Is it possible to create a root account through l4t_create_default_user.sh?

Hello,

My development environment looks like this:

  • NANO emmc devkit
  • Jetpack 4.6

I created a user account through l4t_create_default_user.sh. (eg nvidia/nvidia)
I want to delete the nvidia account and configure the system with only root account.
I ran the following, but the nvidia account was created.

Linux_for_Tegra/tools$ sudo ./l4t_create_default_user.sh -u root -p nvidia -a
[sudo] password for nvidia: 
Creating: Username - root, Password - nvidia, Autologin - true
useradd: user 'root' already exists

Is there a way to flash by configuring only the root account?

No support for this.

Not an answer, but something which might be useful…

Root is normally a locked account on Ubuntu. It is considered “insecure” to allow root direct login, although it is debatable how much that actually matters for local accounts. I have to agree that allowing remote login of root is probably insecure (if you allow remote login of root, then never ever allow it with plain password, you’d only ever even consider it by means of a strong ssh key with all password login denied).

This is not a Jetson topic, but really a Linux (and especially Ubuntu) topic. There are commands your admin user can use (via sudo, which is root without direct login) to first unlock root, and to set a password for root:

# Set a password for root:
sudo passwd root
# Unlock root:
sudo passwd -u root

At that point root is unlocked and has a password. That still does not allow remote login. Incidentally, if you wanted to reverse the above changes and lock root back out:

# "-d" deletes password, "-l" locks:
sudo passwd -d -l root

The topic of ssh keys is not difficult, but it is a separate topic. Unless you already know how to set keys for ssh key-based authentication, then don’t do what follows (and don’t do it even then if you don’t plan on key-based ssh remote root login). This would permit root to login on ssh and refers to edits in file “/etc/ssh/sshd_config”:

# Edit "PermitRootLogin" for either "yes" or commented out ("no") or "prohibit-password".
# Initially you might allow password in order to use convenient methods of setting up keys, but then you'd switch to "prohibit-password" to force only keys. End result edit in that file:
PermitRootLogin prohibit-password

The files updated for this will not be a simple list. You definitely want a non-root user first since there are commands which will refuse to run for root, and lots of software to install as non-root permissions. Root cannot even use sudo to fake being non-root unless such an account exists. However, assuming you have your non-root user as well, then typically the file list includes this to copy into your “rootfs/etc/” locations:

/etc/passwd
/etc/passwd-
/etc/gshadow
/etc/gshadow-
/etc/shadow
/etc/shadow-
/etc/ssh/sshd_config

I’m only listing things I remember, and have not tested this. Beware that if you really want to do this, then if done wrong, it could result in a non-bootable system or a system with odd failures. I recommend setting this up on a running system which has a non-root user to start with, testing, and then cloning (which also serves as a backup). Then you could try flashing again after copy of those files to the host’s “rootfs/etc/”. I won’t guarantee this will work without adjustments, but it should get you close.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.