TIP_Passwordless_Login
| Terminals / Shells • Network • X Window System • Portage • System • Filesystems • Kernel • Other |
Contents |
Passwordless Login
If you are the only person who uses your computer, you might want to set it up to start consoles with you automatically logged in at boot up. Additionally, you might also want to start X as your user after boot. This article tells you how to do this (without having to install kdm / gdm).
If someone had physical access to your computer, he would just take it away, instead of trying to login in and hack your passwords. Any sensitive information on your computer must be kept encrypted (using EncFS). All network services needs to be appropriately secured. A user with physical access to your computer would never require a password to login at boot time, or become root via su or sudo.
Passwordless Console logins
The following will make the virtual consoles at boot time password-less (i.e. will be the login shell of your user, without requiring you to authenticate it):
First create the file /root/bin/autologin:
| File: /root/bin/autologin |
#! /bin/bash exec login -f <username> |
Make it executible via
chmod a+x /root/bin/autologin
Next modify your /etc/inittab: Replace the line
| File: /etc/inittab |
c2:12345:respawn:/sbin/agetty 38400 tty2 linux |
with:
| File: /etc/inittab |
np2:12345:respawn:/sbin/agetty -l /root/bin/autologin -n 38400 tty2 linux |
This starts up one console on vt2 where the user (specified in /root/bin/autologin) is automatically logged in. If you would like more than one console automatically logged in, repeat the above replacement for lines c3 -- c6 as desired. (Don't forget to change 'np2' and 'tty2' to 'np3' and 'tty3' etc.).
If you have a xen instance or some other situation where you don't need a getty at all, and just want a shell on /dev/console, you can merely put the following line in your /etc/inittab instead of all the above stuff. I did this so I didn't have to share my root passwords with the hosting provider who logs in through the hypervisor also.
| File: /etc/inittab |
c1:12345:respawn:/bin/login -f root |
Passwordless X logins (without kdm / gdm)
Display managers like GDM and KDM have a feature that enables you to log in a user automatically. However if you think gdm or kdm take up too much memory (especially if you want to use a twm / openbox / fluxbox / fvwm / lightweight session) you can avoid running a display manager as follows:
Edit /etc/conf.d/local.start and add the lines (replace <username> with your own username)
| File: /etc/conf.d/local.start |
# Start X as user if tty7 is free
if ! fuser /dev/tty7 >& /dev/null; then
su - <username> -l -c 'exec startx -- vt7 >& ~/.xsession-errors' &
fi
|
If local is not part of your default runlevel, then add it. Also remove gdm,xdm,kdm from the default runlevel:
rc-update add local default rc-update del xdm default
Running 'su' without typing your password
Once logged in, if you want to become root without typing the password every time, issue the following command as root (replace <username> with your own username):
echo <username> > /etc/security/suauth.nopass
Then edit /etc/pam.d/su and uncomment the line
| File: /etc/pam.d/su |
auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass |
Or, if you're not using pam and all it's complexity, just put NOPASSWD into /etc/sudoers as described in the comments.
Running 'sudo' without typing your password
In order to modify the /etc/sudoers file you need to use visudo. Run the program as root and then add the following line (replace <username> with your own username):
| File: /etc/sudoers |
<username> ALL=(ALL) NOPASSWD: ALL |
Links
Created by NickStallman.net, His Dark Materials - The Golden Compass, Luxury Homes Australia Apartments Queensland Monopoly City Streets Forum