X11 auto login and disable users shell - tricky business
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
X11 auto login and disable users shell - tricky business
I set up an auto login to X by editing my /etc/inittab as follows:
Code:
x1:4:wait:/etc/rc.d/rc.xinit
then I created an rc.xinit wich contains this:
Code:
#!/bin/sh
startx -- -bpp 24 | su - webuser
This works like I want it to, but then I decided to disable the users shell since I would like them to never be able to enter in a command (I'm a horible person, I know).
I don't know of any "official" way to do this, so I gave this a shot:
Code:
usermod -s /dev/null webuser
But since I am essentially wrapping init 4 through the shell, this stops X11 from loading.
Does any one know of a better way to do either of these things so I can have my cake and eat it to?
thanks!
...drkstr
PS: sorry for any typos, it's a pain typing on this tiny keyboard.
**edit**
fixed the pretend | char with a real one now that I'm at a real keyboard
Um... how does that work? Piping startx through a command prompt?
You don't like my clumsy work around? I think it essentially does the same thing as your command, but I could be wrong.
Regardless, I will probably not be able to do this in any form if I am to disable the users shell. I was trying to avoid having to install KDM to use their built in auto login feature, but I guess I will have to give in to the bulk. Oh well, so goes life.
Actually, I tested my command on a Ubuntu VM I had laying around before posting it. It works with a user shell of /bin/false
Sweet, I'll give it a shot, thanks. I would have tested it myself but I broke the entire system a bit ago and have to rebuild it. When I get to the X part, I will use your method.
Quote:
I also tried your command. Opening a shell and typing "whoami" in X returned "root." I wasn't just scoffing
That's odd. I didn't try opening a shell, but my gui apps did not have root access. For instance, I could not browse /root in firefox but I could browse the users home. I know the xserver is always run as root, but this shouldn't cause an open shell to start off in root. Ugh, talk about security whole to the hundreth power. Kind of defeats the purpose of disabling the users shell when they get the root shell by default
Just wanted to let you know I finally got around to testing your method. You were right, it works much better then the one I came up with. However, I did have to add the PATH to the script on my system. Once I did that, everything worked just like you said it would.
Yep, that should do the trick. Also there is a comment in the inittab from PV (dunno if it is still accurate, probably is) about a 1% constant CPU usage if there are no VTs.
It would be a good idea to force a shutdown when X closes (edit startx), because there have been a couple exploits in the last year that can crash X.
It is possible to get the original code working with a fake shell, but piping it through sudo isn't going to make the program run with the permissions you tell sudo to run with...
You may be interested in my "autologin" page on my site (see below, as links to self-made site are forbiden...). It describes a simple method for autologging a given user. Then as you say, you can use /bin/false for the shell.
Yep, that should do the trick. Also there is a comment in the inittab from PV (dunno if it is still accurate, probably is) about a 1% constant CPU usage if there are no VTs.
I should be okay since the VT is still there, you just can't switch to it. At least I think that's what's going on. I'm sure there's some way to verify this when I get a chance.
Quote:
Originally Posted by Daga
It would be a good idea to force a shutdown when X closes (edit startx), because there have been a couple exploits in the last year that can crash X.
Hmm, exploits are no good. I'm hoping it will not be exploitable since the window manager is pretty limited in what the user can do. They can't even shut it down unless they know the correct key combination (which is bount to 'sudo init 0/6'. Wouldn't hurt to have a failsafe though. I briefly looked through the startx script and didn't see any "on shutdown" section, but I will try to read up on it a bit.
Quote:
Originally Posted by theYinYeti
You may be interested in my "autologin" page on my site (see below, as links to self-made site are forbiden...). It describes a simple method for autologging a given user. Then as you say, you can use /bin/false for the shell.
Interesting. This also seems like a good way to do it. I'll give it a try if the method I'm currently using stops working the way I want it to.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.