testsAndMisc/linux_configuration/scripts/utils/setup_passwordless_system.sh

375 lines
11 KiB
Bash
Raw Normal View History

2025-07-06 16:53:27 +02:00
#!/bin/bash
# Script to set up passwordless sudo and automatic login
# Configures lightdm for auto-login and sudo for passwordless access
# Handles sudo privileges automatically
# Usage: ./setup_passwordless_system.sh [--reboot] [--logout]
# --reboot: Offer to reboot after setup completion
# --logout: Allow restart of LightDM (which will logout the user)
2025-07-06 16:53:27 +02:00
2025-11-01 15:36:22 +01:00
set -e # Exit on any error
2025-07-06 16:53:27 +02:00
# Check for flags
OFFER_REBOOT=false
ALLOW_LOGOUT=false
for arg in "$@"; do
2025-11-01 15:36:22 +01:00
case $arg in
--reboot)
OFFER_REBOOT=true
shift
;;
--logout)
ALLOW_LOGOUT=true
shift
;;
*)
# Unknown option, keep it for sudo check
;;
esac
done
2025-07-06 16:53:27 +02:00
# Function to check and request sudo privileges
check_sudo() {
2025-11-01 15:36:22 +01:00
if [[ $EUID -ne 0 ]]; then
echo "This script requires sudo privileges to modify system configurations."
echo "Requesting sudo access..."
exec sudo "$0" "$@"
fi
2025-07-06 16:53:27 +02:00
}
# Check for sudo privileges first
check_sudo "$@"
echo "Passwordless System Setup"
echo "========================"
echo "Current Date: $(date)"
echo "User: $USER"
echo "Original user: ${SUDO_USER:-$USER}"
# Verify we have a valid user
2025-11-01 15:36:22 +01:00
if [[ -z ${SUDO_USER} ]]; then
echo "Error: Could not determine the original user. Please run this script with sudo."
exit 1
2025-07-06 16:53:27 +02:00
fi
TARGET_USER="${SUDO_USER}"
echo "Target user for configuration: $TARGET_USER"
# Function to backup files
backup_file() {
2025-11-01 15:36:22 +01:00
local file="$1"
if [[ -f $file ]]; then
local backup timestamp
timestamp=$(date +%Y%m%d_%H%M%S)
backup="${file}.backup.$timestamp"
cp "$file" "$backup"
echo "✓ Backed up $file to $backup"
fi
2025-07-06 16:53:27 +02:00
}
# Function to configure passwordless sudo
configure_passwordless_sudo() {
2025-11-01 15:36:22 +01:00
echo ""
echo "1. Configuring Passwordless Sudo..."
echo "=================================="
local sudoers_file="/etc/sudoers.d/99-passwordless-${TARGET_USER}"
# Create sudoers configuration for passwordless access
cat > "$sudoers_file" << EOF
2025-07-06 16:53:27 +02:00
# Passwordless sudo configuration for user: ${TARGET_USER}
# Created by setup_passwordless_system.sh on $(date)
# WARNING: This allows the user to run any command without password
# Allow user to run all commands without password
${TARGET_USER} ALL=(ALL) NOPASSWD: ALL
# Ensure user can run sudo without TTY (useful for scripts)
Defaults:${TARGET_USER} !requiretty
# Keep environment variables for user convenience
Defaults:${TARGET_USER} env_keep += "HOME PATH DISPLAY XAUTHORITY"
EOF
2025-11-01 15:36:22 +01:00
# Set proper permissions for sudoers file
chmod 440 "$sudoers_file"
# Verify the sudoers file syntax
if visudo -c -f "$sudoers_file"; then
echo "✓ Passwordless sudo configured for user: $TARGET_USER"
echo "✓ Sudoers file created: $sudoers_file"
else
echo "✗ Error: Invalid sudoers syntax. Removing file for safety."
rm -f "$sudoers_file"
exit 1
fi
2025-07-06 16:53:27 +02:00
}
# Function to configure lightdm auto-login
configure_lightdm_autologin() {
2025-11-01 15:36:22 +01:00
echo ""
echo "2. Configuring LightDM Auto-Login..."
echo "==================================="
local lightdm_conf="/etc/lightdm/lightdm.conf"
local lightdm_conf_dir="/etc/lightdm/lightdm.conf.d"
local custom_conf="$lightdm_conf_dir/50-autologin.conf"
# Create lightdm config directory if it doesn't exist
mkdir -p "$lightdm_conf_dir"
# Backup existing lightdm configuration
backup_file "$lightdm_conf"
# Check if lightdm is installed
if ! command -v lightdm &> /dev/null; then
echo "Warning: LightDM not found. Installing lightdm..."
pacman -S --noconfirm lightdm lightdm-gtk-greeter
fi
# Method 1: Update the main lightdm.conf file directly
sed -i "/^#autologin-user=/c\autologin-user=${TARGET_USER}" "$lightdm_conf"
sed -i "/^#autologin-user-timeout=/c\autologin-user-timeout=0" "$lightdm_conf"
sed -i "/^#autologin-session=/c\autologin-session=i3" "$lightdm_conf"
sed -i "/^#autologin-in-background=/c\autologin-in-background=false" "$lightdm_conf"
# Also set user-session to i3 as fallback
sed -i "/^#user-session=/c\user-session=i3" "$lightdm_conf"
echo "✓ LightDM auto-login configured in main config file"
# Method 2: Also create the separate config file for redundancy
cat > "$custom_conf" << EOF
2025-07-06 16:53:27 +02:00
# LightDM Auto-Login Configuration
# Created by setup_passwordless_system.sh on $(date)
[Seat:*]
# Enable auto-login
autologin-user=${TARGET_USER}
autologin-user-timeout=0
autologin-session=i3
# Disable user switching and guest account
allow-user-switching=false
allow-guest=false
# Set session defaults
user-session=i3
greeter-session=lightdm-gtk-greeter
# Disable screen lock timeout during login
autologin-in-background=false
2025-07-06 16:53:27 +02:00
EOF
2025-11-01 15:36:22 +01:00
echo "✓ LightDM auto-login also configured in separate config file: $custom_conf"
# Enable lightdm service
systemctl enable lightdm.service
echo "✓ LightDM service enabled"
# Restart lightdm to apply changes only if --logout flag is provided
if [[ $ALLOW_LOGOUT == true ]]; then
echo "Restarting LightDM to apply auto-login settings..."
systemctl restart lightdm.service
echo "✓ LightDM restarted"
else
echo "✓ LightDM configuration complete (restart lightdm or reboot to activate auto-login)"
fi
2025-07-06 16:53:27 +02:00
}
# Function to configure i3 session
configure_i3_session() {
2025-11-01 15:36:22 +01:00
echo ""
echo "3. Configuring i3 Session..."
echo "==========================="
local xsessions_dir="/usr/share/xsessions"
local i3_desktop="$xsessions_dir/i3.desktop"
# Create xsessions directory if it doesn't exist
mkdir -p "$xsessions_dir"
# Check if i3.desktop exists, create if not
if [[ ! -f $i3_desktop ]]; then
cat > "$i3_desktop" << EOF
2025-07-06 16:53:27 +02:00
[Desktop Entry]
Name=i3
Comment=improved dynamic tiling window manager
Exec=i3
TryExec=i3
Type=Application
X-LightDM-DesktopName=i3
DesktopNames=i3
Keywords=tiling;wm;windowmanager;window;manager;
EOF
2025-11-01 15:36:22 +01:00
echo "✓ Created i3 desktop session file: $i3_desktop"
else
echo "✓ i3 desktop session file already exists"
fi
# Ensure user has i3 config directory
local user_home="/home/${TARGET_USER}"
local i3_config_dir="$user_home/.config/i3"
if [[ ! -d $i3_config_dir ]]; then
sudo -u "$TARGET_USER" mkdir -p "$i3_config_dir"
echo "✓ Created i3 config directory for user: $TARGET_USER"
fi
2025-07-06 16:53:27 +02:00
}
# Function to configure additional auto-login settings
configure_additional_settings() {
2025-11-01 15:36:22 +01:00
echo ""
echo "4. Configuring Additional Settings..."
echo "===================================="
# Add user to autologin group if it exists
if getent group autologin &> /dev/null; then
usermod -a -G autologin "$TARGET_USER"
echo "✓ Added $TARGET_USER to autologin group"
else
# Create autologin group
groupadd -r autologin
usermod -a -G autologin "$TARGET_USER"
echo "✓ Created autologin group and added $TARGET_USER"
fi
# Configure pam for auto-login (if needed)
local pam_lightdm="/etc/pam.d/lightdm-autologin"
if [[ ! -f $pam_lightdm ]]; then
cat > "$pam_lightdm" << EOF
2025-07-06 16:53:27 +02:00
#%PAM-1.0
# LightDM auto-login PAM configuration
# Created by setup_passwordless_system.sh on $(date)
auth required pam_unix.so nullok
auth optional pam_permit.so
auth optional pam_gnome_keyring.so
account include system-local-login
password include system-local-login
session include system-local-login
session optional pam_gnome_keyring.so auto_start
EOF
2025-11-01 15:36:22 +01:00
echo "✓ Created PAM configuration for auto-login"
fi
2025-07-06 16:53:27 +02:00
}
# Function to test configurations
test_configurations() {
2025-11-01 15:36:22 +01:00
echo ""
echo "5. Testing Configurations..."
echo "==========================="
# Test sudo configuration
echo "Testing passwordless sudo..."
if sudo -u "$TARGET_USER" sudo -n true 2> /dev/null; then
echo "✓ Passwordless sudo test passed"
else
echo "! Passwordless sudo test failed (may require logout/login)"
fi
# Test lightdm configuration
echo "Testing LightDM configuration..."
if lightdm --test-mode --debug 2> /dev/null | grep -q "seat"; then
echo "✓ LightDM configuration test passed"
else
echo "! LightDM configuration test completed (check logs if issues occur)"
fi
# Verify user is in autologin group
if groups "$TARGET_USER" | grep -q autologin; then
echo "✓ User is in autologin group"
else
echo "! User may not be in autologin group"
fi
2025-07-06 16:53:27 +02:00
}
# Function to show security warnings
show_security_warnings() {
2025-11-01 15:36:22 +01:00
echo ""
echo "⚠️ SECURITY WARNINGS ⚠️"
echo "========================"
echo ""
echo "The following security changes have been made:"
echo ""
echo "1. PASSWORDLESS SUDO:"
echo " • User '$TARGET_USER' can now run ANY command as root without password"
echo " • This includes system-critical operations and file modifications"
echo " • Malicious software running as this user can gain full system access"
echo ""
echo "2. AUTO-LOGIN:"
echo " • System automatically logs in user '$TARGET_USER' on boot"
echo " • No password required to access the desktop environment"
echo " • Physical access to the machine = full user access"
echo ""
echo "3. RECOMMENDATIONS:"
echo " • Use full disk encryption to protect against physical access"
echo " • Ensure the system is in a physically secure location"
echo " • Consider using this only on personal/development machines"
echo " • Regularly monitor system logs for unauthorized access"
echo " • Keep the system updated and use a firewall"
echo ""
echo "4. TO DISABLE THESE SETTINGS:"
echo " • Remove passwordless sudo: sudo rm /etc/sudoers.d/99-passwordless-${TARGET_USER}"
echo " • Disable auto-login: sudo rm /etc/lightdm/lightdm.conf.d/50-autologin.conf"
echo " • Restart LightDM: sudo systemctl restart lightdm"
echo ""
2025-07-06 16:53:27 +02:00
}
# Function to show final instructions
show_final_instructions() {
2025-11-01 15:36:22 +01:00
echo ""
echo "=========================================="
echo "Passwordless System Setup Complete"
echo "=========================================="
echo "Summary:"
echo "✓ Passwordless sudo configured for user: $TARGET_USER"
echo "✓ LightDM auto-login configured"
echo "✓ i3 session configured"
echo "✓ Additional auto-login settings applied"
echo ""
echo "Changes will take effect after:"
echo "• Logout/login for sudo changes"
echo "• System reboot for auto-login"
echo ""
echo "To verify after reboot:"
echo " sudo whoami # Should not ask for password"
echo " systemctl status lightdm # Should show auto-login active"
echo ""
echo "Configuration files created:"
echo " /etc/sudoers.d/99-passwordless-${TARGET_USER}"
echo " /etc/lightdm/lightdm.conf.d/50-autologin.conf"
echo " /etc/pam.d/lightdm-autologin"
echo ""
echo "IMPORTANT: Reboot recommended to activate all changes!"
2025-07-06 16:53:27 +02:00
}
# Main execution
configure_passwordless_sudo
configure_lightdm_autologin
configure_i3_session
configure_additional_settings
test_configurations
show_security_warnings
show_final_instructions
# Only offer reboot if --reboot flag was provided
2025-11-01 15:36:22 +01:00
if [[ $OFFER_REBOOT == true ]]; then
echo ""
echo "Would you like to reboot now to activate all changes?"
read -p "Reboot system now? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "Rebooting system in 5 seconds..."
sleep 5
reboot
else
2025-07-06 16:53:27 +02:00
echo "Remember to reboot when convenient to activate all changes."
2025-11-01 15:36:22 +01:00
fi
else
echo ""
echo "Setup completed successfully."
echo "Remember to reboot when convenient to activate all changes."
echo "To automatically prompt for reboot in the future, use: $0 --reboot"
2025-07-06 16:53:27 +02:00
fi