meta-phosphor: enable `allow-root-login`?
Johnathan Mantey
johnathanx.mantey at intel.com
Wed Jan 5 02:32:06 AEDT 2022
Patrick....
On 12/30/21 05:52, Patrick Williams wrote:
<snip>
>
> I am currently enabling this IMAGE_FEATURE in meta-facebook to avoid having this
> happen again. Is there any reason why we wouldn't want to enable it by default
> in meta-phosphor? There isn't really full support for non-root users in the
> base systems anyhow, so is there anyone that wouldn't want "allow-root-login"
> enabled by default?
Intel explicitly requires root login to be disabled for production
releases. Especially since the default password is a known quantity.
The Intel security audit group enforced blocking a default user for the
S2600 WF/BNP/STP series of servers. All user accounts are created using
local IPMI commands.
Intel will prefer the existing behavior remain.
>
> I'm fine leaving this in meta-facebook, but I'm trying to prevent someone else
> from having the same issue for what seems like a default case presently.
>
> 1. https://github.com/openbmc/openbmc/blob/master/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass#L10
>
--
Johnathan Mantey
Senior Software Engineer
*azad te**chnology partners*
Contributing to Technology Innovation since 1992
Phone: (503) 712-6764
Email: johnathanx.mantey at intel.com <mailto:johnathanx.mantey at intel.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220104/4bc6fee6/attachment-0001.sig>
More information about the openbmc
mailing list