WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Autologin as unprivileged user?  (Read 1717 times)

Offline qopit

  • Newbie
  • *
  • Posts: 43
Autologin as unprivileged user?
« on: April 16, 2012, 07:23:35 AM »
I feel silly asking this and expect it has a simple answer, but I can't find it...

Core defaults to automatically logging in as tc, with all associated sudo privileges. How do I set it to autologin as a new/different unprivileged user?

I thought that creating a basic user (eg: qopit) and adding 'user=qopit' to the boot codes might do it, but it seems that is just making 'tc' for someone who doesn't like 'tc' as the special user name for some reason.  ie: I saw that it just creates another tc-like user, including automatic password changing at boot and an automatic addition to sudoers, leaving both of these in /etc/sudoers:

Code: [Select]
tc ALL=NOPASSWD: ALL
qopit ALL=NOPASSWD: ALL

I've tried deciphering rcS et all to figure out where tc is being configured as the login (since the inittab-referenced /sbin/autologin is autologin'ing as root, and not tc), but can't track it due to a lack of shell-script expertise (not for lack of trying).

Then I figured I would be fine having autologin for tc, as long as I could cripple sudoer privileges... but this seems dicy and this wiki page confirms my fears by stating:
Quote
Do not remove or modify the root and tc user entries. Tiny Core will fail to operate correctly.

Can someone please embarrass me and give me the probable one-liner on how to achieve this? :)  I really want autologin, but with a tightly controlled user.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 7978
Re: Autologin as unprivileged user?
« Reply #1 on: April 16, 2012, 07:30:02 AM »
If a remaster is acceptable, include your user there and edit inittab to autologin as that user.
The only barriers that can stop you are the ones you create yourself.

Offline qopit

  • Newbie
  • *
  • Posts: 43
Re: Autologin as unprivileged user?
« Reply #2 on: April 16, 2012, 07:37:24 AM »
I feared it might require a remaster.  With inittab logging in as root I suppose I hoped that somewhere down the chain, and wherever the switch to tc happens, there was a configurable (and ".filetool.lst"able) file that could change that user.

I'll keep looking for the switch to tc.  I've never done a remaster and would like to avoid it if at all possible, if only to minimize future upgrade pains when new images are released.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 7978
Re: Autologin as unprivileged user?
« Reply #3 on: April 16, 2012, 07:47:41 AM »
Actually, you're right there. The autologin happens after backup restore, so you can edit /root/.profile and it should just work.
(add your user manually and backup, rather than using the user= bootcode)
The only barriers that can stop you are the ones you create yourself.

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 3483
Re: Autologin as unprivileged user?
« Reply #4 on: April 16, 2012, 07:55:41 AM »
Curaga beat me to it!
Make sure to add the following to /opt/.filetool.lst:
root/.passwd
etc/passwd
etc/shadow
etc/group
etc/gshadow


Offline qopit

  • Newbie
  • *
  • Posts: 43
Re: Autologin as unprivileged user?
« Reply #5 on: April 16, 2012, 08:11:48 AM »
Thanks curaga.  I was circling that file, but I'm wary of the hackery level.  I see two options, both of which I'm worried about future compatibility issues.

1. Customize /root/.profile and add to .filetool.lst
2. replacing /etc/sysconfig/tcuser with the user I want to boot into (/root/.profile uses this)

My problem with the first is that, if /root/.profile changes in a future Core release I'll need to be careful about checking it.

My problem with the second is that other utilities use /etc/susconfig/tcuser.  A quick grep run shows me that, at least, tftpd uses it (but I don't use tftpd) and the user-specific .profile files (eg: /home/qopit/.profile) also use it in a BACKUP-related line I can't decipher as of yet.

Which is the lesser evil?

It would be nice if there were a root-privilege file or boot option that /root/.profile used instead of /etc/sysconfig/tcuser for the user to autologin into, but alas.

@gerald_clark
Thx... caught your post on submission.  I already have those in my backup list (except for gshadow which I never have there or have heard of and will now look into!)

Offline qopit

  • Newbie
  • *
  • Posts: 43
Re: Autologin as unprivileged user?
« Reply #6 on: April 16, 2012, 08:38:30 AM »
fwiw, the full list of files in Core4.4 that reference /etc/sysconfig/tcuser appears to be:

Code: [Select]
/home/tc/.profile:[ "`id -un`" = "`cat /etc/sysconfig/tcuser`" ] && echo "$BACKUP" | sudo tee /etc/sysconfig/backup >/dev/null
/etc/init.d/services/tftpd:                   [ "$USER" ] || USER="$(cat /etc/sysconfig/tcuser)" || USER="tc"
/etc/init.d/tc-config:echo "$USER" > /etc/sysconfig/tcuser
/usr/bin/fromISOfile:read USER < /etc/sysconfig/tcuser || exit 1
/usr/bin/tce-setup:read USER < /etc/sysconfig/tcuser
/root/.profile:  TCUSER="$(cat /etc/sysconfig/tcuser)"

with that filtered list determined using sudo find / -xdev -type f -print0 | sudo xargs -0 grep -H "sysconfig/tcuser"

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 7978
Re: Autologin as unprivileged user?
« Reply #7 on: April 16, 2012, 09:27:07 AM »
tcuser is used as the user who is allowed to install packages, so the one with sudo rights.
The only barriers that can stop you are the ones you create yourself.

Offline qopit

  • Newbie
  • *
  • Posts: 43
Re: Autologin as unprivileged user?
« Reply #8 on: April 16, 2012, 09:41:20 AM »
It turns out that overriding /etc/sysconfig/tcuser and adding it to .filetool.lst did not work anyway, so my second option was bogus (at least without further work).  On boot I got prompted for a password with sudo's "we trust you have received the usual lecture" message rather than going straight to prompt.  Leaving tcuser alone and changing /root/.profile directly doesn't do it, so there is something else happening somewhere that uses tcuser.

Verdict: I'm going with an overwrite of /root/.profile and taking good notes for future upgrades!

I can see this requirement being a big deal for booting TinyCore Core as an appliance, so if that is ever intended as one of TinyCore's aims, it might be a good/simple feature to add to make this less of a hack.

Thanks again for the help!

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 3483
Re: Autologin as unprivileged user?
« Reply #9 on: April 16, 2012, 11:07:15 AM »
You forget that core is not a distribution, but a tool kit.
You have your hammer.  Now you have to pound some of your own nails.

Offline qopit

  • Newbie
  • *
  • Posts: 43
Re: Autologin as unprivileged user?
« Reply #10 on: April 16, 2012, 11:35:42 AM »
Speaking of hammering nails, I think I'm going to go with an even uglier hack that should be more immune to future TC changes.

What I've done is trampled over the /bin/login busybox link with this ugly passthrough/redirection:

Code: [Select]
AUTOLOGIN="username"
CALLERS_CALLER=`ps -o pid,ppid | grep "^[ ]*$PPID" | awk '{print $2}'`
#hack to get the last passed in parameter...
for LAST_PARAM; do true; done
TCUSER="$(cat /etc/sysconfig/tcuser)"

if [ $LAST_PARAM == $TCUSER ] && [ $CALLERS_CALLER == "1" ]
then
  #init system is trying to log in tcuser.  Override this with specified AUTOLOGIN...
  /bin/busybox login -f $AUTOLOGIN
else
  /bin/busybox login $*
fi

and added bin/login to .filetool.lst

Nasty, but it works and I'm happier (for the moment).