Search:  
Gentoo Wiki

TIP_Passwordless_Login

This article is part of the Tips & Tricks series.
Terminals / Shells Network X Window System Portage System Filesystems Kernel Other

Contents

Passwordless Login

If you are the only person who uses your computer, you might want to set it up to start consoles with you automatically logged in at boot up. Additionally, you might also want to start X as your user after boot. This article tells you how to do this (without having to install kdm / gdm).

If someone had physical access to your computer, he would just take it away, instead of trying to login in and hack your passwords. Any sensitive information on your computer must be kept encrypted (using EncFS). All network services needs to be appropriately secured. A user with physical access to your computer would never require a password to login at boot time, or become root via su or sudo.

Warning: Apply this tip only if you know that only trusted will have physical access to the computer.


Passwordless Console logins

The following will make the virtual consoles at boot time password-less (i.e. will be the login shell of your user, without requiring you to authenticate it):

First create the file /root/bin/autologin:

File: /root/bin/autologin
#! /bin/bash
exec login -f <username>

Make it executible via

chmod a+x /root/bin/autologin

Next modify your /etc/inittab: Replace the line

File: /etc/inittab
c2:12345:respawn:/sbin/agetty 38400 tty2 linux

with:

File: /etc/inittab
np2:12345:respawn:/sbin/agetty -l /root/bin/autologin -n 38400 tty2 linux

This starts up one console on vt2 where the user (specified in /root/bin/autologin) is automatically logged in. If you would like more than one console automatically logged in, repeat the above replacement for lines c3 -- c6 as desired. (Don't forget to change 'np2' and 'tty2' to 'np3' and 'tty3' etc.).

Note: Once you logout of the console, it will restart (passwordless of course)! If you want a 'dead console' once you logout, then replace the respawn with once above. If you want anything fancier, you need to write a script.

If you have a xen instance or some other situation where you don't need a getty at all, and just want a shell on /dev/console, you can merely put the following line in your /etc/inittab instead of all the above stuff. I did this so I didn't have to share my root passwords with the hosting provider who logs in through the hypervisor also.

File: /etc/inittab
c1:12345:respawn:/bin/login -f root

Passwordless X logins (without kdm / gdm)

Display managers like GDM and KDM have a feature that enables you to log in a user automatically. However if you think gdm or kdm take up too much memory (especially if you want to use a twm / openbox / fluxbox / fvwm / lightweight session) you can avoid running a display manager as follows:

Edit /etc/conf.d/local.start and add the lines (replace <username> with your own username)

File: /etc/conf.d/local.start
# Start X as user if tty7 is free
if ! fuser /dev/tty7 >& /dev/null; then
    su - <username> -l -c 'exec startx -- vt7 >& ~/.xsession-errors' &
fi
Note: If you use tcsh, you should remove the -l flag.

If local is not part of your default runlevel, then add it. Also remove gdm,xdm,kdm from the default runlevel:

rc-update add local default
rc-update del xdm default
Warning: The next two tips could make your computer insecure. Use it at your own risk!

Running 'su' without typing your password

Once logged in, if you want to become root without typing the password every time, issue the following command as root (replace <username> with your own username):

echo <username> > /etc/security/suauth.nopass

Then edit /etc/pam.d/su and uncomment the line

File: /etc/pam.d/su
auth       sufficient   pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

Or, if you're not using pam and all it's complexity, just put NOPASSWD into /etc/sudoers as described in the comments.

Running 'sudo' without typing your password

In order to modify the /etc/sudoers file you need to use visudo. Run the program as root and then add the following line (replace <username> with your own username):

File: /etc/sudoers
<username> ALL=(ALL) NOPASSWD: ALL

Links

Gentoo forums' original post

Retrieved from "http://www.gentoo-wiki.info/TIP_Passwordless_Login"

Last modified: Fri, 05 Sep 2008 08:00:00 +0000 Hits: 5,273