Greg, Can you share the logfile via Pastebin? :rjs On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <gwil...@sakuraus.com> wrote:
> Rudolf, > > Something else is happening to me. I changed to this in the image recipe: > > SAKURA_USER = "sakura" > > SAKURA_PASSWD = "Distracted" > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > > deleting all of the commented out lines, and I get this in the log file: > > > ..../scribe/1.0-r0/rootfs -p '' sakura] > > > nothing between the single quotes. It's acting like SAKURA_PASS is not > defined. > > This is only happening when I'm trying the MD5 password. > > > Greg > ------------------------------ > *From:* Rudolf Streif <rudolf.str...@ibeeto.com> > *Sent:* Tuesday, May 21, 2019 5:37:23 AM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > Greg, > > usermod does not work for the MD5 algorithm with the explicit password > hash as it contains the $ field delimiters which are interpreted by the > shell executing the usermod command. Use single quotes around the password > hash: > > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; > > :rjs > > On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <gwil...@sakuraus.com> > wrote: > >> Hi Rudolf, >> >> I've had more time to work with this and I'm still having problems getting >> everything to work properly. I've attached the image recipe recipe that I'm >> using so I don't leave any thing out that may be relevant. >> >> When I build with a password that is no more more than 8 characters long >> and no non-alphabetic characters: >> >> SAKURA_PASSWD = "Distract" >> SAKURA_PASS = "WRsDFfg1BsrDM" >> >> everything works correctly. >> >> I first tried that using the `openssl ...` form, and then I tried the >> -1, MD5 BSD form and had problems, so I changed to doing the openssl >> on the command line and making sure that I don't have any characters >> that display as '.' or '/'. Again, if I don't do more than 8 characters >> and no special characters everything works. >> >> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes >> and the log file shows the usermod being exectued correctly: >> >> NOTE: scribe: Performing usermod with [-R >> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >> -p kyNsrvS0elMWU sakura] >> NOTE: scribe: Performing usermod with [-R >> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >> -a -G sudo,dialout sakura] >> >> But when I try to sign in it doesn't work. >> >> I then tried the 10 character password 'Distracted', the build fails: >> >> NOTE: scribe: Performing usermod with [-R >> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >> -p sakura] >> Usage: usermod [options] LOGIN >> >> Options: >> -c, --comment COMMENT new value of the GECOS field >> -d, --home HOME_DIR new home directory for the user account >> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE >> -f, --inactive INACTIVE set password inactive after expiration >> to INACTIVE >> -g, --gid GROUP force use GROUP as new primary group >> -G, --groups GROUPS new list of supplementary GROUPS >> -a, --append append the user to the supplemental GROUPS >> mentioned by the -G option without removing >> him/her from other groups >> -h, --help display this help message and exit >> -l, --login NEW_LOGIN new value of the login name >> -L, --lock lock the user account >> -m, --move-home move contents of the home directory to the >> new location (use only with -d) >> -o, --non-unique allow using duplicate (non-unique) UID >> -p, --password PASSWORD use encrypted password for the new password >> -P, --clear-password PASSWORD use clear password for the new password >> -R, --root CHROOT_DIR directory to chroot into >> -s, --shell SHELL new login shell for the user account >> -u, --uid UID new UID for the user account >> -U, --unlock unlock the user account >> -v, --add-subuids FIRST-LAST add range of subordinate uids >> -V, --del-subuids FIRST-LAST remove range of subordinate uids >> -w, --add-subgids FIRST-LAST add range of subordinate gids >> -W, --del-subgids FIRST-LAST remove range of subordinate gids >> >> ERROR: scribe: usermod command did not succeed. >> >> So, even though I'm putting in the openssl output: >> openssl passwd -1 "Distracted" >> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 >> >> that I get back from what should be a valid run of openssl, I don't see >> anything >> from the password on the usermod command line: >> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" >> >> I don't understand why the short passwords and passing along the proper hash >> works, >> but not the longer password. >> >> It also doesn't make sense that I can't put in the '$' & '@' characters and >> have them work. >> >> Any suggestions would be greatly appreciated. >> >> Greg >> >> ------------------------------ >> *From:* Rudolf Streif <rudolf.str...@ibeeto.com> >> *Sent:* Wednesday, May 15, 2019 4:58:26 PM >> *To:* Greg Wilson-Lindberg >> *Cc:* Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> Glad to hear that it works now. I am planning on attending the YP DevDay. >> >> :rjs >> >> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <gwil...@sakuraus.com> >> wrote: >> >>> Thank you very much, that got me back on the right path. >>> >>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference. >>> >>> Regards, >>> >>> [image: cid:image001.png@01D35D7D.179A7510] >>> >>> *Greg Wilson-Lindberg * >>> >>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. * >>> >>> >>> >>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A. >>> >>> T: +1 310 783 5075 >>> >>> F: +1 310 618 6902 | E: gwil...@sakuraus.com >>> >>> www.sakuraus.com >>> >>> >>> >>> [image: cid:image002.png@01D35D7D.179A7510] >>> >>> [image: cid:image003.png@01D35D7D.179A7510] >>> ------------------------------ >>> >>> Confidentiality Notice: This e-mail transmission may contain >>> confidential or legally privileged information that is intended only for >>> the individual or entity named in the e-mail address. If you are not the >>> intended recipient, you are hereby notified that any disclosure, copying, >>> distribution, or reliance upon the contents of this e-mail is strictly >>> prohibited. If you have received this e-mail transmission in error, please >>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for >>> proper delivery, and then please delete the message from your inbox. Thank >>> you. >>> >>> >>> >>> >>> >>> *From:* Rudolf J Streif [mailto:rudolf.str...@ibeeto.com] >>> *Sent:* Wednesday, May 15, 2019 01:30 PM >>> *To:* Greg Wilson-Lindberg <gwil...@sakuraus.com>; Yocto list >>> discussion <yocto@yoctoproject.org> >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> Instead of >>> >>> >>> >>> useradd -p `openssl passwd test` sakura >>> >>> >>> >>> which attempts to add the user and set the password which fails if the >>> user already exists, use >>> >>> >>> >>> usermod -p `openssl passwd test` sakura >>> >>> >>> >>> which sets the user's password. >>> >>> >>> >>> :rjs >>> >>> >>> >>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: >>> >>> Ok, I had been using the useradd class in a couple of other recipes to >>> allow me to copy files to the sakura user directory and another location, >>> but owned by sakura. That seems to have been what was causing the problem. >>> >>> >>> >>> I had been using the extrausers class in my top level image recipe. >>> >>> >>> So now how do I get all of this to work together? Do I need to put >>> everything that touches the sakura user in the same recipe? It seems that I >>> need to use only one of the useradd or extrausers classes? >>> >>> >>> >>> Greg >>> ------------------------------ >>> >>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>> <rudolf.str...@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 12:31 PM >>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> The ! for the password in /etc/shadow indicates that the account is >>> disabled: >>> >>> sakura:!:18031:0:99999:7::: >>> >>> >>> >>> Either there is something wrong with the password generation or it gets >>> disabled by something else. Maybe it's worth trying with a plain image >>> without Boot2Qt or anything else. >>> >>> >>> >>> :rjs >>> >>> >>> >>> >>> >>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >>> >>> Hi Rudolf, >>> >>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >>> >>> >>> >>> It shouldn't make any difference, but I'm building this for an RPi3 >>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >>> >>> >>> >>> Greg >>> ------------------------------ >>> >>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>> <rudolf.str...@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 11:26 AM >>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> Hi Greg, >>> >>> >>> >>> > I've also tried both the back-quote and the single-quote, no >>> difference. >>> >>> >>> >>> Help me to understand this. the back-quotes are the right ones. If you >>> use the single ones your password in the /etc/shadow ends up being 'openssl >>> passwd test' (without the quotes), unless the build fails because of a >>> parsing error (I have not tried it). Silly question, you did inherit >>> extrausers class? >>> >>> >>> >>> Can you post your /etc/passwd and /etc/shadow >>> >>> >>> >>> I am surprised that this does not work with your setup. I have been >>> doing this a gazillion times always with success. >>> >>> >>> >>> :rjs >>> >>> >>> >>> >>> >>> >>> >>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >>> >>> Hi Rudolf, >>> >>> Thanks for the reply, and the information on how openssl works. >>> >>> >>> >>> I'm trying to create a user with the same group name so the code that >>> I'm using reduces to: >>> >>> EXTRA_USERS_PARAMS = "\ >>> >>> useradd -p `openssl passwd test` sakura; \ >>> >>> usermod -a -G sudo ${SAKURA_USER}; \ >>> >>> " >>> >>> I also, as you can see, removed the macros to eliminate as much >>> confusion as possible. >>> >>> >>> >>> I still can't login in using the password 'test'. >>> >>> >>> >>> I've also tried both the back-quote and the single-quote, no difference. >>> >>> Regards, >>> >>> >>> >>> Greg >>> ------------------------------ >>> >>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>> <rudolf.str...@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> >>> >>> Hi Greg, >>> >>> Well, I suppose I wrote the book you are referring to... >>> >>> >>> Using >>> >>> useradd -p PASSWORD USER >>> >>> takes the password hash for PASSWORD hence the use of openssl in: >>> >>> useadd -p `openssl passwd PASSWORD` USER >>> >>> openssl password creates the password hash using the original crypt hash >>> algorithm if no other options are specified. e.g. >>> >>> $ openssl passwd hello >>> 6hEsTksgRkeiI >>> >>> With this the first two characters of the output is the salt and the >>> rest is the password hash. If you want openssl to create the same result >>> again: >>> >>> $ openssl passwd -salt "6h" hello >>> 6hEsTksgRkeiI >>> >>> You can use newer algorithms like MD5 based BSD password algorithm 1: >>> >>> $ openssl passwd -1 hello >>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >>> >>> $1 : password algorithm 1 >>> $4Mu8Fcs. : salt >>> $eIKgPP7RCYrb3lFZjhADA1 : password hash >>> >>> >>> If you log into the system you have to use the clear password. The >>> system reads the salt, creates the password hash and compares the >>> results. >>> >>> >>> :rjs >>> >>> >>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >>> > I'm trying to use the example in "Embedded Linux Systems with the >>> Yocto Project" to add a user to my Yocto build. In the book the sample code: >>> > >>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >>> > >>> > uses openssl to generate the encrypted password string to pass to >>> useradd. I have never been able to get this to work. When I run the openssl >>> > command on the cmd line I get a different value every time, this seems >>> wrong, How can the password code compare against it if every encode >>> > produces a different value? >>> > >>> > I am getting the user added to the system, the home directory shows up >>> and the user is in the passwd and group files. I just can't login to the >>> > account. >>> > >>> > I've obviously got something confused, any help would be appreciated. >>> > >>> > Greg Wilson-Lindberg >>> > >>> >>> -- >>> ----- >>> Rudolf J Streif >>> CEO/CTO ibeeto >>> +1.855.442.3396 x700 >>> >>> -- >>> >>> ----- >>> >>> Rudolf J Streif >>> >>> CEO/CTO ibeeto >>> >>> +1.855.442.3396 x700 >>> >>> -- >>> >>> ----- >>> >>> Rudolf J Streif >>> >>> CEO/CTO ibeeto >>> >>> +1.855.442.3396 x700 >>> >>> -- >>> >>> ----- >>> >>> Rudolf J Streif >>> >>> CEO/CTO ibeeto >>> >>> +1.855.442.3396 x700 >>> >>> -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc.
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto