diff --git a/scripts/setup_passwordless_system.sh b/scripts/setup_passwordless_system.sh new file mode 100755 index 0000000..53c0df9 --- /dev/null +++ b/scripts/setup_passwordless_system.sh @@ -0,0 +1,323 @@ +#!/bin/bash +# Script to set up passwordless sudo and automatic login +# Configures lightdm for auto-login and sudo for passwordless access +# Handles sudo privileges automatically + +set -e # Exit on any error + +# Function to check and request sudo privileges +check_sudo() { + if [[ $EUID -ne 0 ]]; then + echo "This script requires sudo privileges to modify system configurations." + echo "Requesting sudo access..." + exec sudo "$0" "$@" + fi +} + +# Check for sudo privileges first +check_sudo "$@" + +echo "Passwordless System Setup" +echo "========================" +echo "Current Date: $(date)" +echo "User: $USER" +echo "Original user: ${SUDO_USER:-$USER}" + +# Verify we have a valid user +if [[ -z "${SUDO_USER}" ]]; then + echo "Error: Could not determine the original user. Please run this script with sudo." + exit 1 +fi + +TARGET_USER="${SUDO_USER}" +echo "Target user for configuration: $TARGET_USER" + +# Function to backup files +backup_file() { + local file="$1" + if [[ -f "$file" ]]; then + local backup="${file}.backup.$(date +%Y%m%d_%H%M%S)" + cp "$file" "$backup" + echo "✓ Backed up $file to $backup" + fi +} + +# Function to configure passwordless sudo +configure_passwordless_sudo() { + echo "" + echo "1. Configuring Passwordless Sudo..." + echo "==================================" + + local sudoers_file="/etc/sudoers.d/99-passwordless-${TARGET_USER}" + + # Create sudoers configuration for passwordless access + cat > "$sudoers_file" << EOF +# Passwordless sudo configuration for user: ${TARGET_USER} +# Created by setup_passwordless_system.sh on $(date) +# WARNING: This allows the user to run any command without password + +# Allow user to run all commands without password +${TARGET_USER} ALL=(ALL) NOPASSWD: ALL + +# Ensure user can run sudo without TTY (useful for scripts) +Defaults:${TARGET_USER} !requiretty + +# Keep environment variables for user convenience +Defaults:${TARGET_USER} env_keep += "HOME PATH DISPLAY XAUTHORITY" +EOF + + # Set proper permissions for sudoers file + chmod 440 "$sudoers_file" + + # Verify the sudoers file syntax + if visudo -c -f "$sudoers_file"; then + echo "✓ Passwordless sudo configured for user: $TARGET_USER" + echo "✓ Sudoers file created: $sudoers_file" + else + echo "✗ Error: Invalid sudoers syntax. Removing file for safety." + rm -f "$sudoers_file" + exit 1 + fi +} + +# Function to configure lightdm auto-login +configure_lightdm_autologin() { + echo "" + echo "2. Configuring LightDM Auto-Login..." + echo "===================================" + + local lightdm_conf="/etc/lightdm/lightdm.conf" + local lightdm_conf_dir="/etc/lightdm/lightdm.conf.d" + local custom_conf="$lightdm_conf_dir/50-autologin.conf" + + # Create lightdm config directory if it doesn't exist + mkdir -p "$lightdm_conf_dir" + + # Backup existing lightdm configuration + backup_file "$lightdm_conf" + + # Check if lightdm is installed + if ! command -v lightdm &> /dev/null; then + echo "Warning: LightDM not found. Installing lightdm..." + pacman -S --noconfirm lightdm lightdm-gtk-greeter + fi + + # Create auto-login configuration + cat > "$custom_conf" << EOF +# LightDM Auto-Login Configuration +# Created by setup_passwordless_system.sh on $(date) + +[Seat:*] +# Enable auto-login +autologin-user=${TARGET_USER} +autologin-user-timeout=0 +autologin-session=i3 + +# Disable user switching and guest account +allow-user-switching=false +allow-guest=false + +# Set session defaults +user-session=i3 +greeter-session=lightdm-gtk-greeter + +# Disable screen lock timeout during login +autologin-in-background=true +EOF + + echo "✓ LightDM auto-login configured for user: $TARGET_USER" + echo "✓ Configuration file created: $custom_conf" + + # Enable lightdm service + systemctl enable lightdm.service + echo "✓ LightDM service enabled" +} + +# Function to configure i3 session +configure_i3_session() { + echo "" + echo "3. Configuring i3 Session..." + echo "===========================" + + local xsessions_dir="/usr/share/xsessions" + local i3_desktop="$xsessions_dir/i3.desktop" + + # Create xsessions directory if it doesn't exist + mkdir -p "$xsessions_dir" + + # Check if i3.desktop exists, create if not + if [[ ! -f "$i3_desktop" ]]; then + cat > "$i3_desktop" << EOF +[Desktop Entry] +Name=i3 +Comment=improved dynamic tiling window manager +Exec=i3 +TryExec=i3 +Type=Application +X-LightDM-DesktopName=i3 +DesktopNames=i3 +Keywords=tiling;wm;windowmanager;window;manager; +EOF + echo "✓ Created i3 desktop session file: $i3_desktop" + else + echo "✓ i3 desktop session file already exists" + fi + + # Ensure user has i3 config directory + local user_home="/home/${TARGET_USER}" + local i3_config_dir="$user_home/.config/i3" + + if [[ ! -d "$i3_config_dir" ]]; then + sudo -u "$TARGET_USER" mkdir -p "$i3_config_dir" + echo "✓ Created i3 config directory for user: $TARGET_USER" + fi +} + +# Function to configure additional auto-login settings +configure_additional_settings() { + echo "" + echo "4. Configuring Additional Settings..." + echo "====================================" + + # Add user to autologin group if it exists + if getent group autologin &> /dev/null; then + usermod -a -G autologin "$TARGET_USER" + echo "✓ Added $TARGET_USER to autologin group" + else + # Create autologin group + groupadd -r autologin + usermod -a -G autologin "$TARGET_USER" + echo "✓ Created autologin group and added $TARGET_USER" + fi + + # Configure pam for auto-login (if needed) + local pam_lightdm="/etc/pam.d/lightdm-autologin" + if [[ ! -f "$pam_lightdm" ]]; then + cat > "$pam_lightdm" << EOF +#%PAM-1.0 +# LightDM auto-login PAM configuration +# Created by setup_passwordless_system.sh on $(date) + +auth required pam_unix.so nullok +auth optional pam_permit.so +auth optional pam_gnome_keyring.so +account include system-local-login +password include system-local-login +session include system-local-login +session optional pam_gnome_keyring.so auto_start +EOF + echo "✓ Created PAM configuration for auto-login" + fi +} + +# Function to test configurations +test_configurations() { + echo "" + echo "5. Testing Configurations..." + echo "===========================" + + # Test sudo configuration + echo "Testing passwordless sudo..." + if sudo -u "$TARGET_USER" sudo -n true 2>/dev/null; then + echo "✓ Passwordless sudo test passed" + else + echo "! Passwordless sudo test failed (may require logout/login)" + fi + + # Test lightdm configuration + echo "Testing LightDM configuration..." + if lightdm --test-mode --debug 2>/dev/null | grep -q "seat"; then + echo "✓ LightDM configuration test passed" + else + echo "! LightDM configuration test completed (check logs if issues occur)" + fi + + # Verify user is in autologin group + if groups "$TARGET_USER" | grep -q autologin; then + echo "✓ User is in autologin group" + else + echo "! User may not be in autologin group" + fi +} + +# Function to show security warnings +show_security_warnings() { + echo "" + echo "⚠️ SECURITY WARNINGS ⚠️" + echo "========================" + echo "" + echo "The following security changes have been made:" + echo "" + echo "1. PASSWORDLESS SUDO:" + echo " • User '$TARGET_USER' can now run ANY command as root without password" + echo " • This includes system-critical operations and file modifications" + echo " • Malicious software running as this user can gain full system access" + echo "" + echo "2. AUTO-LOGIN:" + echo " • System automatically logs in user '$TARGET_USER' on boot" + echo " • No password required to access the desktop environment" + echo " • Physical access to the machine = full user access" + echo "" + echo "3. RECOMMENDATIONS:" + echo " • Use full disk encryption to protect against physical access" + echo " • Ensure the system is in a physically secure location" + echo " • Consider using this only on personal/development machines" + echo " • Regularly monitor system logs for unauthorized access" + echo " • Keep the system updated and use a firewall" + echo "" + echo "4. TO DISABLE THESE SETTINGS:" + echo " • Remove passwordless sudo: sudo rm /etc/sudoers.d/99-passwordless-${TARGET_USER}" + echo " • Disable auto-login: sudo rm /etc/lightdm/lightdm.conf.d/50-autologin.conf" + echo " • Restart LightDM: sudo systemctl restart lightdm" + echo "" +} + +# Function to show final instructions +show_final_instructions() { + echo "" + echo "==========================================" + echo "Passwordless System Setup Complete" + echo "==========================================" + echo "Summary:" + echo "✓ Passwordless sudo configured for user: $TARGET_USER" + echo "✓ LightDM auto-login configured" + echo "✓ i3 session configured" + echo "✓ Additional auto-login settings applied" + echo "" + echo "Changes will take effect after:" + echo "• Logout/login for sudo changes" + echo "• System reboot for auto-login" + echo "" + echo "To verify after reboot:" + echo " sudo whoami # Should not ask for password" + echo " systemctl status lightdm # Should show auto-login active" + echo "" + echo "Configuration files created:" + echo " /etc/sudoers.d/99-passwordless-${TARGET_USER}" + echo " /etc/lightdm/lightdm.conf.d/50-autologin.conf" + echo " /etc/pam.d/lightdm-autologin" + echo "" + echo "IMPORTANT: Reboot recommended to activate all changes!" +} + +# Main execution +configure_passwordless_sudo +configure_lightdm_autologin +configure_i3_session +configure_additional_settings +test_configurations +show_security_warnings +show_final_instructions + +echo "" +echo "Would you like to reboot now to activate all changes?" +read -p "Reboot system now? (y/N): " -n 1 -r +echo + +if [[ $REPLY =~ ^[Yy]$ ]]; then + echo "Rebooting system in 5 seconds..." + sleep 5 + reboot +else + echo "Remember to reboot when convenient to activate all changes." +fi