From 57bd61eabb5e6c7de5b47f78e4aeadac252f38f3 Mon Sep 17 00:00:00 2001
From: Scott Rifenbark <scott.m.rifenbark@intel.com>
Date: Thu, 29 May 2014 10:36:42 +0300
Subject: ref-manual: Edits to the "Making Images More Secure" section.

Fixes [YOCTO #5482]

I added some key references to the section on considerations
specific to the OpenEmbedded build system.  In particular, I
provided some cross-linking back to the extrausers.bbclass
section to reference an example of adding a user account.  I
also split out the topics of adding an extra user and setting
a password on the image in the bulleted list.

(From yocto-docs rev: 19dcd70b9b5aba1bd5e7ce090d5449afcef726bf)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../dev-manual/dev-manual-common-tasks.xml         | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'documentation/dev-manual/dev-manual-common-tasks.xml')

diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml
index d9fb9e2f4a..89437f7764 100644
--- a/documentation/dev-manual/dev-manual-common-tasks.xml
+++ b/documentation/dev-manual/dev-manual-common-tasks.xml
@@ -3967,16 +3967,26 @@
                         producing your final image.
                         Among other things, leaving this in place sets the
                         root password as blank.
-                    </para></listitem>
+                        </para></listitem>
+                    <listitem><para>
+                        It is possible to set a root password for the image.
+                        For information on how to do that, see the
+                        <ulink url='https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root_password'>How do I set or change the root password</ulink>
+                        Wiki page.
+                        </para></listitem>
                     <listitem><para>
-                        It is possible to set a root password or to add
-                        some additional user account for later administrative
-                        or service access using the
+                        It is possible to add an additional user account
+                        for later administrative or service access using the
                         <ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers</filename></ulink>
                         class or the
                         <ulink url='&YOCTO_DOCS_REF_URL;#var-ROOTFS_POSTPROCESS_COMMAND'><filename>ROOTFS_POSTPROCESS_COMMAND</filename></ulink>
                         variable.
-                        If you do this, be cautious about setting
+                        For an example on how to add users, see the
+                        "<ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers.bbclass</filename></ulink>"
+                        section.
+                        </para>
+                        <para>If you do add extra user accounts,
+                        be cautious about setting
                         the same password for every device.
                         If you want the device to remain secure
                         from unauthorized access, and the password set on
@@ -3985,7 +3995,7 @@
                         If you need this access but want to ensure security,
                         consider setting a different, random password for each
                         device.
-                    </para></listitem>
+                        </para></listitem>
                 </itemizedlist>
             </para>
         </section>
-- 
cgit v1.2.3-54-g00ecf