[elbe-devel] passwd and group files on a busybox system
Manuel Traut
manuel.traut at linutronix.de
Mon Nov 7 14:10:28 CET 2016
On 15:50 Sun 06 Nov , Ralf Schlatterbeck wrote:
> I'm currently developing an elbe image for a i.mx28 embedded arm
> platform. Elbe-Log is attached.
>
> My question(s):
> The group and passwd files installed by the base-passwd package never
> make it into /etc. So my current workaround installs static /etc/passwd
> and /etc/group files via the archive mechanism. This is a fragile
> solution. So far I've figured out that the group file misses the
> following lines:
>
> crontab:*:107:
> netdev:*:108:
> ntp:x:109:
> ssh:x:110:
>
> and /etc/passwd misses the following:
>
> ntp:x:104:109::/home/ntp:/usr/sbin/nologin
> sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
>
> With "missing" I mean that I have installed some packages that
> dynamically install new users and groups into the system. These should
> end up in the passwd and group files, especially since the uids and gids
> assigned depend on the installation order (or on additional packages
> being installed). I've reverse-engineered the lines above from the
> permissions/ownership of installed files in the resulting image.
>
> Note that I've started with a minimal busybox install and have added
> packages that I need on the target system. So I probably miss some
> package that makes the necessary magic for creating and correctly
> updating /etc/passwd and /etc/group work.
>
> So my guess is that creating the busybox links in finetuning is way too
> late to allow the usual debian install-magic to work. Any advice how to
> create these links earlier in the build process? Or should I install at
> least a shell (dash) to make this work? I don't want to install a
> full set of command-line tools due to space constraints.
>
> Any advice how I can at least obtain the uids/gids assigned by the debian
> package installer to create correct passwd/group files? Or better yet,
> make the necessary install-magic work to create these files correctly?
>
> Also note that I tried to convert to shadow passwords in finetuning by
> calling pwconv which only creates a .lock file and seems to die without
> an error message. Same when I call it later by hand.
>
> The passwd stanza in the target section in the xml file seems to do
> nothing (I guess this should generate the root password in /etc/passwd?)
> Is there a way to specify the *encrypted* password that should go into
> /etc/passwd? I really don't want to have a plaintext password in my
> version control system... (I guess I can do that with a sed script
> during finetuning but a built-in mechanism would be nicer)
>
> I'm attaching my .xml config *without* an added archive. The archive
> contains a install_bb.sh script (attached), an inittab for busybox and
> some config-files that are not relevant to the question at hand.
> I'll gladly provide a logfile on request.
imho, the following finetuning rule should give the expected result:
<b2t_cp path="/etc/passwd">/etc/passwd</b2t_cp>
This copies the passwd file from the 'full-blown' debootstraped RFS
(aka. buildenv or chroot) into your diet/tighten based RFS (aka target).
Regards,
Manuel
More information about the elbe-devel
mailing list