Add new user and group to Torizon minimal

Hello

I want to modify these files to add our own user and groups to our Torizon minimal build:

• torizon-static-passwd
• torizon-static-group

I tried adding them to our own meta layer as mentioned in this post, but so far I can’t see the changes on the device. We already have set a higher `BBFILE_PRIORITY` on our layer compared to meta-toradex-torizon.

1. Where should the files be copied? Under the folder `files` at the top-most path?
2. Is there some additional configuration required?

Kind Regards,
Ian

Hi, I’m the Toradex AI Assistant.

I might make mistakes or occasionally get you wrong. Our support team will step in if needed.

Hello Ian!

I’d be glad to help you add custom users and groups to your Torizon minimal build! To guide you properly, could you let me know which OS and version you are using? Also, please run the tdx-info command to get your hardware information - you can find details about this command at this link.

Understanding the Approach

For modifying system users and groups in Torizon, you have a couple of approaches:

Option 1: Using TorizonCore Builder (Recommended)

If you’re using TorizonCore Builder, you can customize your image using the filesystem customization approach(1)(2). This allows you to modify system files including passwd and group files through the configuration file approach.

Option 2: Yocto Meta Layer Approach

Based on the documentation about creating custom meta layers(3), when working with Yocto builds, you need to ensure proper file placement and recipe configuration.

For your meta layer structure, the files should typically be placed in a recipe-specific directory structure. The exact location depends on which recipe you’re appending to and how the original recipe references these files(3).

Key Considerations

1. File Placement: The location depends on your build system approach
2. Priority Settings: You mentioned setting BBFILE_PRIORITY correctly, which is good
3. Recipe Dependencies: Ensure your custom files are properly referenced in the recipe

Since the specific implementation varies significantly between TorizonCore Builder and direct Yocto approaches, and depends on your exact hardware platform and OS version, I need those details to provide the most accurate guidance.

Could you share:

• Your OS version (Torizon OS 6.x, 7.x, etc.)
• Your hardware setup (output from tdx-info)
• Whether you’re using TorizonCore Builder or direct Yocto builds

This will help me provide the exact steps for your specific setup.

Best regards, Toradex AI Assistant.

Did you like my answer?

If I answered your question, please tick the “Solution” checkbox.

For follow-up questions to me, please use @ToradexAI in your post.

Greetings @i.staehli,

The files that get used by static user IDs is dictated by these variables set in meta-toradex-torizon: meta-toradex-torizon/conf/distro/include/base-distro.inc at scarthgap-7.x.y · torizon/meta-toradex-torizon · GitHub

Now in theory, you can provide files with the same name in a different meta-layer with the same path. Making sure your versions of the files get priority though is a different matter.

These variables follow usual BBPATH logic, and you did mention that you set BBFILE_PRIORITY to be higher in your meta-layer. However, I believe BBFILE_PRIORITY only affects the priority of *.bb recipes. I don’t think it would affect the priority here. In this case I think it just goes in the order the layers are listed in BBPATH. I believe this order is dictated by the order the layers are listed in bblayers.conf.

So listing your meta-layer before meta-toradex-torizon could work to get your files priority. Alternatively, you could overwrite USERADD_UID_TABLES and USERADD_GID_TABLES to point to your files explicitly with different paths and names.

Best Regards,
Jeremias

Hi @jeremias.tx

I tried overwriting the `USERADD_UID_TABLES` and `USERADD_GID_TABLES` variables. According to `bitbake-getvar` they look correct:

pokyuser@0e09932e7f12:/workdir/build$ bitbake-getvar USERADD_UID_TABLES
NOTE: Starting bitbake server...
#
# $USERADD_UID_TABLES [3 operations]
#   set /workdir/layers/meta-toradex-torizon/conf/distro/include/base-distro.inc:58
#     "files/torizon-static-passwd"
#   set /workdir/layers/meta-scewo-imx8/conf/distro/include/scewo-go-torizon-common.inc:22
#     "files/scewo-static-passwd"
#   set /workdir/layers/openembedded-core/meta/conf/documentation.conf:461
#     [doc] "Specifies a password file to use for obtaining static user identification (uid) values when the OpenEmbedded build system adds a user to the system during package installation."
# pre-expansion value:
#   "files/scewo-static-passwd"
USERADD_UID_TABLES="files/scewo-static-passwd"

But I don’t see the changes applied on my device.

I also tried manually changing the `bblayers.conf` in my build folder, such that our layer (`meta-scewo-imx8`) is listed before `meta-toradex-torizon`. But also here I don’t see the changes applied on the device.

Do you have any more insights?

Kind Regards,
Ian

I just did a quick test on my side and it seems to work fine for me. What kind of changes exactly are you trying to apply to the static group/passwd files? And how are you confirming these are not being applied on the device?

As a reference I did the following in my test:

• Created custom meta-layer
• Created distro include file to set USERADD_UID_TABLES and USERADD_GID_TABLES
  • I used require in my local.conf to pull this distro include into the build.
• In my meta-layer I created new static passwd/group files based on the ones found in meta-toradex-torizon
• I created a new recipe in my meta-layer, to add a new user to the system. I used this pre-existing recipe here as a base: meta-toradex-torizon/recipes-core/torizon-users/torizon-users_1.0.bb at scarthgap-7.x.y · torizon/meta-toradex-torizon · GitHub
• I added this new user to the my custom static passwd/group files.

I did the build for torizon-docker as usual. I flashed my image and checked /usr/lib/group and usr/lib/passwd and I could see my changes:

test@verdin-imx8mp-06849059:~$ grep -r test /usr/lib/group
adm:x:4:test,torizon
dialout:x:20:test,torizon
sudo:x:27:test,torizon
audio:x:29:test,torizon
video:x:44:test,torizon
plugdev:x:46:test,torizon
gpio:x:49:test,torizon
i2cdev:x:51:test,torizon
spidev:x:52:test,torizon
pwm:x:54:test,torizon
users:x:100:test,torizon
input:x:101:test,torizon
test:x:1001:
test@verdin-imx8mp-06849059:~$ grep -r test /usr/lib/passwd
test:x:1001:1001::/home/test:/bin/sh

Please do note that we use nss-altfiles for managing the passwd and group files. This means the system reads both /etc and /usr/lib for the full configuration. The default configuration from Yocto is the one in /usr/lib. The one in /etc is generated by this function we have in Yocto: meta-toradex-torizon/recipes-images/images/torizon-base.inc at scarthgap-7.x.y · torizon/meta-toradex-torizon · GitHub

Notice we only grep lines containing torizon and only those lines get written to the passwd and group files seen in /etc. Though due to nss-altfiles both /etc and /usr/lib get considered as a whole so this is fine.

Best Regards,
Jeremias

Hi @jeremias.tx

I got it working now.

The main thing that I was missing is having a recipe that adds the user with the USERADD_PARAM command. My assumption was, that I could just write it into the torizon-static-passwd and that’s it.

I also had issues trying to add the torizon user to my custom group. What solved it was adding this to my recipe:

DEPENDS = "torizon-users"
RDEPENDS:${PN} += "torizon-users"

Thanks for your help.

The main thing that I was missing is having a recipe that adds the user with the USERADD_PARAM command. My assumption was, that I could just write it into the torizon-static-passwd and that’s it.

I see what happened. Yes the static passwd/group files are for defining users and groups that should already be present in the image due to other recipes. These files themselves don’t create any groups or recipes.

Otherwise, I’m glad I was able to help assist.

Best Regards,
Jeremias