diff options
| author | Ninad Palsule <ninadpalsule@us.ibm.com> | 2023-03-09 19:20:38 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2023-04-21 16:55:15 +0300 |
| commit | 34d21443ea6ac906308b17bad9606896fff3aa98 (patch) | |
| tree | 1aff2c723199dd304de32875384afdc843f406b4 /meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb | |
| parent | a512e6ec0aa59a5efa87e63d371b7e988ef44ab5 (diff) | |
| download | openbmc-34d21443ea6ac906308b17bad9606896fff3aa98.tar.xz | |
Changes for new pre-defined usergroup hostconsole
The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group.
This is a fixed is the github issue:
https://github.com/openbmc/phosphor-user-manager/issues/15
In commit https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50835 ssh was
mapped to both ManagerConsole and HostConsole. The split is discussed
in the commit https://gerrit.openbmc.org/c/openbmc/bmcweb/+/50835?tab=comments
Note: The changes are spread across multiple repositories listed under
"Related commits:"
The openbmc changes are as follows:
- Removed a dependency on dropbear.default file. Added a new environment
file dropbear.env for obmc-console. If we want to add port specific
configuration then we can add dropbear.%i.env file.
- The DROPBEAR_EXTRA_ARGS variable updated to include "-G hostconsole"
flag.
- New update script added to add new hostconsole group and also add all
users part of the priv-admin group to this new group.
- Similarly changes are made to add new group during install time and
add root user in this group.
Tested:
Loaded on system and qemu eumulator. Made sure that the only user
can ssh to host console are member of hostconsole group.
Related commits:
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580
Change-Id: Icced48da188fb76828bf4ff5c705d6f1300ae3e7
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
Diffstat (limited to 'meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb')
| -rw-r--r-- | meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb index 897bf27542..c89d38b83b 100644 --- a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb +++ b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb @@ -48,5 +48,5 @@ USERADD_PACKAGES = "${PN}" # add a user called httpd for the server to assume USERADD_PARAM:${PN} = "-r -s /sbin/nologin bmcweb" -GROUPADD_PARAM:${PN} = "web; redfish" +GROUPADD_PARAM:${PN} = "web; redfish; hostconsole" FULL_OPTIMIZATION:append = " -Os" |