[OE-core] [PATCH 2/3] image.bbclass: remove zap_root_password

ChenQi Qi.Chen at windriver.com
Wed Dec 11 03:19:51 UTC 2013 

On 12/10/2013 11:36 PM, Mark Hatle wrote:
> On 12/10/13, 6:15 AM, Paul Eggleton wrote:
>> Hi Qi,
>>
>> On Tuesday 10 December 2013 17:58:51 Qi.Chen at windriver.com wrote:
>>> From: Chen Qi <Qi.Chen at windriver.com>
>>>
>>> This function replaces the root password with '*' if 'debug-tweaks'
>>> is not in IMAGE_FEATURES. As a result, if we don't have 'debug-tweaks',
>>> we would be locked out of the system. That means, if the user uses a
>>> bbappend file for base-passwd to set the root password, he would not be
>>> able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set
>>> the root password, he would still not be able to login as root.
>>>
>>> In a word, this function should be removed to make things work 
>>> correctly.
>>
>> Er, unless I'm missing something about what you're adding in the 
>> other patch,
>> you *cannot* simply remove this. The intentional design of the 
>> existing code
>> is that having "debug-tweaks" in IMAGE_FEATURES means that you can 
>> log in as
>> root with no password; but most importantly if "debug-tweaks" is not 
>> present
>> you cannot log in at all as root (in the absence of anything that 
>> sets the
>> root password, of course). Any changes must preserve this behaviour.
>
> I agree.  The default behavior on most systems should be absolutely no 
> way to directly login as root.  Instead logins should occur based on a 
> non-privileged user.  (The other patches in that set look good to me.)
>
> --Mark
>
>> Cheers,
>> Paul
>>
>

Mark & Paul,

Thanks for your explanation.

I think what we really want is to disallow *empty* root password if 
'debug-tweaks' is not in IMAGE_FEATRUES. And if the root password has 
already been set (via bbappend file or via EXTRA_USERS_PARAMS), we 
should not zap that password. Maybe the function should be 
zap_empty_root_password?

What do you think?

Best Regards,
Chen Qi

> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
>

More information about the Openembedded-core mailing list