Tiny Core Linux
Tiny Core Base => TCB Talk => Topic started by: qopit on April 16, 2012, 08:23:35 AM
-
I feel silly asking this and expect it has a simple answer, but I can't find it...
Core defaults to automatically logging in as tc, with all associated sudo privileges. How do I set it to autologin as a new/different unprivileged user?
I thought that creating a basic user (eg: qopit) and adding 'user=qopit' to the boot codes might do it, but it seems that is just making 'tc' for someone who doesn't like 'tc' as the special user name for some reason. ie: I saw that it just creates another tc-like user, including automatic password changing at boot and an automatic addition to sudoers, leaving both of these in /etc/sudoers:
tc ALL=NOPASSWD: ALL
qopit ALL=NOPASSWD: ALL
I've tried deciphering rcS et all to figure out where tc is being configured as the login (since the inittab-referenced /sbin/autologin is autologin'ing as root, and not tc), but can't track it due to a lack of shell-script expertise (not for lack of trying).
Then I figured I would be fine having autologin for tc, as long as I could cripple sudoer privileges... but this seems dicy and this wiki page (http://wiki.tinycorelinux.net/wiki:security) confirms my fears by stating:
Do not remove or modify the root and tc user entries. Tiny Core will fail to operate correctly.
Can someone please embarrass me and give me the probable one-liner on how to achieve this? :) I really want autologin, but with a tightly controlled user.
-
If a remaster is acceptable, include your user there and edit inittab to autologin as that user.
-
I feared it might require a remaster. With inittab logging in as root I suppose I hoped that somewhere down the chain, and wherever the switch to tc happens, there was a configurable (and ".filetool.lst"able) file that could change that user.
I'll keep looking for the switch to tc. I've never done a remaster and would like to avoid it if at all possible, if only to minimize future upgrade pains when new images are released.
-
Actually, you're right there. The autologin happens after backup restore, so you can edit /root/.profile and it should just work.
(add your user manually and backup, rather than using the user= bootcode)
-
Curaga beat me to it!
Make sure to add the following to /opt/.filetool.lst:
root/.passwd
etc/passwd
etc/shadow
etc/group
etc/gshadow
-
Thanks curaga. I was circling that file, but I'm wary of the hackery level. I see two options, both of which I'm worried about future compatibility issues.
1. Customize /root/.profile and add to .filetool.lst
2. replacing /etc/sysconfig/tcuser with the user I want to boot into (/root/.profile uses this)
My problem with the first is that, if /root/.profile changes in a future Core release I'll need to be careful about checking it.
My problem with the second is that other utilities use /etc/susconfig/tcuser. A quick grep run shows me that, at least, tftpd uses it (but I don't use tftpd) and the user-specific .profile files (eg: /home/qopit/.profile) also use it in a BACKUP-related line I can't decipher as of yet.
Which is the lesser evil?
It would be nice if there were a root-privilege file or boot option that /root/.profile used instead of /etc/sysconfig/tcuser for the user to autologin into, but alas.
@gerald_clark
Thx... caught your post on submission. I already have those in my backup list (except for gshadow which I never have there or have heard of and will now look into!)
-
fwiw, the full list of files in Core4.4 that reference /etc/sysconfig/tcuser appears to be:
/home/tc/.profile:[ "`id -un`" = "`cat /etc/sysconfig/tcuser`" ] && echo "$BACKUP" | sudo tee /etc/sysconfig/backup >/dev/null
/etc/init.d/services/tftpd: [ "$USER" ] || USER="$(cat /etc/sysconfig/tcuser)" || USER="tc"
/etc/init.d/tc-config:echo "$USER" > /etc/sysconfig/tcuser
/usr/bin/fromISOfile:read USER < /etc/sysconfig/tcuser || exit 1
/usr/bin/tce-setup:read USER < /etc/sysconfig/tcuser
/root/.profile: TCUSER="$(cat /etc/sysconfig/tcuser)"
with that filtered list determined using sudo find / -xdev -type f -print0 | sudo xargs -0 grep -H "sysconfig/tcuser"
-
tcuser is used as the user who is allowed to install packages, so the one with sudo rights.
-
It turns out that overriding /etc/sysconfig/tcuser and adding it to .filetool.lst did not work anyway, so my second option was bogus (at least without further work). On boot I got prompted for a password with sudo's "we trust you have received the usual lecture" message rather than going straight to prompt. Leaving tcuser alone and changing /root/.profile directly doesn't do it, so there is something else happening somewhere that uses tcuser.
Verdict: I'm going with an overwrite of /root/.profile and taking good notes for future upgrades!
I can see this requirement being a big deal for booting TinyCore Core as an appliance, so if that is ever intended as one of TinyCore's aims, it might be a good/simple feature to add to make this less of a hack.
Thanks again for the help!
-
You forget that core is not a distribution, but a tool kit.
You have your hammer. Now you have to pound some of your own nails.
-
Speaking of hammering nails, I think I'm going to go with an even uglier hack that should be more immune to future TC changes.
What I've done is trampled over the /bin/login busybox link with this ugly passthrough/redirection:
AUTOLOGIN="username"
CALLERS_CALLER=`ps -o pid,ppid | grep "^[ ]*$PPID" | awk '{print $2}'`
#hack to get the last passed in parameter...
for LAST_PARAM; do true; done
TCUSER="$(cat /etc/sysconfig/tcuser)"
if [ $LAST_PARAM == $TCUSER ] && [ $CALLERS_CALLER == "1" ]
then
#init system is trying to log in tcuser. Override this with specified AUTOLOGIN...
/bin/busybox login -f $AUTOLOGIN
else
/bin/busybox login $*
fi
and added bin/login to .filetool.lst
Nasty, but it works and I'm happier (for the moment).
-
Actually, you're right there. The autologin happens after backup restore, so you can edit /root/.profile and it should just work.
(add your user manually and backup, rather than using the user= bootcode)
Thanks curaga. So the right way to do this is by changing /etc/sysconfig/tcuser content and replace it with other user right?
tc@box:~$ cat /root/.profile
#!/bin/sh
NOAUTOLOGIN=/etc/sysconfig/noautologin
if [ -f "$NOAUTOLOGIN" ]; then
if [ -s "$NOAUTOLOGIN" ]; then
> "$NOAUTOLOGIN"
exit
fi
else
if [ ! -f /etc/sysconfig/superuser ]; then
clear
TCUSER="$(cat /etc/sysconfig/tcuser)"
exec /bin/login -f "$TCUSER"
fi
fi
tc@box:~$
tc@box:~$ cat /etc/sysconfig/tcuser
tc
tc@box:~$
-
If you want a different name, use the user= bootcode. tcuser is the one with sudo privileges.