FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to prevent non-root users from using su command?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

How to prevent non-root users from using su command?

Jump to solution
‎06-25-2024 03:30 AM
4,138 Views
TammyTsai
Contributor III

Hi NXP team,

I try to create a custom layer to change su permission.

The folder structure as shown below.

meta-custom/

├── conf

│      └── layer.conf

├── recipes-core

│      └── change-su-permissions

│              ├── change-su-permissions.bb

│              └── files

The content of change-su-permissions.bb is as follows.

 

 

 

SUMMARY = "Change permissions for su command"
LICENSE = "CLOSED"
PR = "r0"

do_install() {
    install -d ${D}${bindir}
    install -m 4750 ${WORKDIR}/rootfs/bin/su.shadow ${D}/bin/su.shadow
}

FILES_${PN} = "${bindir}/su"

 

The content of layer.conf is as follows.

 

# We have a conf and classes directory, add to BBPATH
BBPATH := "${BBPATH}:${LAYERDIR}"

# We have recipes-* directories, add to BBFILES
BBFILES := "${BBFILES} ${LAYERDIR}/recipes-*/*/*.bb ${LAYERDIR}/recipes-*/*/*.bbappend"

BBFILE_COLLECTIONS += "change-su-permissions"
BBFILE_PATTERN_change-su-permissions := "^${LAYERDIR}/"
BBFILE_PRIORITY_change-su-permissions = "6"

 

The custom layer is also included in build/conf/bblayers.conf file.

 

LCONF_VERSION = "7"

BBPATH = "${TOPDIR}"
BSPDIR := "${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)) + '/../..')}"

BBFILES ?= ""
BBLAYERS = " \
  ${BSPDIR}/sources/poky/meta \
  ${BSPDIR}/sources/poky/meta-poky \
  \
  ${BSPDIR}/sources/meta-openembedded/meta-oe \
  ${BSPDIR}/sources/meta-openembedded/meta-multimedia \
  \
  ${BSPDIR}/sources/meta-freescale \
  ${BSPDIR}/sources/meta-freescale-3rdparty \
  ${BSPDIR}/sources/meta-freescale-distro \
  ${BSPDIR}/sources/meta-example \
  ${BSPDIR}/sources/meta-adduser \
  ${BSPDIR}/sources/meta-custom \
"

# i.MX Yocto Project Release layers
BBLAYERS += " ${BSPDIR}/sources/meta-fsl-bsp-release/imx/meta-bsp "
BBLAYERS += " ${BSPDIR}/sources/meta-fsl-bsp-release/imx/meta-sdk "

BBLAYERS += " ${BSPDIR}/sources/meta-browser "
BBLAYERS += " ${BSPDIR}/sources/meta-openembedded/meta-gnome "
BBLAYERS += " ${BSPDIR}/sources/meta-openembedded/meta-networking "
BBLAYERS += " ${BSPDIR}/sources/meta-openembedded/meta-python "
BBLAYERS += " ${BSPDIR}/sources/meta-openembedded/meta-filesystems "
BBLAYERS += " ${BSPDIR}/sources/meta-qt5 "

 

Update build/conf/local.conf.

 

IMAGE_INSTALL_append = ' change-su-permissions'

 

Some errors occured while performing "bitbake core-image-base" to create image .

Please see the attached file "core-image-base_error_log.txt" for more details.

The log shows the path of su.shadow is not correct.

| DEBUG: Executing shell function do_install
| install: cannot stat '/home/west/yocto/build/tmp/work/cortexa7hf-neon-poky-linux-gnueabi/change-su-permissions/1.0-r0/rootfs/bin/su.shadow': No such file or directory

My su.shadow is in the directory "/home/west/yocto/build/tmp/work/imx6ulevk-poky-linux-gnueabi/core-image-base/1.0-r0/rootfs/bin".

I run the following command and find out the ${WORKDIR} variable.

$ bitbake -e core-image-base > build-env.txt

$ grep "^WORKDIR=" build-env.txt

WORKDIR="/home/west/yocto/build/tmp/work/imx6ulevk-poky-linux-gnueabi/core-image-base/1.0-r0"

Why the path in the error message is not match ${WORKDIR}/rootfs/bin/su.shadow in the change-su-permissions.bb?

How to solve this problem?

If the way of creating a custom layer can't change su permission, please help me how to achieve this requirement.

Thanks.

Labels (3)
Labels
Preview file
6 KB
0 Kudos
Reply
1 Solution

Jump to solution
‎07-03-2024 01:35 AM
3,898 Views
TammyTsai
Contributor III

I add the below snippet of code to do_install() in the path /source/poky/meta/recipes-extended/shadow/shadow.inc.

chmod 4750 ${D}${bindir}/su

No normal user can use “su” after the above modification.

View solution in original post

Reply
4 Replies

Jump to solution
‎07-03-2024 01:35 AM
3,899 Views
TammyTsai
Contributor III

I add the below snippet of code to do_install() in the path /source/poky/meta/recipes-extended/shadow/shadow.inc.

chmod 4750 ${D}${bindir}/su

No normal user can use “su” after the above modification.

Reply

Jump to solution
‎06-26-2024 01:48 AM
4,007 Views
TammyTsai
Contributor III

I can try the below commands to deny normal user su to root.

root@imx6ulevk:~# ls -l /bin/su*

lrwxrwxrwx 1 root root 14 Jun 21 18:47 /bin/su -> /bin/su.shadow
-rwsr-xr-x 1 root root 43628 May 6 2020 /bin/su.shadow

root@imx6ulevk:~# chmod 0750 /bin/su

root@imx6ulevk:~# ls -l /bin/su*

lrwxrwxrwx 1 root root 14 Jun 20 15:43 su -> /bin/su.shadow
-rwxr-x--- 1 root root 43628 May 6 2020 su.shadow

root@imx6ulevk:~#  su ap

ap@imx6ulevk:/bin$ su

-sh: su: Permission denied

I want to set the permission of su in the same way under core-image-base image instead of console mode.

 

0 Kudos
Reply

Jump to solution
‎06-25-2024 11:39 PM
4,051 Views
TammyTsai
Contributor III

Hello @Manuel_Salas ,

Thanks for your reply.

There is no /etc/sudoers file in my i.MX6UL project.

I can't use sudo but only su.

How to set the permission of su?

 

Best regards,

Tammy

 

0 Kudos
Reply

Jump to solution
‎06-25-2024 10:49 AM
4,109 Views
Manuel_Salas
NXP TechSupport
NXP TechSupport

Hello, 

You can look this post, there is explained how to add users and manage the privileges in a Yocto environment using layers.

 

Best regards,

--... ...--

Salas.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-1893586%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EHow%20to%20prevent%20non-root%20users%20from%20using%20su%20command%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1893586%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CSPAN%3EHi%20NXP%20team%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20try%20to%20create%20a%20custom%20layer%20to%20change%20su%20permission.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20folder%20structure%20as%20shown%20below.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3Emeta-%3CSPAN%20class%3D%22%22%3Ecustom%3C%2FSPAN%3E%2F%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%94%9C%E2%94%80%E2%94%80%20conf%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%94%82%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%E2%94%94%E2%94%80%E2%94%80%20layer.conf%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%94%9C%E2%94%80%E2%94%80%20recipes-core%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%94%82%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%E2%94%94%E2%94%80%E2%94%80%20change-su-permissions%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%94%82%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%E2%94%9C%E2%94%80%E2%94%80%20change-su-permissions.bb%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%E2%94%82%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%E2%94%94%E2%94%80%E2%94%80%20files%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20content%20of%20change-su-permissions.bb%20is%20as%20follows.%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CPRE%20class%3D%22lia-code-sample%20language-python%22%3E%3CCODE%3ESUMMARY%20%3D%20%22Change%20permissions%20for%20su%20command%22%0ALICENSE%20%3D%20%22CLOSED%22%0APR%20%3D%20%22r0%22%0A%0Ado_install()%20%7B%0A%20%20%20%20install%20-d%20%24%7BD%7D%24%7Bbindir%7D%0A%20%20%20%20install%20-m%204750%20%24%7BWORKDIR%7D%2Frootfs%2Fbin%2Fsu.shadow%20%24%7BD%7D%2Fbin%2Fsu.shadow%0A%7D%0A%0AFILES_%24%7BPN%7D%20%3D%20%22%24%7Bbindir%7D%2Fsu%22%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3EThe%20content%20of%26nbsp%3B%3CSPAN%3Elayer.conf%20is%20as%20follows.%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CPRE%20class%3D%22lia-code-sample%20language-python%22%3E%3CCODE%3E%23%20We%20have%20a%20conf%20and%20classes%20directory%2C%20add%20to%20BBPATH%0ABBPATH%20%3A%3D%20%22%24%7BBBPATH%7D%3A%24%7BLAYERDIR%7D%22%0A%0A%23%20We%20have%20recipes-*%20directories%2C%20add%20to%20BBFILES%0ABBFILES%20%3A%3D%20%22%24%7BBBFILES%7D%20%24%7BLAYERDIR%7D%2Frecipes-*%2F*%2F*.bb%20%24%7BLAYERDIR%7D%2Frecipes-*%2F*%2F*.bbappend%22%0A%0ABBFILE_COLLECTIONS%20%2B%3D%20%22change-su-permissions%22%0ABBFILE_PATTERN_change-su-permissions%20%3A%3D%20%22%5E%24%7BLAYERDIR%7D%2F%22%0ABBFILE_PRIORITY_change-su-permissions%20%3D%20%226%22%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3EThe%20custom%20layer%20is%20also%20included%20in%26nbsp%3B%3CSPAN%3Ebuild%2Fconf%2Fbblayers.conf%20file.%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CPRE%20class%3D%22lia-code-sample%20language-python%22%3E%3CCODE%3ELCONF_VERSION%20%3D%20%227%22%0A%0ABBPATH%20%3D%20%22%24%7BTOPDIR%7D%22%0ABSPDIR%20%3A%3D%20%22%24%7B%40os.path.abspath(os.path.dirname(d.getVar('FILE'%2C%20True))%20%2B%20'%2F..%2F..')%7D%22%0A%0ABBFILES%20%3F%3D%20%22%22%0ABBLAYERS%20%3D%20%22%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fpoky%2Fmeta%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fpoky%2Fmeta-poky%20%5C%0A%20%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-openembedded%2Fmeta-oe%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-openembedded%2Fmeta-multimedia%20%5C%0A%20%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-freescale%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-freescale-3rdparty%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-freescale-distro%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-example%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-adduser%20%5C%0A%20%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-custom%20%5C%0A%22%0A%0A%23%20i.MX%20Yocto%20Project%20Release%20layers%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-fsl-bsp-release%2Fimx%2Fmeta-bsp%20%22%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-fsl-bsp-release%2Fimx%2Fmeta-sdk%20%22%0A%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-browser%20%22%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-openembedded%2Fmeta-gnome%20%22%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-openembedded%2Fmeta-networking%20%22%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-openembedded%2Fmeta-python%20%22%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-openembedded%2Fmeta-filesystems%20%22%0ABBLAYERS%20%2B%3D%20%22%20%24%7BBSPDIR%7D%2Fsources%2Fmeta-qt5%20%22%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3E%3CSPAN%3EUpdate%20build%2Fconf%2Flocal.conf.%3C%2FSPAN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CPRE%20class%3D%22lia-code-sample%20language-python%22%3E%3CCODE%3EIMAGE_INSTALL_append%20%3D%20'%20change-su-permissions'%3C%2FCODE%3E%3C%2FPRE%3E%3CBR%20%2F%3E%3CP%3ESome%20errors%20occured%20while%20performing%20%22bitbake%20core-image-base%22%20to%20create%20image%20.%3C%2FP%3E%3CP%3EPlease%20see%20the%20attached%20file%20%22core-image-base_error_log.txt%22%20for%20more%20details.%3C%2FP%3E%3CP%3EThe%20log%20shows%20the%20path%20of%20su.shadow%20is%20not%20correct.%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%7C%20DEBUG%3A%20Executing%20shell%20function%20do_install%3CBR%20%2F%3E%7C%20install%3A%20%3CFONT%20color%3D%22%23FF0000%22%3Ecannot%20stat%20'%2Fhome%2Fwest%2Fyocto%2Fbuild%2Ftmp%2Fwork%2Fcortexa7hf-neon-poky-linux-gnueabi%2Fchange-su-permissions%2F1.0-r0%2Frootfs%2Fbin%2Fsu.shadow'%3A%20No%20such%20file%20or%20directory%3C%2FFONT%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EMy%20su.shadow%20is%20in%20the%20directory%20%22%2Fhome%2Fwest%2Fyocto%2Fbuild%2Ftmp%2Fwork%2Fimx6ulevk-poky-linux-gnueabi%2Fcore-image-base%2F1.0-r0%2Frootfs%2Fbin%22.%3C%2FP%3E%3CP%3EI%20run%20the%20following%20command%20and%20find%20out%20the%20%24%7BWORKDIR%7D%20variable.%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%24%20bitbake%20-e%20core-image-base%20%26gt%3B%20build-env.txt%3C%2FP%3E%3CP%3E%24%20grep%20%22%5EWORKDIR%3D%22%20build-env.txt%3C%2FP%3E%3CP%3EWORKDIR%3D%22%2Fhome%2Fwest%2Fyocto%2Fbuild%2Ftmp%2Fwork%2Fimx6ulevk-poky-linux-gnueabi%2Fcore-image-base%2F1.0-r0%22%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EWhy%20the%20path%20in%20the%20error%20message%20is%20not%20match%20%24%7BWORKDIR%7D%2Frootfs%2Fbin%2Fsu.shadow%20in%20the%26nbsp%3B%3CSPAN%3Echange-su-permissions.bb%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EHow%20to%20solve%20this%20problem%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20the%20way%20of%20creating%20a%20custom%20layer%20can't%20change%20su%20permission%2C%20please%20help%20me%20how%20to%20achieve%20this%20requirement.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1893586%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3Ei.MX6UL%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELinux%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EYocto%20Project%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1898182%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20How%20to%20prevent%20non-root%20users%20from%20using%20su%20command%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1898182%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20add%20the%20below%20snippet%20of%20code%20to%20do_install()%20in%20the%20path%26nbsp%3B%2Fsource%2Fpoky%2Fmeta%2Frecipes-extended%2Fshadow%2Fshadow.inc.%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3Echmod%204750%20%24%7BD%7D%24%7Bbindir%7D%2Fsu%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3ENo%20normal%20user%20can%20use%20%E2%80%9Csu%E2%80%9D%20after%20the%20above%20modification.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1894249%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20How%20to%20prevent%20non-root%20users%20from%20using%20su%20command%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1894249%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EI%20can%20try%20the%20below%20commands%20to%20deny%20normal%20user%20su%20to%20root.%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3Eroot%40imx6ulevk%3A~%23%26nbsp%3Bls%20-l%20%2Fbin%2Fsu*%3C%2FP%3E%3CP%3Elrwxrwxrwx%201%20root%20root%2014%20Jun%2021%2018%3A47%20%2Fbin%2Fsu%20-%26gt%3B%20%2Fbin%2Fsu.shadow%3CBR%20%2F%3E-rwsr-xr-x%201%20root%20root%2043628%20May%206%202020%20%2Fbin%2Fsu.shadow%3C%2FP%3E%3CP%3Eroot%40imx6ulevk%3A~%23%20chmod%200750%20%2Fbin%2Fsu%3C%2FP%3E%3CP%3Eroot%40imx6ulevk%3A~%23%26nbsp%3Bls%20-l%20%2Fbin%2Fsu*%3C%2FP%3E%3CP%3Elrwxrwxrwx%201%20root%20root%2014%20Jun%2020%2015%3A43%20su%20-%26gt%3B%20%2Fbin%2Fsu.shadow%3CBR%20%2F%3E-rwxr-x---%201%20root%20root%2043628%20May%206%202020%20su.shadow%3C%2FP%3E%3CP%3Eroot%40imx6ulevk%3A~%23%26nbsp%3B%26nbsp%3Bsu%20ap%3C%2FP%3E%3CP%3Eap%40imx6ulevk%3A%2Fbin%24%20su%3C%2FP%3E%3CP%3E-sh%3A%20su%3A%20Permission%20denied%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EI%20want%20to%20set%20the%20permission%20of%20su%20in%20the%20same%20way%20under%20core-image-base%20image%20instead%20of%20console%20mode.%3C%2FP%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1894083%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20How%20to%20prevent%20non-root%20users%20from%20using%20su%20command%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1894083%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F203368%22%20target%3D%22_blank%22%3E%40Manuel_Salas%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3EThanks%20for%20your%20reply.%3C%2FP%3E%3CP%3EThere%20is%20no%20%2Fetc%2Fsudoers%20file%20in%20my%20i.MX6UL%20project.%3C%2FP%3E%3CP%3EI%20can't%20use%20sudo%20but%20only%20su.%3C%2FP%3E%3CP%3EHow%20to%20set%20the%20permission%20of%20su%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3ETammy%3C%2FP%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1893823%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERe%3A%20How%20to%20prevent%20non-root%20users%20from%20using%20su%20command%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1893823%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20look%20%3CA%20href%3D%22https%3A%2F%2Fejaaskel.dev%2Fyocto-hardening-non-root-users-sudo-configuration-disabling-root%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ethis%20post%3C%2FA%3E%2C%20there%20is%20explained%20how%20to%20add%20users%20and%20manage%20the%20privileges%20in%20a%20Yocto%20environment%20using%20layers.%3C%2FP%3E%0A%3CBR%20%2F%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3E--...%20...--%3C%2FP%3E%0A%3CP%3ESalas.%3C%2FP%3E%3C%2FLINGO-BODY%3E