Use debug-tweaks, allow-root-login to allow root.
root user account is enabled with proper privilege and group,
only if debug-tweaks or allow-root-login FEATURES is defined.
Note: This will not remove root user getting managed from
phosphor-user-manager, instead it will make sure, the privilege
and groups are empty for the root user.
Tested:
1. Verified the default build, which has debug-tweaks, allowing
root user to be with priv-admin, and enabled for all groups.
2. Verified by removing debug-tweaks from the local.conf, and
root user privilege & groups are empty.
(From meta-phosphor rev: b1b8251f4e5f19189057cdeb998cf119be1c27b8)
Change-Id: Iec2a0b1a9f84c27dd4947125903ce43f3a9c3c2c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass b/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass
new file mode 100644
index 0000000..3485661
--- /dev/null
+++ b/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass
@@ -0,0 +1,10 @@
+#
+# This function is intended to add root to corresponding groups if 'debug-tweaks' or 'allow-root-login' is in IMAGE_FEATURES.
+#
+update_root_user_groups () {
+ if [ -e ${IMAGE_ROOTFS}/etc/group ]; then
+ sed -i '/^\(ipmi\|web\|redfish\|priv-admin\):.*:.*:$/s/$/root/' ${IMAGE_ROOTFS}/etc/group
+ fi
+}
+# Add root user to the needed groups
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "update_root_user_groups; ", "", d)}'
diff --git a/meta-phosphor/conf/distro/include/phosphor-base.inc b/meta-phosphor/conf/distro/include/phosphor-base.inc
index 20fd216..7970fef 100644
--- a/meta-phosphor/conf/distro/include/phosphor-base.inc
+++ b/meta-phosphor/conf/distro/include/phosphor-base.inc
@@ -133,7 +133,7 @@
KERNEL_FEATURES_append = " phosphor-gpio-keys"
KERNEL_FEATURES_remove_qemuall = " phosphor-gpio-keys"
-IMAGE_CLASSES_append = " image_types_phosphor"
+IMAGE_CLASSES_append = " image_types_phosphor phosphor-rootfs-postcommands"
IMAGE_CLASSES_append_npcm7xx = " image_types_phosphor_nuvoton"
IMAGE_INSTALL_append = " dbus-broker"
diff --git a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb
index 396f978..e08b3b8 100644
--- a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb
+++ b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb
@@ -6,8 +6,6 @@
# add a user called httpd for the server to assume
USERADD_PARAM_${PN} = "-r -s /usr/sbin/nologin bmcweb"
GROUPADD_PARAM_${PN} = "web; redfish"
-# Add root user to web & redfish group
-GROUPMEMS_PARAM_${PN} = "-g web -a root; -g redfish -a root"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENCE;md5=a6a4edad4aed50f39a66d098d74b265b"
diff --git a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb
index f654d0c..e41da0b 100644
--- a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb
+++ b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb
@@ -54,8 +54,6 @@
USERADD_PACKAGES = "${PN}"
# add ipmi group
GROUPADD_PARAM_${PN} = "ipmi"
-# Add root user to ipmi group
-GROUPMEMS_PARAM_${PN} = "-g ipmi -a root"
SYSTEMD_SERVICE_${PN} += "xyz.openbmc_project.Ipmi.Internal.SoftPowerOff.service phosphor-ipmi-host.service"
diff --git a/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb b/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb
index dee81eb..4ccf0c3 100644
--- a/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb
+++ b/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb
@@ -26,9 +26,6 @@
GROUPADD_PARAM_${PN} = "priv-admin; priv-operator; priv-user; priv-callback "
GROUPADD_PARAM_phosphor-ldap = "priv-admin; priv-operator; priv-user; priv-callback "
-# Add root user to priv-admin group
-GROUPMEMS_PARAM_${PN} = "-g priv-admin -a root"
-
DBUS_SERVICE_${PN} += "xyz.openbmc_project.User.Manager.service"
FILES_phosphor-ldap += " \
${bindir}/phosphor-ldap-conf \