIA Jetson AGX Orin (64GB)** (MACHINE = "p3737-0000-p3701-0005", in meta-tegra/conf/machine). The build, flashing, and booting all work correctly, but I cannot login with the created user account through either the GUI login screen or tty2 console. I can only see a user "jetson".
**Setup:**
- Custom distro based on Poky
- Target: NVIDIA Jetson AGX Orin (64GB)
- Base image: core-image-base
- User creation via useradd class following official documentation
**User creation recipe implementation:**
```bash
inherit useradd
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "-u 1200 -d /home/myuser -m -s /bin/bash -p '\$6\$...(SHA-512 hash)...' myuser"
GROUPADD_PARAM:${PN} = "-g 999 docker"
GROUPMEMS_PARAM:${PN} = "-g docker -a myuser"
pkg_postinst_ontarget:${PN}() {
cp ${datadir}/${PN}/myuser-sudoers /etc/sudoers.d/myuser
chmod 0440 /etc/sudoers.d/myuser
chown root:root /etc/sudoers.d/myuser
echo 'root:$6$...(same hash)...' | chpasswd -e
}
```
**Verification by mounting rootfs.ext4:**
- User exists in /etc/passwd: `myuser:x:1200:1200::/home/myuser:/bin/bash`
- Password hash exists in /etc/shadow: `myuser:$6$...:...:...`
- Home directory /home/myuser exists with correct ownership
- User is member of docker group in /etc/group
- local.conf has `EXTRA_IMAGE_FEATURES:remove = "debug-tweaks"`
**What I've tried:**
- Both MD5 and SHA-512 password hashes (generated with Python crypt.crypt)
- Following meta-skeleton/recipes-skeleton/useradd/useradd-example.bb pattern
- Verified against useradd class documentation
- Simplified sudoers configuration: `myuser ALL=(ALL) NOPASSWD: ALL`
The user account appears correctly created in the filesystem, but authentication consistently fails at runtime. Are there additional dependencies or runtime configurations needed for password authentication on NVIDIA Jetson platforms that differ from the standard useradd approach?
Any insights would be greatly appreciated.
Best regards,
Felix

[-- Attachment #2: Type: text/html, Size: 2371 bytes --]

Re: [yocto] User login fails despite successful creation with useradd class on NVIDIA Jetson AGX Orin #nvidia-jetson-agx-orin #yocto

[Khem Raj]

On 7/30/25 9:44 AM, felix.beck via lists.yoctoproject.org wrote:
> Hello Yocto community,
> I'm experiencing a persistent login issue with a custom Yocto image for 
> **NVIDIA Jetson AGX Orin (64GB)** (MACHINE = "p3737-0000-p3701-0005", in 
> meta-tegra/conf/machine). The build, flashing, and booting all work 
> correctly, but I cannot login with the created user account through 
> either the GUI login screen or tty2 console. I can only see a user "jetson".
> **Setup:**
> - Custom distro based on Poky
> - Target: NVIDIA Jetson AGX Orin (64GB)
> - Base image: core-image-base
> - User creation via useradd class following official documentation
> **User creation recipe implementation:**
> ```bash
> inherit useradd
> USERADD_PACKAGES = "${PN}"
> USERADD_PARAM:${PN} = "-u 1200 -d /home/myuser -m -s /bin/bash -p '\$6\ 
> $...(SHA-512 hash)...' myuser"
> GROUPADD_PARAM:${PN} = "-g 999 docker"
> GROUPMEMS_PARAM:${PN} = "-g docker -a myuser"
> pkg_postinst_ontarget:${PN}() {
>      cp ${datadir}/${PN}/myuser-sudoers /etc/sudoers.d/myuser
>      chmod 0440 /etc/sudoers.d/myuser
>      chown root:root /etc/sudoers.d/myuser
>      echo 'root:$6$...(same hash)...' | chpasswd -e
> }
> ```
> **Verification by mounting rootfs.ext4:**
> - User exists in /etc/passwd: `myuser:x:1200:1200::/home/myuser:/bin/bash`
> - Password hash exists in /etc/shadow: `myuser:$6$...:...:...`
> - Home directory /home/myuser exists with correct ownership
> - User is member of docker group in /etc/group
> - local.conf has `EXTRA_IMAGE_FEATURES:remove = "debug-tweaks"`
> **What I've tried:**
> - Both MD5 and SHA-512 password hashes (generated with Python crypt.crypt)
> - Following meta-skeleton/recipes-skeleton/useradd/useradd-example.bb 
> pattern
> - Verified against useradd class documentation
> - Simplified sudoers configuration: `myuser ALL=(ALL) NOPASSWD: ALL`
> The user account appears correctly created in the filesystem, but 
> authentication consistently fails at runtime. Are there additional 
> dependencies or runtime configurations needed for password 
> authentication on NVIDIA Jetson platforms that differ from the standard 
> useradd approach?
> Any insights would be greatly appreciated.

We have something to this in Yoe, which might give some hints for you

https://github.com/YoeDistro/yoe-distro/blob/master/conf/projects/jetson-agx-orin-devkit/config.conf#L91-L101


> Best regards,
> Felix
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> You automatically follow any topics you start or reply to.
> View/Reply Online (#65723): https://lists.yoctoproject.org/g/yocto/message/65723
> Mute This Topic: https://lists.yoctoproject.org/mt/114452095/1997914
> Mute #nvidia-jetson-agx-orin:https://lists.yoctoproject.org/g/yocto/mutehashtag/nvidia-jetson-agx-orin
> Mute #yocto:https://lists.yoctoproject.org/g/yocto/mutehashtag/yocto
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [yocto] User login fails despite successful creation with useradd class on NVIDIA Jetson AGX Orin #yocto #nvidia-jetson-ags-orin

[felix.beck]

[-- Attachment #1: Type: text/plain, Size: 2253 bytes --]

I managed to solve the login issue. I used your distro for that.

However, the issue was not connected to Yocto but to the way I flash the image. My situation was that I was able to build, flash and boot. But everytime I saw a ubuntu-gnome-like GUI with a user "jetson" that I had not created. The problem was that I had a M.2/nvme harddisk on my jetson. This caused issues during the flashing and booting that did not result in any error messages. When I removed the M.2/nvme device from the AGX Orin and flashed the yocto files onto the emmc chip, it worked. I was able to login with the user "root" without any password.

Unfortunately, I still do not manage to create a custom user. Now I'm hitting an issue with EXTRA_USERS_PARAMS on my Jetson AGX Orin build. My user setup works fine for the main image but bombs out on the minimal Tegra images:
My config ( from yoe-distro ( https://github.com/YoeDistro/yoe-distro/blob/master/conf/projects/jetson-agx-orin-devkit/config.conf ) ):

# Setting a user/password in system
INHERIT += "extrausers"
EXTRA_USERS_PARAMS += "\
useradd admin; \
usermod -p '$(openssl passwd -6 myrootpassword)' admin; \
usermod -p '$(openssl passwd -6 myrootpassword)' root; \
usermod -a -G adm admin; \
usermod -a -G video admin; \
usermod -a -G audio admin; \
usermod -a -G systemd-journal admin; \
"
# Remove features that allow empty passwords - this MUST be uncommented to work
EXTRA_IMAGE_FEATURES:remove = "allow-empty-password empty-root-password"

Error during build:
usermod: group 'systemd-journal' does not exist
ERROR: tegra-espimage: usermod command did not succeed.

The problem is that tegra-espimage and tegra-minimal-initramfs don't include systemd, so no systemd-journal group gets created. But my main yoe-simple-image has systemd and needs this group assignment.
Same machine config builds multiple image types - some with systemd, some without. EXTRA_USERS_PARAMS gets applied to all of them.

What's the cleanest way to handle this? Conditional logic in the user params? Per-image overrides? Or am I missing something obvious? Currently just removing the systemd-journal line to get builds working, but then my admin user can't read journals in the full image.

Thanks!

[-- Attachment #2: Type: text/html, Size: 2644 bytes --]

Re: [yocto] User login fails despite successful creation with useradd class on NVIDIA Jetson AGX Orin #yocto #nvidia-jetson-ags-orin

[Khem Raj]

[-- Attachment #1: Type: text/plain, Size: 2596 bytes --]

On Mon, Aug 4, 2025 at 4:04 AM felix.beck via Lists.Yoctoproject.Org
<felix.beck=karevo.de@lists.yoctoproject.org> wrote:

> I managed to solve the login issue. I used your distro for that.
>
> However, the issue was not connected to Yocto but to the way I flash the
> image. My situation was that I was able to build, flash and boot. But
> everytime I saw a ubuntu-gnome-like GUI with a user "jetson" that I had not
> created. The problem was that I had a M.2/nvme harddisk on my jetson. This
> caused issues during the flashing and booting that did not result in any
> error messages. When I removed the M.2/nvme device from the AGX Orin and
> flashed the yocto files onto the emmc chip, it worked. I was able to login
> with the user "root" without any password.
>
> Unfortunately, I still do not manage to create a custom user. Now I'm
> hitting an issue with EXTRA_USERS_PARAMS on my Jetson AGX Orin build. My
> user setup works fine for the main image but bombs out on the minimal Tegra
> images:
> My config (from yoe-distro
> <https://github.com/YoeDistro/yoe-distro/blob/master/conf/projects/jetson-agx-orin-devkit/config.conf>
> ):
>
> # Setting a user/password in system
> INHERIT += "extrausers"
> EXTRA_USERS_PARAMS += "\
>    useradd admin; \
>    usermod -p '$(openssl passwd -6 myrootpassword)' admin; \
>    usermod -p '$(openssl passwd -6 myrootpassword)' root; \
>    usermod -a -G adm admin; \
>    usermod -a -G video admin; \
>    usermod -a -G audio admin; \
>    usermod -a -G systemd-journal admin; \
> "
> # Remove features that allow empty passwords - this MUST be uncommented to
> work
> EXTRA_IMAGE_FEATURES:remove = "allow-empty-password empty-root-password"
>
> Error during build:
> usermod: group 'systemd-journal' does not exist
> ERROR: tegra-espimage: usermod command did not succeed.
>
> The problem is that tegra-espimage and tegra-minimal-initramfs don't
> include systemd, so no systemd-journal group gets created. But my main
> yoe-simple-image has systemd and needs this group assignment.
> Same machine config builds multiple image types - some with systemd, some
> without. EXTRA_USERS_PARAMS gets applied to all of them.
>
> What's the cleanest way to handle this? Conditional logic in the user
> params? Per-image overrides? Or am I missing something obvious? Currently
> just removing the systemd-journal line to get builds working, but then my
> admin user can't read journals in the full image.
>

Perhaps write happeneds for those images and empty this variable in there

>
> Thanks!
>

[-- Attachment #2: Type: text/html, Size: 3359 bytes --]