[poky] Default root password without 'debug-tweaks'?
Bryan Evenson
bevenson at melinkcorp.com
Thu Jul 25 05:28:29 PDT 2013
Paul,
>From looking at the patch series Chen Qi recently posted about the
EXTRA_USER_PARAMS, one could do the following in your local.conf:
require conf/distro/include/security_flags.inc
INHERIT += "extrausers"
EXTRA_USERS_PARAMS = "\
usermod -p 'encrypted_password' root; \
"
If I understand correctly, that should change the root password
to the listed encrypted password. But that still leaves the problem
of getting the encrypted root password. Changing the password on
the hardware and then viewing the encrypted password under
/etc/shadow is a little messy, but I'm at a loss for a better
solution that is guaranteed to work. You could use crypt or
mcrypt to encrypt a file containing the password in plaintext on
the host, but you have to know the encryption algorithm used on
the target filesystem.
If anyone knows of a better way to create the encrypted password
that would be used by the target, I'm open to suggestions.
Thanks,
Bryan
> -----Original Message-----
> From: Paul Eggleton [mailto:paul.eggleton at linux.intel.com]
> Sent: Thursday, July 25, 2013 8:01 AM
> To: Bryan Evenson
> Cc: poky at yoctoproject.org
> Subject: Re: [poky] Default root password without 'debug-tweaks'?
>
> On Thursday 25 July 2013 07:53:20 Bryan Evenson wrote:
> > Thank you for the explanation. And just earlier this morning, I
> found
> > this description of how to change the root password for an image:
> > http://bec-systems.com/site/967/setting-the-root-password-in-an-
> openem
> > bedded
> > -image.
> >
> > If this would be a suggested method of performing the task, I could
> > write a patch for the documentation to add the details about the root
> > account being locked and the suggested method for modifying the root
> > password. If you could point me to a good place to add this detail,
> > I'll send out a patch.
>
> Hmm, that method does seem a bit messy though. Ideally there would be a
> simple method available that didn't require you to boot the target
> system. Presumably it wouldn't be too hard to do it using tools on the
> host.
>
> Cheers,
> Paul
>
> --
>
> Paul Eggleton
> Intel Open Source Technology Centre
More information about the poky
mailing list