diff options
| author | Quentin Schulz <quentin.schulz@theobroma-systems.com> | 2022-04-22 15:13:15 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-25 15:14:09 +0100 |
| commit | 78874e0126f4ba3359f6ae17895390993e925801 (patch) | |
| tree | 0b51771e7c9ecffca144e74abce8dd6a0467d249 | |
| parent | 57e245dd09071d992461bd155709b5938de719e9 (diff) | |
| download | poky-78874e0126f4ba3359f6ae17895390993e925801.tar.gz | |
docs: ref-manual: variables: add hashed password example in EXTRA_USERS_PARAMS
Add examples for hashed hardcoded passwords from extrausers.bbclass so
that this feature is not hidden away.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: 5db73c7c5668144ed4629f95378e44f0bd8c8256)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | documentation/ref-manual/variables.rst | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 1bfa667786..f8808cc052 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst | |||
| @@ -2338,6 +2338,37 @@ system and gives an overview of their function and contents. | |||
| 2338 | # usermod -s /bin/sh tester; \ | 2338 | # usermod -s /bin/sh tester; \ |
| 2339 | # " | 2339 | # " |
| 2340 | 2340 | ||
| 2341 | Hardcoded passwords are supported via the ``-p`` parameters for | ||
| 2342 | ``useradd`` or ``usermod``, but only hashed. | ||
| 2343 | |||
| 2344 | Here is an example that adds two users named "tester-jim" and "tester-sue" and assigns | ||
| 2345 | passwords. First on host, create the (escaped) password hash:: | ||
| 2346 | |||
| 2347 | printf "%q" $(mkpasswd -m sha256crypt tester01) | ||
| 2348 | |||
| 2349 | The resulting hash is set to a variable and used in ``useradd`` command parameters:: | ||
| 2350 | |||
| 2351 | inherit extrausers | ||
| 2352 | PASSWD = "\$X\$ABC123\$A-Long-Hash" | ||
| 2353 | EXTRA_USERS_PARAMS = "\ | ||
| 2354 | useradd -p '${PASSWD}' tester-jim; \ | ||
| 2355 | useradd -p '${PASSWD}' tester-sue; \ | ||
| 2356 | " | ||
| 2357 | |||
| 2358 | Finally, here is an example that sets the root password:: | ||
| 2359 | |||
| 2360 | inherit extrausers | ||
| 2361 | EXTRA_USERS_PARAMS = "\ | ||
| 2362 | usermod -p '${PASSWD}' root; \ | ||
| 2363 | " | ||
| 2364 | |||
| 2365 | .. note:: | ||
| 2366 | |||
| 2367 | From a security perspective, hardcoding a default password is not | ||
| 2368 | generally a good idea or even legal in some jurisdictions. It is | ||
| 2369 | recommended that you do not do this if you are building a production | ||
| 2370 | image. | ||
| 2371 | |||
| 2341 | Additionally there is a special ``passwd-expire`` command that will | 2372 | Additionally there is a special ``passwd-expire`` command that will |
| 2342 | cause the password for a user to be expired and thus force changing it | 2373 | cause the password for a user to be expired and thus force changing it |
| 2343 | on first login, for example:: | 2374 | on first login, for example:: |