| Age | Commit message (Collapse) | Author |
|---|
|
A previous commit tried to add the --follow-symlinks option to
the perform_passwd_expire function in useradd_base.bbclass, however it used
a single -.
This is interpreted as --file=ollow-symlinks which results in...
sed: couldn't open file ollow-symlinks: No such file or directory
and...
ERROR: <image name>: passwd --expire operation did not succeed.
Fix by adding the missing -
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If /etc/passwd is a symlink, sed -i on same file will replace the
symlink with a new file. Prevent that by adding --follow-symlinks
option to sed
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
As stated in our top level license files, the license is MIT unless
otherwise stated. Add SPDX identifers accordingly. Replace older
license statementa with the standardised syntax. Also drop "All
Rights Reserved" expression as it isn't used now, doesn't mean anything
and is confusing.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Where there isn't a copyright statement, add one to make it explicit.
Also drop editor config lines where they were present.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the `passwd --expire`
command was run, so the password needs to be changed on initial login.
Example: EXTRA_USERS_PARAMS += " useradd ... USER; passwd-expire USER;"
Tested: on useradd accounts
When configured with Linux-PAM, console login prompts for and can
successfully change the password. OpenSSH server works. Dropbear
SSH server notes the password must be changed but does not offer a
password change dialog and rejects the login request.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the name of the last user being part of the group had a name that
was a prefix of the user being added, then perform_groupmems() would
treat it as if the user already existed in the list of users and not
add it.
Reported-by: Peter Henricsson <peter.henricsson@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
perform_groupdel() tries to delete a group irrespective if other
users have it as their primary group, thus the call to groupdel will
fail with the following error error:
groupdel: cannot remove the primary group of user '<user>'
Add a check to perform_groupdel() to determine if there are other
users and keep the group, printing a warning. This is called right
after a user is deleted to delete it's group. If the last user is
deleted, only then the group is also deleted.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously, if the gshadow file did not exist in the sysroot when
perform_groupmems() was run, it would be temporarily created and
removed again afterwards. This was supposedly due to groupmems failing
if it does not exist.
However, based on empirical testing and examination of the source code
for groupmems, it should not fail if the gshadow file does not exist
when groupmems is started. But it WILL fail if the file is removed
sometime after its existence has been check at the beginning of the
execution, but before it needs to be modified. And this is exactly
what the previous code in perform_groupmems() could cause if multiple
tasks simultaneously modified users or groups. It could cause any of
the useradd, groupadd and groupmems commands to fail as long as at
least one other recipe invoked perform_groupmems().
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Now, useradd dollar sign requires three prepending backslash characters to
avoid unintended expansion. It used to be just one prepending backslash
character before Krogoth. Restore that behaviour.
[YOCTO #10062]
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Option '-w 100' of flock is failsafe to finish if dead lock occurs. It
should be impossible to occur dead lock. And option '-w' is not
supported by busybox, so remove it.
[YOCTO #9371]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Many user/group operations will involve hashes which will include '$'
followed by a number or even possibly an env. variable name. Passing
$opts to flock requires that we take additional precautions to prevent
the unexpected expansion of these instances.
This was found by an image which used usermod operations to set the
password hash for root. The image could not be logged-in to and
examining /etc/shadow clearly showed that $0 and other $* variables
had been expanded unexpectedly. This change returnes the behavior to
what existed prior to commit 2ebf697b46c42cee8bfa6d2e6087397f8cce385c
[useradd_base.bbclass: replace retry logic with flock].
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When perform useradd during populate sysroot, it locks files passwd.lock
and group.lock at same time. And then it meets a dead lock issue
randomly.
Use flock to reslove it by using an universal lock directory for all the
user and group related operations.
[YOCTO #9022]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In c0da4270c76375a7a8cbcc09319fe4570ebbc5bd two bbwarn were changed to
bbnote for the case where an added user or group already exists. The
same should have been done for groupmems, groupdel and userdel as well
since the warnings that are currently generated are superflouous.
The two remaining similar bbwarn for groupmod and usermod are left as
is since there they actually make sense.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use bbnote rather than bbwarn when the user exists, otherwise we would
always get the warnings when rebuild the recipe or build with mulitlib,
everything is OK if the user exists, so it should not be a warning.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Print PN will help debug:
WARNING: openssh: user sshd already exists, not re-creating it
Which is better than:
WARNING: user sshd already exists, not re-creating it
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Mario Domenech Goulart <mario@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, it would sleep 1 second when fail to add the user, this maybe
not enough when we use the sstate cache, as my test shows below, nearly
all the useradd actions are doing in the same minute when mirror from
ssate cache, and it would fail when the load is high, I got these time
by adding strace before the useradd for debugging:
2014-03-31 14:48:22.978079781 +0800 /tmp/log/pulseaudio.4.c
2014-03-31 14:48:22.028079813 +0800 /tmp/log/pulseaudio.1.c
2014-03-31 14:48:21.949079816 +0800 /tmp/log/pulseaudio.3.c
2014-03-31 14:48:20.903079852 +0800 /tmp/log/pulseaudio.2.c
2014-03-31 14:48:20.006079883 +0800 /tmp/log/nfs-utils.9.c
2014-03-31 14:48:18.876079923 +0800 /tmp/log/xuser-account.9.c
2014-03-31 14:48:18.824079924 +0800 /tmp/log/pulseaudio.0.c
2014-03-31 14:48:17.826079959 +0800 /tmp/log/xuser-account.8.c
2014-03-31 14:48:17.766079961 +0800 /tmp/log/nfs-utils.8.c
2014-03-31 14:48:16.794079995 +0800 /tmp/log/xuser-account.7.c
2014-03-31 14:48:16.735079997 +0800 /tmp/log/nfs-utils.7.c
2014-03-31 14:48:14.719080066 +0800 /tmp/log/xuser-account.5.c
2014-03-31 14:48:14.677080068 +0800 /tmp/log/nfs-utils.5.c
2014-03-31 14:48:12.621080139 +0800 /tmp/log/nfs-utils.3.c
2014-03-31 14:48:11.589080175 +0800 /tmp/log/nfs-utils.2.c
2014-03-31 14:48:10.242080221 +0800 /tmp/log/builder.0.c
2014-03-31 14:48:09.523080246 +0800 /tmp/log/nfs-utils.0.c
2014-03-31 14:48:09.488080248 +0800 /tmp/log/openssh.0.c
2014-03-31 14:48:09.485080248 +0800 /tmp/log/rpcbind.1.c
2014-03-31 14:48:07.590080313 +0800 /tmp/log/rpcbind.0.c
2014-03-31 14:28:15.437121590 +0800 /tmp/log/avahi.0.c
2014-03-31 14:18:19.067142238 +0800 /tmp/log/dbus.0.c
The nfs-utils and xuser-account are failed to add the user.
The useradd command needs two locks, passwd.lock and group.lock, it may
get one, but can't get another one if we look into these .c files, sleep
1 second is not enough, it needs more seconds, the reason is that, if
succeed, it doesn't have any side effects, if failed, we need wait for
more seconds rather than make it more crowding.
I've tried to use "sleep 5", but it didn't make much better since they
would sleep and wake up nearly at the same time, I also tried to use
"sleep <RANDOM seconds between 1 and 10>", that didn't make much better
,either.
I think that a better ways is sleep more and more seconds (up to 10
seconds) when failed, this can't fix the problem that they may do the
actions at the same time, but the logic is: if it is not crowding, sleep
less time should be OK, otherwise sleep more and more time.
Here is the testing result which seems much better:
2014-04-03 14:09:56.605185284 +0800 dbus.0.c
2014-04-03 14:09:39.899185862 +0800 rpcbind.5.c
2014-04-03 14:09:38.400185914 +0800 distcc.4.c
2014-04-03 14:09:35.206186025 +0800 pulseaudio.1.c
2014-04-03 14:09:33.979186067 +0800 rpcbind.4.c
2014-04-03 14:09:33.364186089 +0800 pulseaudio.0.c
2014-04-03 14:09:33.360186089 +0800 distcc.3.c
2014-04-03 14:09:30.996186171 +0800 avahi-ui.0.c
2014-04-03 14:09:30.298186195 +0800 distcc.2.c
2014-04-03 14:09:29.905186208 +0800 rpcbind.3.c
2014-04-03 14:09:29.410186226 +0800 avahi-ui.2.c
2014-04-03 14:09:28.239186266 +0800 distcc.1.c
2014-04-03 14:09:27.298186299 +0800 xuser-account.0.c
2014-04-03 14:09:27.032186308 +0800 distcc.0.c
2014-04-03 14:09:26.836186315 +0800 rpcbind.2.c
2014-04-03 14:09:25.846186349 +0800 nfs-utils.1.c
2014-04-03 14:09:25.752186352 +0800 avahi-ui.1.c
2014-04-03 14:09:24.779186386 +0800 builder.0.c
2014-04-03 14:09:24.746186387 +0800 rpcbind.1.c
2014-04-03 14:09:23.916186416 +0800 openssh.1.c
2014-04-03 14:09:23.848186418 +0800 nfs-utils.0.c
2014-04-03 14:09:23.594186427 +0800 rpcbind.0.c
2014-04-03 14:09:22.609186461 +0800 ppp-dialin.0.c
2014-04-03 14:09:21.817186488 +0800 openssh.0.c
[YOCTO #6085]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Add a new base class, useradd_base.bbclass, which is mainly a
collection of basic functions for user/group settings.
The useradd_base.bbclass is intended to be inherited by useradd.bbclass
and the extrausers.bbclass to avoid code cuplication.
[YOCTO #4074]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
Adam Johnston
Joakim Tjernlund
Richard Purdie
Joseph Reynolds
Peter Kjellerstedt
Ioan-Adrian Ratiu
Maxin B. John
Kai Kang
Mark Asselstine
Robert Yang
Mario Domenech Goulart
Chen Qi