Use debug-tweaks, allow-root-login to allow root.
root user account is enabled with proper privilege and group,
only if debug-tweaks or allow-root-login FEATURES is defined.
Note: This will not remove root user getting managed from
phosphor-user-manager, instead it will make sure, the privilege
and groups are empty for the root user.
Tested:
1. Verified the default build, which has debug-tweaks, allowing
root user to be with priv-admin, and enabled for all groups.
2. Verified by removing debug-tweaks from the local.conf, and
root user privilege & groups are empty.
(From meta-phosphor rev: b1b8251f4e5f19189057cdeb998cf119be1c27b8)
Change-Id: Iec2a0b1a9f84c27dd4947125903ce43f3a9c3c2c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass b/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass
new file mode 100644
index 0000000..3485661
--- /dev/null
+++ b/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass
@@ -0,0 +1,10 @@
+#
+# This function is intended to add root to corresponding groups if 'debug-tweaks' or 'allow-root-login' is in IMAGE_FEATURES.
+#
+update_root_user_groups () {
+ if [ -e ${IMAGE_ROOTFS}/etc/group ]; then
+ sed -i '/^\(ipmi\|web\|redfish\|priv-admin\):.*:.*:$/s/$/root/' ${IMAGE_ROOTFS}/etc/group
+ fi
+}
+# Add root user to the needed groups
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "update_root_user_groups; ", "", d)}'