i am trying to add a new user to login from instead of using root for security reasons the problem is i don’t know to which groups i should add my user to it’s not enable to execute anything no command no use of connection i want a use able to execute anything but dangerous commands
i tried to add it to bin,adm,staff,dialout … but still unable to use nmcli connect or even execute a simple command like usermod
Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello!
To add a new user on your Toradex system and ensure they have the necessary permissions to execute most commands, you can follow these steps:
-
Create the New User:
- Use the command
sudo adduser <username>
to create a new user.
- Use the command
-
Assign the User to Necessary Groups:
- For general command execution, consider adding the user to the following groups:
sudo
: This allows the user to execute commands with superuser privileges usingsudo
.dialout
: Necessary for serial port access, which might be required fornmcli
if it interacts with network hardware.netdev
: Often required for network management commands likenmcli
.adm
: Provides access to system logs, which can be useful for troubleshooting.
- For general command execution, consider adding the user to the following groups:
-
Add the User to Groups:
- Use the command
sudo usermod -aG <group1>,<group2>,<group3> <username>
to add the user to the necessary groups. For example:sudo usermod -aG sudo,dialout,netdev,adm <username>
- Use the command
-
Verify Group Memberships:
- After adding the user to the groups, verify the memberships with
groups <username>
.
- After adding the user to the groups, verify the memberships with
-
Test Command Execution:
- Log in as the new user and test executing commands like
nmcli
andusermod
to ensure they work as expected.
- Log in as the new user and test executing commands like
By following these steps, your new user should have the necessary permissions to execute most commands while maintaining a level of security by not using the root account directly. If certain commands still fail, check the specific group requirements for those commands and adjust the group memberships accordingly.
Best regards, Toradex AI Assistant.
Please, also check if these links can help you solve your problem:
Hello @rania,
A way to do this would be to create your own image on Yocto and customize the image to add the users with the appropriate permissions.
You can see the documentation on the extrausers
Yocto class here: 5 Classes — The Yocto Project ® 5.1.999 documentation
The following blog also goes over this subject: Yocto hardening: Non-root users, sudo configuration & disabling root - Esa Jaaskela
Best Regards,
Bruno
Yes I did that but still confused about the way of giving right permissions for exemple how to allow my user to use nmcli to connect to wifi for now he’s not authorized to do so
NB: don’t have netdev group
Hello @rania,
If you are using the NetworkManager, you could consider using its D-Bus API.
In general, you need to check which group is needed for the hardware you want to access.
This is not specific to Yocto or Toradex, but more general to Linux.
You can see on the following page how we do this for Torizon OS: Best Practices with Peripheral Access | Toradex Developer Center
Best Regards,
Bruno
Dear @rania,
Were you able to get this resolved?
Or do you need further support with this topic?
Best Regards,
Bruno Mello
yes i got it resolved by creating sudoer file in which i customized the commands and permissions
Perfect, thanks for the update.
Best Regards,
Bruno