4

I like to do some things for the build-in users of my yocto project:

1.) set a password for root to "abc"

2.) set the root shell for ssh login form /bin/sh to /bin/bash

3.) add the user "customUser" with password "xyz"

Think a simple recipe can do this. So far I tried @ myUser.bb:

SUMMARY = "admin + user"
SECTION = "USR"
LICENSE = "CLOSED"

inherit extrausers useradd

# how to
# pw: abc
# at bash: usermod -p $(openssl passwd abc) root
# get a salted hash: openssl passwd abc
# one possible result: 1Cw5PHLy76ps2
# the command now looks: usermod -p 1Cw5PHLy76ps2 root

# set image root password
EXTRA_USERS_PARAMS = "usermod -p 1Cw5PHLy76ps2 root;"

USERADD_PACKAGES = "${PN}"

# password
# "xyz"
# openssl passwd xyz
# result: y5UyLBO4GNAwc

USERADD_PARAM_${PN} = "-u 1200 -d /home/customUser -r -s /bin/bash -p y5UyLBO4GNAwc customUser"

do_install_append () {
    install -d -m 755 ${D}${datadir}/customUser

    # The new users and groups are created before the do_install
    # step, so you are now free to make use of them:
    chown -R customUser ${D}${datadir}/customUser

    # groups
    # chgrp -R group1 ${D}${datadir}/customUser
}

FILES_${PN} = "${datadir}/*"

#ALLOW_EMPTY_${PN} = "1"

Any idea how to get this done?

Stefan Jaritz
  • 1,999
  • 7
  • 36
  • 60
  • Well, what did your recipe achieve? What's your current problem? – Anders May 18 '17 at 09:54
  • the package created from the recipe contains only an empty dir with the name "customUser". Think the user creation/modification failed – Stefan Jaritz May 18 '17 at 12:49
  • Sure, but it was just those two modifications from your example. However, as you've likely noticed, this doesn't cover chaning the password of the root user. That's often accomplished by a sed -expression in a `ROOTFS_POSTPROC_COMMAND` – Anders May 19 '17 at 13:50

2 Answers2

7

You can use EXTRA_USERS_PARAMS global in your main recipe.

inherit extrausers
EXTRA_USERS_PARAMS = " useradd customUser1; \
                       useradd customUser2; \
                       usermod  -p 'Password_1' customUser1; \
                       usermod  -p 'Password_2' customUser2; \
                       usermod  -a -G sudo customUser1; \
                       usermod  -a -G sudo customUser2;"
LPs
  • 16,045
  • 8
  • 30
  • 61
  • This works, but I like to add/change the user at my local meta-layer conf. – Stefan Jaritz May 19 '17 at 11:33
  • Well, don't you have your own recipe? You should put it into that one, obviously it is in your private layer. – LPs May 19 '17 at 11:55
  • 1
    I have - it's called myUser.bb. I solved the problem by the help of @Anders – Stefan Jaritz May 19 '17 at 12:48
  • this only add user and while trying any command with sudo it give error ' user not in sudoers files, this incident will reported'. @LPs – Kallz Aug 23 '21 at 05:45
  • as root i can run any command but as another user, I can`t run any command I have to update bin path manually than I can execute command like 'ifconfig wpa_supplicant' – Kallz Aug 23 '21 at 05:46
  • 1
    It is `usermod -P password user;`. Note the capital `-P` and no quqotes around password and user. – 71GA Jan 11 '22 at 22:41
  • 2
    The latest versions of usermod don't support the `-P` option. And `-p` is expecting the encrypted password hash. You can use the `mkpasswd` command (part of Ubuntu's `whois` package) to generate password hashes. – David C. Jun 29 '22 at 23:06
2

I took your example and made two small changes to get it to work.

First, I removed inherit extrauser, this isn't necessary when working with useradd. That made bitbaking the recipe fail; the username was invalid. I changed the username to custom, and everything builds fine.

When inspecting the resulting myuser_1.0-r0.0_armv5e.ipk, I can see that there are a preinstall script in myuser_1.0-r0.0_armv5e.ipk/control.tar.gz/preinst that will create your user.

Anders
  • 8,541
  • 1
  • 27
  • 34
  • Can you share the code? I was doing like you told and it's solving the problem. B.t.w.: at the root line the "-s /bin/bash" parameter is missing and for the custom user "-u 1200" is not needed. – Stefan Jaritz May 19 '17 at 12:51