Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

phosphor-user-manager doesn't work properly after upgrade OpenBMC #3468

Closed
nest1ing opened this issue Jan 17, 2019 · 4 comments
Closed

phosphor-user-manager doesn't work properly after upgrade OpenBMC #3468

nest1ing opened this issue Jan 17, 2019 · 4 comments
Labels
stale

Comments

@nest1ing
Copy link
Contributor

Upgrade from an old version of the OpenBMC (where there were not groups like priv-*) to the latest one makes it impossible to authorize the root user in ipmi.

This issue happens on platforms which use the static filesystem layout (e.g. romulus, palmetto, vesnin).

It happens because the old /etc/group file is saved during the update and as a result, it doesn't contain new required groups.

The phosphor-user-manager doesn't work properly without these groups and the phosphor-host-ipmid is unable to authorize users.
@geissonator
Copy link
Contributor

Yeah, it's not forward compatible with a persistent file system. Either need to factory reset your system or run a script like this to get things updated:

#!/bin/bash -e

# Create groups if not available
for i in web ipmi redfish priv-admin priv-operator priv-user priv-callback; do
    if grep -q $i /etc/group; then
        echo "$i already exists"
    else
        echo "$i does not exist, add it"
        groupadd -f $i
    fi
done

# Root needs to be a member of these groups
for i in ipmi web redfish priv-admin; do
    if id -nG root | grep -q $i; then
        echo "root already in $i"
    else
        echo "root not in group $i, add it"
        usermod -a -G $i root
    fi
done

@nest1ing
Copy link
Contributor Author

nest1ing commented Jan 17, 2019
edited

It doesn't work for customers, because:

  • We can't modify the update procedure in the already installed version of the OpenBMC.
  • Customers may not have access to root-shell to run this script.

Factory reset is also undesirable.

However, we can put this script to the new firmware and run it at first boot, but this way doesn't look good and it will be hard to support.

Does anyone have another ideas?

@stale
Copy link

stale bot commented Jul 19, 2019

This issue has been automatically marked as stale because no activity has occurred in the last 6 months. It will be closed if no activity occurs in the next 30 days. If this issue should not be closed please add a comment. Thank you for your understanding and contributions.

@stale stale bot added the stale label Jul 19, 2019
@stale
Copy link

stale bot commented Aug 18, 2019

This issue has been closed because no activity has occurred in the last 7 months. Please reopen if this issue should not have been closed. Thank you for your contributions.

@stale stale bot closed this as completed Aug 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@geissonator @nest1ing