Greg,
Can you share the logfile via Pastebin?
:rjs
On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg <gwil...@sakuraus.com>
wrote:
> Rudolf,
>
> Something else is happening to me. I changed to this in the image recipe:
>
> SAKURA_USER = "sakura"
>
> SAKURA_PASSWD = "Distracted"
> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0"
>
> EXTRA_USERS_PARAMS = "\
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \
> usermod -a -G sudo,dialout ${SAKURA_USER}; \
> "
>
> deleting all of the commented out lines, and I get this in the log file:
>
>
> ..../scribe/1.0-r0/rootfs -p '' sakura]
>
>
> nothing between the single quotes. It's acting like SAKURA_PASS is not
> defined.
>
> This is only happening when I'm trying the MD5 password.
>
>
> Greg
> ------------------------------
> *From:* Rudolf Streif <rudolf.str...@ibeeto.com>
> *Sent:* Tuesday, May 21, 2019 5:37:23 AM
> *To:* Greg Wilson-Lindberg
> *Cc:* Yocto list discussion
> *Subject:* Re: [yocto] problem adding a user
>
> Greg,
>
> usermod does not work for the MD5 algorithm with the explicit password
> hash as it contains the $ field delimiters which are interpreted by the
> shell executing the usermod command. Use single quotes around the password
> hash:
>
> usermod -p '${SAKURA_PASS}' ${SAKURA_USER};
>
> :rjs
>
> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <gwil...@sakuraus.com>
> wrote:
>
>> Hi Rudolf,
>>
>> I've had more time to work with this and I'm still having problems getting
>> everything to work properly. I've attached the image recipe recipe that I'm
>> using so I don't leave any thing out that may be relevant.
>>
>> When I build with a password that is no more more than 8 characters long
>> and no non-alphabetic characters:
>>
>> SAKURA_PASSWD = "Distract"
>> SAKURA_PASS = "WRsDFfg1BsrDM"
>>
>> everything works correctly.
>>
>> I first tried that using the `openssl ...` form, and then I tried the
>> -1, MD5 BSD form and had problems, so I changed to doing the openssl
>> on the command line and making sure that I don't have any characters
>> that display as '.' or '/'. Again, if I don't do more than 8 characters
>> and no special characters everything works.
>>
>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes
>> and the log file shows the usermod being exectued correctly:
>>
>> NOTE: scribe: Performing usermod with [-R
>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
>> -p kyNsrvS0elMWU sakura]
>> NOTE: scribe: Performing usermod with [-R
>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
>> -a -G sudo,dialout sakura]
>>
>> But when I try to sign in it doesn't work.
>>
>> I then tried the 10 character password 'Distracted', the build fails:
>>
>> NOTE: scribe: Performing usermod with [-R
>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs
>> -p sakura]
>> Usage: usermod [options] LOGIN
>>
>> Options:
>> -c, --comment COMMENT new value of the GECOS field
>> -d, --home HOME_DIR new home directory for the user account
>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
>> -f, --inactive INACTIVE set password inactive after expiration
>> to INACTIVE
>> -g, --gid GROUP force use GROUP as new primary group
>> -G, --groups GROUPS new list of supplementary GROUPS
>> -a, --append append the user to the supplemental GROUPS
>> mentioned by the -G option without removing
>> him/her from other groups
>> -h, --help display this help message and exit
>> -l, --login NEW_LOGIN new value of the login name
>> -L, --lock lock the user account
>> -m, --move-home move contents of the home directory to the
>> new location (use only with -d)
>> -o, --non-unique allow using duplicate (non-unique) UID
>> -p, --password PASSWORD use encrypted password for the new password
>> -P, --clear-password PASSWORD use clear password for the new password
>> -R, --root CHROOT_DIR directory to chroot into
>> -s, --shell SHELL new login shell for the user account
>> -u, --uid UID new UID for the user account
>> -U, --unlock unlock the user account
>> -v, --add-subuids FIRST-LAST add range of subordinate uids
>> -V, --del-subuids FIRST-LAST remove range of subordinate uids
>> -w, --add-subgids FIRST-LAST add range of subordinate gids
>> -W, --del-subgids FIRST-LAST remove range of subordinate gids
>>
>> ERROR: scribe: usermod command did not succeed.
>>
>> So, even though I'm putting in the openssl output:
>> openssl passwd -1 "Distracted"
>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0
>>
>> that I get back from what should be a valid run of openssl, I don't see
>> anything
>> from the password on the usermod command line:
>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]"
>>
>> I don't understand why the short passwords and passing along the proper hash
>> works,
>> but not the longer password.
>>
>> It also doesn't make sense that I can't put in the '$' & '@' characters and
>> have them work.
>>
>> Any suggestions would be greatly appreciated.
>>
>> Greg
>>
>> ------------------------------
>> *From:* Rudolf Streif <rudolf.str...@ibeeto.com>
>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM
>> *To:* Greg Wilson-Lindberg
>> *Cc:* Yocto list discussion
>> *Subject:* Re: [yocto] problem adding a user
>>
>> Glad to hear that it works now. I am planning on attending the YP DevDay.
>>
>> :rjs
>>
>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <gwil...@sakuraus.com>
>> wrote:
>>
>>> Thank you very much, that got me back on the right path.
>>>
>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference.
>>>
>>> Regards,
>>>
>>> [image: cid:image001.png@01D35D7D.179A7510]
>>>
>>> *Greg Wilson-Lindberg *
>>>
>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. *
>>>
>>>
>>>
>>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A.
>>>
>>> T: +1 310 783 5075
>>>
>>> F: +1 310 618 6902 | E: gwil...@sakuraus.com
>>>
>>> www.sakuraus.com
>>>
>>>
>>>
>>> [image: cid:image002.png@01D35D7D.179A7510]
>>>
>>> [image: cid:image003.png@01D35D7D.179A7510]
>>> ------------------------------
>>>
>>> Confidentiality Notice: This e-mail transmission may contain
>>> confidential or legally privileged information that is intended only for
>>> the individual or entity named in the e-mail address. If you are not the
>>> intended recipient, you are hereby notified that any disclosure, copying,
>>> distribution, or reliance upon the contents of this e-mail is strictly
>>> prohibited. If you have received this e-mail transmission in error, please
>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for
>>> proper delivery, and then please delete the message from your inbox. Thank
>>> you.
>>>
>>>
>>>
>>>
>>>
>>> *From:* Rudolf J Streif [mailto:rudolf.str...@ibeeto.com]
>>> *Sent:* Wednesday, May 15, 2019 01:30 PM
>>> *To:* Greg Wilson-Lindberg <gwil...@sakuraus.com>; Yocto list
>>> discussion <yocto@yoctoproject.org>
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Instead of
>>>
>>>
>>>
>>> useradd -p `openssl passwd test` sakura
>>>
>>>
>>>
>>> which attempts to add the user and set the password which fails if the
>>> user already exists, use
>>>
>>>
>>>
>>> usermod -p `openssl passwd test` sakura
>>>
>>>
>>>
>>> which sets the user's password.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote:
>>>
>>> Ok, I had been using the useradd class in a couple of other recipes to
>>> allow me to copy files to the sakura user directory and another location,
>>> but owned by sakura. That seems to have been what was causing the problem.
>>>
>>>
>>>
>>> I had been using the extrausers class in my top level image recipe.
>>>
>>>
>>> So now how do I get all of this to work together? Do I need to put
>>> everything that touches the sakura user in the same recipe? It seems that I
>>> need to use only one of the useradd or extrausers classes?
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com>
>>> <rudolf.str...@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 12:31 PM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> The ! for the password in /etc/shadow indicates that the account is
>>> disabled:
>>>
>>> sakura:!:18031:0:99999:7:::
>>>
>>>
>>>
>>> Either there is something wrong with the password generation or it gets
>>> disabled by something else. Maybe it's worth trying with a plain image
>>> without Boot2Qt or anything else.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>>
>>>
>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files.
>>>
>>>
>>>
>>> It shouldn't make any difference, but I'm building this for an RPi3
>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3.
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com>
>>> <rudolf.str...@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 11:26 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Hi Greg,
>>>
>>>
>>>
>>> > I've also tried both the back-quote and the single-quote, no
>>> difference.
>>>
>>>
>>>
>>> Help me to understand this. the back-quotes are the right ones. If you
>>> use the single ones your password in the /etc/shadow ends up being 'openssl
>>> passwd test' (without the quotes), unless the build fails because of a
>>> parsing error (I have not tried it). Silly question, you did inherit
>>> extrausers class?
>>>
>>>
>>>
>>> Can you post your /etc/passwd and /etc/shadow
>>>
>>>
>>>
>>> I am surprised that this does not work with your setup. I have been
>>> doing this a gazillion times always with success.
>>>
>>>
>>>
>>> :rjs
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote:
>>>
>>> Hi Rudolf,
>>>
>>> Thanks for the reply, and the information on how openssl works.
>>>
>>>
>>>
>>> I'm trying to create a user with the same group name so the code that
>>> I'm using reduces to:
>>>
>>> EXTRA_USERS_PARAMS = "\
>>>
>>> useradd -p `openssl passwd test` sakura; \
>>>
>>> usermod -a -G sudo ${SAKURA_USER}; \
>>>
>>> "
>>>
>>> I also, as you can see, removed the macros to eliminate as much
>>> confusion as possible.
>>>
>>>
>>>
>>> I still can't login in using the password 'test'.
>>>
>>>
>>>
>>> I've also tried both the back-quote and the single-quote, no difference.
>>>
>>> Regards,
>>>
>>>
>>>
>>> Greg
>>> ------------------------------
>>>
>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com>
>>> <rudolf.str...@ibeeto.com>
>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM
>>> *To:* Greg Wilson-Lindberg; Yocto list discussion
>>> *Subject:* Re: [yocto] problem adding a user
>>>
>>>
>>>
>>> Hi Greg,
>>>
>>> Well, I suppose I wrote the book you are referring to...
>>>
>>>
>>> Using
>>>
>>> useradd -p PASSWORD USER
>>>
>>> takes the password hash for PASSWORD hence the use of openssl in:
>>>
>>> useadd -p `openssl passwd PASSWORD` USER
>>>
>>> openssl password creates the password hash using the original crypt hash
>>> algorithm if no other options are specified. e.g.
>>>
>>> $ openssl passwd hello
>>> 6hEsTksgRkeiI
>>>
>>> With this the first two characters of the output is the salt and the
>>> rest is the password hash. If you want openssl to create the same result
>>> again:
>>>
>>> $ openssl passwd -salt "6h" hello
>>> 6hEsTksgRkeiI
>>>
>>> You can use newer algorithms like MD5 based BSD password algorithm 1:
>>>
>>> $ openssl passwd -1 hello
>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1
>>>
>>> $1 : password algorithm 1
>>> $4Mu8Fcs. : salt
>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash
>>>
>>>
>>> If you log into the system you have to use the clear password. The
>>> system reads the salt, creates the password hash and compares the
>>> results.
>>>
>>>
>>> :rjs
>>>
>>>
>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote:
>>> > I'm trying to use the example in "Embedded Linux Systems with the
>>> Yocto Project" to add a user to my Yocto build. In the book the sample code:
>>> >
>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \
>>> >
>>> > uses openssl to generate the encrypted password string to pass to
>>> useradd. I have never been able to get this to work. When I run the openssl
>>> > command on the cmd line I get a different value every time, this seems
>>> wrong, How can the password code compare against it if every encode
>>> > produces a different value?
>>> >
>>> > I am getting the user added to the system, the home directory shows up
>>> and the user is in the passwd and group files. I just can't login to the
>>> > account.
>>> >
>>> > I've obviously got something confused, any help would be appreciated.
>>> >
>>> > Greg Wilson-Lindberg
>>> >
>>>
>>> --
>>> -----
>>> Rudolf J Streif
>>> CEO/CTO ibeeto
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>> --
>>>
>>> -----
>>>
>>> Rudolf J Streif
>>>
>>> CEO/CTO ibeeto
>>>
>>> +1.855.442.3396 x700
>>>
>>>
--
Rudolf J Streif
CEO/CTO
ibeeto, Streif Enterprises Inc.
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
