在Yocto项目中,为了满足需求添加了额外用户,但遇到认证失败的问题。通过查阅文档发现,问题源于启用的`debug-tweaks`功能允许空密码登录,导致用户可以无密码切换。解决方案是修改配置,正确设置用户密码,并注释掉`debug-tweaks`,重新构建系统镜像后,用户切换恢复正常。
背景:由于项目需求,需要在root用户之外,新增三权用户。由于安全相关功能尚未做好,所以提前以普通用户进行尝试。
查询原始的官方文档,其中有示例如下:
Here is an example that adds two users named “tester-jim” and “tester-sue” and assigns passwords:
inherit extrausers
EXTRA_USERS_PARAMS = "\
useradd -P tester01 tester-jim; \
useradd -P tester01 tester-sue; \
"
按照此例修改image的配置文件kylin-base.inc
inherit extrausers
EXTRA_USERS_PARAMS = "\
useradd -P 123123 test1; \
"
生成的镜像烧录到板子上之后,切换用户test1,报错认证失败。查看/etc/passwd和/etc/shadow文件中,均有kylin相关的字样,代表用户确实添加进去了,但是无法切换。
最终添加用户部分修改如下
inherit extrausers
EXTRA_USERS_PARAMS = "\
useradd test; \
usermod -P 123123 test; \ #注意-P参数的大小写,此处为大写字母P
"
同样将生成的镜像烧录到板子,能够成功切换用户test,但是发现不需要输入密码了。
查询发现在配置文件base.yml中存在这样的一段:
EXTRA_IMAGE_FEATURES = "debug-tweaks tools-debug"
查询yocto官网文档发现如下解释:
allow-empty-password: Allows Dropbear and OpenSSH to accept root logins and logins from accounts having an empty password string.
dbg-pkgs: Installs debug symbol packages for all packages installed in a given image.
debug-tweaks: Makes an image suitable for development (e.g. allows root logins without passwords and enables post-installation logging). See the ‘allow-empty-password’, ‘empty-root-password’, and ‘post-install-logging’ features in this list for additional information.
dev-pkgs: Installs development packages (headers and extra library links) for all packages installed in a given image.
doc-pkgs: Installs documentation packages for all packages installed in a given image.
empty-root-password: Sets the root password to an empty string, which allows logins with a blank password.
package-management: Installs package management tools and preserves the package manager database.
post-install-logging: Enables logging postinstall script runs to the /var/log/postinstall.log file on first boot of the image on the target system.
原来是因为添加了debug-tweaks这个features导致的,在base.yml中将debug-tweaks先注释掉,重新生成系统镜像,
1557
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
