forked from openbmc/openbmc
-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Changes for new pre-defined usergroup hostconsole
The new pre-defined usergroup named "hostconsole" is added to differentiate access between host console and manager console. The only users allowed to interact with host console are part of the "hostconsole" group. This is a fixed is the github issue: openbmc/phosphor-user-manager#15 In commit https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50835 ssh was mapped to both ManagerConsole and HostConsole. The split is discussed in the commit https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50835?tab=comments Note: The changes are spread across multiple repositories listed under "Related commits:" The openbmc changes are as follows: - Removed a dependency on dropbear.default file. Added a new environment file dropbear.env for obmc-console. If we want to add port specific configuration then we can add dropbear.%i.env file. - The DROPBEAR_EXTRA_ARGS variable updated to include "-G hostconsole" flag. - New update script added to add new hostconsole group and also add all users part of the priv-admin group to this new group. - Similarly changes are made to add new group during install time and add root user in this group. Tested: Loaded on system and qemu eumulator. Made sure that the only user can ssh to host console are member of hostconsole group. Related commits: docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968 phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583 openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582 obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581 bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580 Change-Id: Icced48da188fb76828bf4ff5c705d6f1300ae3e7 Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
- Loading branch information
1 parent
3ff8085
commit 958c57c
Showing
6 changed files
with
56 additions
and
1 deletion.
There are no files selected for viewing
2 changes: 2 additions & 0 deletions
2
meta-phosphor/recipes-phosphor/console/obmc-console/dropbear.env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
DROPBEAR_EXTRA_ARGS=" -B -G hostconsole" | ||
DROPBEAR_RSAKEY_DIR=/etc/dropbear |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
meta-phosphor/recipes-phosphor/users/phosphor-user-manager/upgrade_hostconsole_group.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
#!/bin/sh | ||
# Purpose: Upgrade pre-release BMCs with items needed for hostconsole group | ||
# This can be removed when there is no longer a direct upgrade path for BMCs | ||
# which were installed with pre-release images. | ||
|
||
# Create groups if not already present | ||
if grep -wq hostconsole /etc/group; then | ||
echo "hostconsole group already exists" | ||
else | ||
echo "hostconsole group does not exist, add it" | ||
groupadd -f hostconsole | ||
fi | ||
|
||
# Add the root user to the groups | ||
if id -nG root | grep -wq hostconsole; then | ||
echo "root already in hostconsole" | ||
else | ||
echo "root not in group hostconsole, add it" | ||
usermod -a -G hostconsole root | ||
fi | ||
|
||
# Add all users in the priv-admin group to the | ||
# hostconsole group so that it will not break | ||
# exiting setup for any user. | ||
for usr in $(grep '^'priv-admin':.*$' /etc/group | cut -d: -f4 | tr ',' ' ') | ||
do | ||
# Add the usr to the hostconsole group | ||
if id -nG "$usr" | grep -wq hostconsole; then | ||
echo "$usr already in hostconsole" | ||
else | ||
echo "$usr not in group hostconsole, add it" | ||
usermod -a -G hostconsole "$usr" | ||
fi | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters