default root password

Discussion:

David Andrey

2013-10-16 12:57:55 UTC

Hi,

There are lot of threads floating around, and a FAQ without answer.
https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root_p
assword

So what is the official way to set a default root password ?
Using a sed command on /etc/passwd through ROOTFS_POSTPROCESS_COMMAND or
is there any other built-in solution ?

regards
David

Diego Sueiro

2013-10-17 12:15:36 UTC

Permalink

Post by David Andrey
Hi,
There are lot of threads floating around, and a FAQ without answer.
https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root_p
assword
So what is the official way to set a default root password ?
Using a sed command on /etc/passwd through ROOTFS_POSTPROCESS_COMMAND or
is there any other built-in solution ?
regards
David

David,

Did you find another way to achieve this?

--
*dS
Diego Sueiro

/*long live rock 'n roll*/

Post by David Andrey
_______________________________________________
yocto mailing list
https://lists.yoctoproject.org/listinfo/yocto

Bryan Evenson

2013-10-17 13:23:10 UTC

Permalink

David,

I've had similar issues, and this is what I've done to get the root password set properly in my image. I am using poky/Dylan-9.0.1 for a starting point.

1. In my case, I want a root password that is longer than 8 characters. With poky/dylan, it is using tinylogin for password management which has an issue with passwords longer than 8 characters; it looks like it is using them, but it only pays attention to the first 8 characters. If you want to use a root password that is longer than 8 characters, there is a 10 patch series under poky/master submitted by Chen Qi on 2013-06-25. Cherry-pick these 10 patches and apply them to your local poky repository. Rebuild your image with "debug-tweaks" set in local.conf.
2. Boot up your newly built image with the default blank password (or some other password you know what it is). Then, change the root password using the passwd command. If you want a root password that is longer than 8 characters, use "passwd -m".
3. Look at the contents of /etc/shadow. Everything between the first two colons on root's line is its password. For example, if it looked like this:
root:$QAGQ$%Y#QTRAG%^J#$#QR$@:15924:0:99999:7:::
then $QAGQ$%Y#QTRAG%^J#$#QR$@ would be root's encrypted password. Copy that text.
4. Add the following to the end of your image recipe:

ROOTFS_POSTPROCESS_COMMAND += "\
sed 's%^root:[^:]*:%root:<encrypted_password_goes_here>:%' \
< ${IMAGE_ROOTFS}/etc/shadow \

${IMAGE_ROOTFS}/etc/shadow.new;\

mv ${IMAGE_ROOTFS}/etc/shadow.new ${IMAGE_ROOTFS}/etc/shadow ;"

and that will change root's password in your image.

I know there is the EXTRA_USER_PARAMS feature for adding users and modifying a user's password, but I couldn't get it to work for root. I tried adding:

INHERIT += "extrausers"
EXTRA_USERS_PARAMS = "\
usermod -p '<encrypted_password_goes_here>' root; \
"

and I would get errors when building the image. I can't remember the errors I got, but I couldn't get the build to complete when I tried to modify the root password in this manner. The other way worked so I went with that.

Hope that helps.

-Bryan Evenson

-----Original Message-----
Sent: Wednesday, October 16, 2013 8:58 AM
Subject: [yocto] default root password
Hi,
There are lot of threads floating around, and a FAQ without answer.
https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root_
p
assword
So what is the official way to set a default root password ?
Using a sed command on /etc/passwd through ROOTFS_POSTPROCESS_COMMAND
or is there any other built-in solution ?
regards
David
_______________________________________________
yocto mailing list
https://lists.yoctoproject.org/listinfo/yocto

Diego Sueiro

2013-10-17 13:29:19 UTC

Permalink

Post by Bryan Evenson
I know there is the EXTRA_USER_PARAMS feature for adding users and
modifying a user's password, but I couldn't get it to work for root. I
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = "\
usermod -p '<encrypted_password_goes_here>' root; \
"
and I would get errors when building the image. I can't remember the
errors I got, but I couldn't get the build to complete when I tried to
modify the root password in this manner. The other way worked so I went
with that.

Bryan,

I've tried that too.The issue raised for me was related to INHERIT +=
"extrausers", as soon as, it is not present on dylan branch.
So, I solved that with ROOTFS_POSTPROCESS_COMMAND strategy.

Regards,

--
*dS
Diego Sueiro

/*long live rock 'n roll*/

David Andrey

2013-10-18 07:14:30 UTC

Permalink

Hi Bryan,

Solved this using the ROOTFS_POSTPROCESS_COMMAND, but without the
patches series for > 8 characters password. Thanks for that input :-)

Using danny in this particular case.

Hope someone will update the FAQ !

Thanks
David

-----Original Message-----
From: Bryan Evenson [mailto:bevenson-***@public.gmane.org]
Sent: jeudi 17 octobre 2013 15:23
To: David Andrey; yocto-EtnWKYl6rD/WsZ/***@public.gmane.org
Subject: RE: default root password

David,

I've had similar issues, and this is what I've done to get the root
password set properly in my image. I am using poky/Dylan-9.0.1 for a
starting point.

1. In my case, I want a root password that is longer than 8 characters.
With poky/dylan, it is using tinylogin for password management which has
an issue with passwords longer than 8 characters; it looks like it is
using them, but it only pays attention to the first 8 characters. If
you want to use a root password that is longer than 8 characters, there
is a 10 patch series under poky/master submitted by Chen Qi on
2013-06-25. Cherry-pick these 10 patches and apply them to your local
poky repository. Rebuild your image with "debug-tweaks" set in
local.conf.
2. Boot up your newly built image with the default blank password (or
some other password you know what it is). Then, change the root
password using the passwd command. If you want a root password that is
longer than 8 characters, use "passwd -m".
3. Look at the contents of /etc/shadow. Everything between the first
two colons on root's line is its password. For example, if it looked
like this:
root:$QAGQ$%Y#QTRAG%^J#$#QR$@:15924:0:99999:7:::
then $QAGQ$%Y#QTRAG%^J#$#QR$@ would be root's encrypted password. Copy
that text.
4. Add the following to the end of your image recipe:

ROOTFS_POSTPROCESS_COMMAND += "\
sed 's%^root:[^:]*:%root:<encrypted_password_goes_here>:%' \
< ${IMAGE_ROOTFS}/etc/shadow \

${IMAGE_ROOTFS}/etc/shadow.new;\

mv ${IMAGE_ROOTFS}/etc/shadow.new ${IMAGE_ROOTFS}/etc/shadow ;"

and that will change root's password in your image.

I know there is the EXTRA_USER_PARAMS feature for adding users and
modifying a user's password, but I couldn't get it to work for root. I
tried adding:

INHERIT += "extrausers"
EXTRA_USERS_PARAMS = "\
usermod -p '<encrypted_password_goes_here>' root; \
"

and I would get errors when building the image. I can't remember the
errors I got, but I couldn't get the build to complete when I tried to
modify the root password in this manner. The other way worked so I went
with that.

Hope that helps.

-Bryan Evenson

-----Original Message-----
Sent: Wednesday, October 16, 2013 8:58 AM
Subject: [yocto] default root password
Hi,
There are lot of threads floating around, and a FAQ without answer.
https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root
_
p
assword
So what is the official way to set a default root password ?
Using a sed command on /etc/passwd through ROOTFS_POSTPROCESS_COMMAND
or is there any other built-in solution ?
regards
David
_______________________________________________
yocto mailing list
https://lists.yoctoproject.org/listinfo/yocto