diff options
author | Scott Rifenbark <scott.m.rifenbark@intel.com> | 2014-05-29 10:36:42 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-30 16:32:16 +0100 |
commit | 57bd61eabb5e6c7de5b47f78e4aeadac252f38f3 (patch) | |
tree | 315dcd642aea1ab2de1756f89c9ca66876aee8fe /documentation/dev-manual/dev-manual-common-tasks.xml | |
parent | bd5973e7875162e6d2dce5e29ff3e9bb8f0f6190 (diff) | |
download | openembedded-core-contrib-57bd61eabb5e6c7de5b47f78e4aeadac252f38f3.tar.gz |
ref-manual: Edits to the "Making Images More Secure" section.
Fixes [YOCTO #5482]
I added some key references to the section on considerations
specific to the OpenEmbedded build system. In particular, I
provided some cross-linking back to the extrausers.bbclass
section to reference an example of adding a user account. I
also split out the topics of adding an extra user and setting
a password on the image in the bulleted list.
(From yocto-docs rev: 19dcd70b9b5aba1bd5e7ce090d5449afcef726bf)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/dev-manual/dev-manual-common-tasks.xml')
-rw-r--r-- | documentation/dev-manual/dev-manual-common-tasks.xml | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml index d9fb9e2f4a..89437f7764 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.xml +++ b/documentation/dev-manual/dev-manual-common-tasks.xml @@ -3967,16 +3967,26 @@ producing your final image. Among other things, leaving this in place sets the root password as blank. - </para></listitem> + </para></listitem> + <listitem><para> + It is possible to set a root password for the image. + For information on how to do that, see the + <ulink url='https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root_password'>How do I set or change the root password</ulink> + Wiki page. + </para></listitem> <listitem><para> - It is possible to set a root password or to add - some additional user account for later administrative - or service access using the + It is possible to add an additional user account + for later administrative or service access using the <ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers</filename></ulink> class or the <ulink url='&YOCTO_DOCS_REF_URL;#var-ROOTFS_POSTPROCESS_COMMAND'><filename>ROOTFS_POSTPROCESS_COMMAND</filename></ulink> variable. - If you do this, be cautious about setting + For an example on how to add users, see the + "<ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers.bbclass</filename></ulink>" + section. + </para> + <para>If you do add extra user accounts, + be cautious about setting the same password for every device. If you want the device to remain secure from unauthorized access, and the password set on @@ -3985,7 +3995,7 @@ If you need this access but want to ensure security, consider setting a different, random password for each device. - </para></listitem> + </para></listitem> </itemizedlist> </para> </section> |