From db6ca355bc6fbd5e259e3ac5efe844a43d993bad Mon Sep 17 00:00:00 2001
From: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Date: Mon, 26 Nov 2018 11:47:43 +1100
Subject: petitboot: Enable user separation

Turn on support for unprivileged user accounts in the Petitboot
environment, including setting up a basic non-root user and group.
The implementation also requires using the agetty package rather than
the busybox getty utility, calling the initial pb-console helper on
login rather than directly, and moving some shell init logic from
Petitboot and into a .shrc script.

If no root password is configured in NVRAM or at runtime then this has
no effect aside from some nicer shell behaviour. Once a password is
configured then most actions in Petitboot will require this password and
the shell runs as a normal user.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 openpower/overlay/etc/sudoers | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 openpower/overlay/etc/sudoers

(limited to 'openpower/overlay')

diff --git a/openpower/overlay/etc/sudoers b/openpower/overlay/etc/sudoers
new file mode 100644
index 00000000..fcaf196a
--- /dev/null
+++ b/openpower/overlay/etc/sudoers
@@ -0,0 +1,4 @@
+root ALL=(ALL) ALL
+%wheel ALL=(ALL) ALL
+Defaults targetpw
+Defaults timestamp_timeout=1
-- 
cgit v1.2.1