How to Autologin as a root(Superuser)
 

hi
i am using linux Fedora core 3.
is it possible to autologin as a root(super user)?
i am able to autologin as a non-root user .
now i want to autologin as a root.i know that some security problems will arise if we autologin as a root,but i will takecare.
when i start my PC it should not ask for me any user name and password ,it should automatically enter into system as a root ,it is called autologin for root.
i am able to autologin as a non-root(guest)user.but now i want root to be autologin.

thanks in advance
harsha

I don't believe there is and hope there will not be a way in the future...

KC

Think about what you are asking, why you are asking this, which operating system does this, why those distros that login as root -- are unsecure...


How hard is it to login as root?

I'm pretty sure GDM will do this, it has auto-login for standard users I can't see why you couldn't log in as root the same way. Doing so would be ******* stupid but that's your call.

* - excuse the language, but it's true

Man, I feel bad for this guy, but really, how else can you respond to the question.

Please read this...

http://howtos.linux.com/guides/solrh...ap5sec32.shtml

Hehe, you know what's funny?

Windows will not only let an Administrator account not have a password, but also auto-log you in without a password if you're an Admin user.

You know what? This is a valid technical question. And I would also like to know the answer. I can't possibly fathom that it's impossible with all the awesome flexibility of Linux.

He said he understood the security implications. There wasn't any need to denegrate him or the question.

It is valid to make sure he is aware of the security concerns, but none of you really know what his requirements are.

it may not be impossible, but it is stupid and because of that, it has been made very difficult by those who make login managers. I know no way to make GDM do it without altering the source code, and recompiling, this is so idiots who don't fully understand what they're doing can't pull it off, there might be some hidden argument you could put in the configuration to get it to work this way but I doubt it.

whatever his requirements.. he should find another way.

Well I have to say that I concur with the sentiment that this would be a
VERY BAD IDEA(and it might not be possible).

Having said that:

I would'nt think that you need to log in as root specifically, just someone with
higher privileges. Create a user who has the privileges that you need and use
that user.

Since you never said WHY you need to do this I don't know what your
trying to accomplish so that might not work for you.

Hope that helps.

Zack

I agree that it is a very bad idea to have the root autologin for any "production" system.

But there is a valid case for having a "test" system to have the ability to autologin with the root account.

Case in point, we have a test system which I do driver development. The system is not connected to any network and security is not an issue at all. If the system gets "comprimised" in any manner, we simply rebuild the system. It is much easier to do development under the root account since we have no need to security and the system is used only for development and testing. There are several test scripts which we have created to test out drivers and it would be of great use if we could modify the script to reboot the system into various kernels and run a validation script without having the user stand around waiting for the login prompt.

So back to the original question, even though we have clearly stated and discussed why this is a very bad idea, does anyone have a way for the root account to autologin?

How about this?
Instead of logging in as root, put yourself in the wheel group and set up
/etc/sudoers so you do not need a password.
Then write your test scripts to sudo the functions that require root access.
You get the password free access without munging the kernel or any other
standard software.
Doing this is still very dangerous but could make life easier on a driver developer.
I would never recommend this for a production system, but a driver development
system that can easily be recovered, heck why not, drivers will probably destroy
your system from time to time by themselves.

or better yet...

login in as root and execute the following:
passed -d
// deletes the need for a password for the root account

then edit /etc/inittab and add --autologin root to all the mingetty lines of the inittab, so your inittab would look something like this:

1:2345:respawn:/sbin/mingetty --autologin root tty1
2:2345:respawn:/sbin/mingetty --autologin root tty2
3:2345:respawn:/sbin/mingetty --autologin root tty3
4:2345:respawn:/sbin/mingetty --autologin root tty4
5:2345:respawn:/sbin/mingetty --autologin root tty5
6:2345:respawn:/sbin/mingetty --autologin root tty6

Reboot the system and your done. The system autologins into the root account.

But before that you make sure that mingetty supports --autologin option. If not then apply patch.

Here another solution if you want to automatically log into KDE (or anything that uses a Display Manager to control logins) as root. Took me a while find it so I thought I'd write it up here. The solutions so obvious when you think about it.

I'm writing an automated test environment that simultaneously tests many networked devices. Each device does a network boot into a NFS mounted Linux OS . Many of the low level tests require root access and some require access to an X Windows display. There may be a more elegant solution, but this works for me.

I'm using RHEL AS3, but I'm sure this would work for other Linux distro's

As mentioned above, delete the root password. Login in as root and execute the following:
passed -d

You cannot use the GDM as it doesn't allow automatic root logins. Use KDM instead by editing /etc/X11/prefdm( or whatever is invoked at the end of your inittab) and set:

preferred = kdm # This makes kdm the default display manager

Now configure KDM by editing /etc/kde/kdm/kdmrc and set the following values:

[X-:0-Core]
# Enable automatic login on this display. USE WITH EXTREME CARE! <== Very true, and I wouldn't do this on any normal system.
# Default is false
AutoLoginEnable=true
# The user to log in automatically. NEVER specify root! <== Hmmm ,I'll just have to ignore this
AutoLoginUser=root

Reboot the system and your done. The system does an automatic login to KDE as the root user.

Regards,
Chris Holman
Awltux.com

Now, if you would have explained the reason for this, I bet the solution would have came much easier. Hope its going well....

Thanks for the hint. If someone has a more elegant and secure solution, I'm all ears, but to be honest security isnt at the top of my list for this application(I know, shock horror, I need my head examined, poor disolusioned soul, I'll never make it as an admin, "add flame here" etc, etc, etc... :)

I may re-visit this in the future to fix the gaping security hole, but the devices run on a private network, used just for testing purposes and the OS is mounted via read-only NFS, so this quick and dirty solution is adequate for my needs.
Will probably be dropping KDE in the near future in favour of either a light weight window manager or a simple X session as my needs are very low tech and it would speed up the boot process.

LinuxQuestions is a great resource. However, I found the plethora of unhelpful, self-ingraciating flames a little off-putting. Is this what I should expect if I were to post a similarly loaded question in the future?

Regards,
Chris

You need to realize you're playing with fire here. This is a very touchy subject, as the security of people's systems is nearly sacred to them. This is the reason for the (albeit, misplaced) responses.

That said, you likely will not find a more elegant solution, as doing this has been made hard intentionally. The reason for this: it's a dumb idea (not flaming, this is the truth).

In my opinion, that's called trolling, and is looked down upon. Again, not flaming, just stating the obvious.

Come on guys... most of you have been around long enough to know the rules.

Bad language and condescending posts need not apply here at LQ.

I'm not going to close this thread, but I am going to keep an eye on it.

Keep it on topic and clean.

The way I do autologin most probably will work with root too:
My site > Computing > Linux > Configuration/Autologin

Yves.

I'm setting up a server on a private network, that will be firewalled, and I want to be able to access it remotely using vnc to login immediately after bootup. I had planned to have it auto login as root, thus running kde and krfb.
Now everyone moans on about how stupid it is to autologin as root, but appart from the obvious (ie you can do stuff as root via vnc or using the desktop) what are the security risk to being logged in as root, over and above not being logged in at all?

Let me put it this way... :rolleyes: ... as soon as you auto-login as root, enter the following command: This will utterly destroy every file in your system, saving you the trouble if either (a) accidentally doing it yourself, or (b) waiting until someone walks up to your system and does it for you.

:rolleyes: ... :rolleyes: ... :eek: ... :rolleyes: ... :rolleyes:

Linux has a strong, well-thought-out built-in security model... use it! This means that:

1. You should never "auto-login" as anyone at all.
2. But especially, you should never "auto-login" as root!

The twenty bezillion folks who are simultaneously screaming at you never to do such a thing ... :eek: ... know whereof they speak!

Incidentally, the same is true of modern Microsoft Windows: you do not walk around the system every day with your Wizard's staff.

When you connect via VNC, you should be presented with a login-prompt, not a live session. You should have to clear security before you can do anything. Don't set up the system any other way!

I'm affraid I'm just stating the obvious, but anyway: sundialsvcs, you're not adding anything to what has been already said by several posts.

A little warning is OK, especially in such a dangerous move. However, here's another never for all of you: Unless you ask, you never know why the question has been asked.

Example: I have a PC in my living room, that is acting as a "media center". Do you expect me to enter the password each time I switch it on, using the remote control? That would be absurd! So this PC is configured for autologin.

Yves.

Quite. I would also point out that logging in and entering 5 passwords before I get to su - then typing rm -fr /* is equally stupid and just as feasible.
I'm not a complete muppet and have been administering linux servers on networks for over 8 years now. I would never do this on a public server or a server on a DMZ, however this is not either. This is a file server for my use on my private network and any connections to it will already be inside my private network. In fact I'll probably have it setup so everythng IPSecs to everything else.
However, returning to my original question, apart from the obvious risks associated with being logged in as root (and the things I will therefore have access rights to do), is there any reason why I shouldn't have a machine sitting on my network with an X session running, that is permanently logged in as root? In addidtion to that, if my only means of accessing said machine is via a passworded vnc/krdc connection, are there any risks that I'm not aware of that I ought to be aware of?

The kdmrc solution works great. Thanks. As for those who are so worried about the sky falling - not using root *ever* is the biggest myth out there and I can see it continues to be so. On a single user system, not hooked to an internal network, only hooked to the internet through a firewall - like 95% of all computers are - there is not a damn thing wrong with running as root. What the heck do you think Microsoft and Apple have been doing for 10 years! I've been running as root since 1998 on my home computer; never had a problem - and more importantly, never will. Security breaches are caused by real holes not by the boogie-man. If there's no-one around to "break-in", then I don't need a password.
And as far as the old "rm -r *" example - you're the admin for crying out loud. When was the last time *anyone* accidently typed rm -r * ! If you can't trust yourself with that, you better lock yourself in a closet. ;-)

I must comment on this:
Mac (at least, in OSX) runs under a limited user and uses a program similar to 'sudo' to accomplish it's root tasks.
With Windows, the "constantly running as admin" policy is the biggest cause of all Windows' security problems, namely ActiveX.

Don't be over confident. There is always a first time for everything.

Hmmm,
Mac OSX hasn't been running for 10 years anywhere and isn't the problem. It's basically BSD with an Apple manufactured windows manager and isn't what npn was talking about.
Being over confident is a fair point, but I can't even think of a series of events that would make this a bad idea (obviously accepting that I might be lobotomised then type something utterly dumb, like rm -fr *, which I'm assuming isn't going to happen).
As I said I was asking for a security comparison between 3 courses of action, 1) the machine boots to a kdm login screen and sits there until I login, then I login as a me and leave the machine alone, and access it via kdc and a password, and su - whenever I do anything useful 2) ditto, but I login as root, so don't need the su - and finally 3) the machine automatically logs in as root when the machine boots up. Either way the machine spends most of its life (excluding, in 1 and 2, the time from boot to when I first need it) logged in as either root or a power user.
The question was 'is there a glaring reason why 1 is more safe than 2 or 3, which I'm missing'. I think the consensus is no.

I came a bit late to the party. Nonetheless, I use
a slightly modified rungetty to do this. For that
particular use case it works very well.

I am a bit displeased with the whole C language
and C stack - I know I know, it's the UNIX/Linux
way and C is fast but ... wow. I modified the rungetty
source, and while readable, this thing is SOOO ugly.

Both ruby and python spoiled me so much to not want
to have to use languages such as C, C++, Java etc..
again.

The variant I used was:

https://packages.debian.org/testing/admin/rungetty

I applied the patches and modified the default PATH
variable to suit my needs. But it is still quite
ugly ... simple though.

I also recommend to others to simply answer the
question. It is not up to you to decide what OTHERS
do or should not do. That was a reason why StackOverflow
became popular - people could get an answer to their
question.

Fourteen years is certainly a contender for "oldest necropost".
And I'd recommend thinking about why the OP got the answers they did, and why such a thing isn't good. Running as root should **ALWAYS** be discouraged, and the reasoning of "just answer the question" is flimsy. They got suggestions on how to do it, along with warnings as to WHY IT IS NOT A GOOD IDEA. Any newbies coming across this are likely to take this horrible advice, because it's 'easy'...."Hey! I don't have to type sudo..that's a pain! I can run EVERYTHING!" And they're right...until the day inevitably comes that they do something galatically stupid, and the nuke their whole system, I'm sure they love it.

Had they started out learning how to do things CORRECTLY, and why things work like they do, they wouldn't have been ABLE to nuke their systems, which is the entire purpose of asking folks who have experience what they would do. Someone asking what's the best way to mix a molotov cocktail needs a "Why, and you know that's dangerous right?" versus "Just mix these" answer.