This is a suggestion to replace the management of sysusers.d in the build. sysusers.d is a set of configuration files to declare system users and groups supposed to be created at boot when they do not exist.
Until now, we have a rootfs post command that checks those configuration and creates missing users and groups. This command is defective when a home directory or a shell is specified. The actual parsing leads to incorrect commands such as: `useradd --shell /sbin/nologin --uid 0 --comment "Super User" /root --system root` Also, it appears there is more interest for a command that checks all required users are correctly created before the rootfs is done. Therefore, the first patch here replaces the command `systemd_create_users` by a command `systemd_sysusers_check` that every users/groups declared in sysusers.d configuration files already exist in `/etc/passwd` and `/etc/group` and check at best if the properties match. This reveals two misconfiguration: WARNING: memfault-image-1.0-r0 do_rootfs: User root has been defined as (root, 0, 0, root, /home/root, /bin/sh) but sysusers.d expects it as (root, 0, -, Super User, /root, -) WARNING: memfault-image-1.0-r0 do_rootfs: Group wheel has never been defined 1. As systemd supposes the rootfs should not be configurable, whereas it is possibl ein yocto through the variable ROOT_HOME,, a second patch suggests to replace the sysusers.d configuration file 'basic.conf' by ours. 2. The user wheel can be used for some superuser tasks such as consulting the systemd journal or manage printers in cups. It can also be used for su and sudo in replacement of the sudo group. It looks good to add this in the base-passwd files. It is not upstreamable as the debian point of view is that the wheel group is unset by default. Signed-off-by: Louis Rannou <[email protected]> --- Louis Rannou (3): rootfs-postcommands: change sysusers.d command systemd: replace the sysusers.d basic configuration base-passwd: add the wheel group meta/classes-recipe/rootfs-postcommands.bbclass | 133 +++++++++++++++++---- .../base-passwd/0007-Add-wheel-group.patch | 20 ++++ meta/recipes-core/base-passwd/base-passwd_3.6.1.bb | 1 + meta/recipes-core/systemd/systemd/basic.conf.in | 40 +++++++ meta/recipes-core/systemd/systemd_253.3.bb | 5 + 5 files changed, 175 insertions(+), 24 deletions(-) --- base-commit: 8078a62739f08e60de98e194b9cd987d8c5b2e7b change-id: 20230613-sysusersd-614778830079 Best regards, -- Louis Rannou <[email protected]>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182846): https://lists.openembedded.org/g/openembedded-core/message/182846 Mute This Topic: https://lists.openembedded.org/mt/99546756/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
