testsAndMisc/scripts/setup_passwordless_system.sh

339 lines
11 KiB
Bash
Executable File

#!/bin/bash
# Script to set up passwordless sudo and automatic login
# Configures lightdm for auto-login and sudo for passwordless access
# Handles sudo privileges automatically
set -e # Exit on any error
# Function to check and request sudo privileges
check_sudo() {
if [[ $EUID -ne 0 ]]; then
echo "This script requires sudo privileges to modify system configurations."
echo "Requesting sudo access..."
exec sudo "$0" "$@"
fi
}
# Check for sudo privileges first
check_sudo "$@"
echo "Passwordless System Setup"
echo "========================"
echo "Current Date: $(date)"
echo "User: $USER"
echo "Original user: ${SUDO_USER:-$USER}"
# Verify we have a valid user
if [[ -z "${SUDO_USER}" ]]; then
echo "Error: Could not determine the original user. Please run this script with sudo."
exit 1
fi
TARGET_USER="${SUDO_USER}"
echo "Target user for configuration: $TARGET_USER"
# Function to backup files
backup_file() {
local file="$1"
if [[ -f "$file" ]]; then
local backup="${file}.backup.$(date +%Y%m%d_%H%M%S)"
cp "$file" "$backup"
echo "✓ Backed up $file to $backup"
fi
}
# Function to configure passwordless sudo
configure_passwordless_sudo() {
echo ""
echo "1. Configuring Passwordless Sudo..."
echo "=================================="
local sudoers_file="/etc/sudoers.d/99-passwordless-${TARGET_USER}"
# Create sudoers configuration for passwordless access
cat > "$sudoers_file" << EOF
# Passwordless sudo configuration for user: ${TARGET_USER}
# Created by setup_passwordless_system.sh on $(date)
# WARNING: This allows the user to run any command without password
# Allow user to run all commands without password
${TARGET_USER} ALL=(ALL) NOPASSWD: ALL
# Ensure user can run sudo without TTY (useful for scripts)
Defaults:${TARGET_USER} !requiretty
# Keep environment variables for user convenience
Defaults:${TARGET_USER} env_keep += "HOME PATH DISPLAY XAUTHORITY"
EOF
# Set proper permissions for sudoers file
chmod 440 "$sudoers_file"
# Verify the sudoers file syntax
if visudo -c -f "$sudoers_file"; then
echo "✓ Passwordless sudo configured for user: $TARGET_USER"
echo "✓ Sudoers file created: $sudoers_file"
else
echo "✗ Error: Invalid sudoers syntax. Removing file for safety."
rm -f "$sudoers_file"
exit 1
fi
}
# Function to configure lightdm auto-login
configure_lightdm_autologin() {
echo ""
echo "2. Configuring LightDM Auto-Login..."
echo "==================================="
local lightdm_conf="/etc/lightdm/lightdm.conf"
local lightdm_conf_dir="/etc/lightdm/lightdm.conf.d"
local custom_conf="$lightdm_conf_dir/50-autologin.conf"
# Create lightdm config directory if it doesn't exist
mkdir -p "$lightdm_conf_dir"
# Backup existing lightdm configuration
backup_file "$lightdm_conf"
# Check if lightdm is installed
if ! command -v lightdm &> /dev/null; then
echo "Warning: LightDM not found. Installing lightdm..."
pacman -S --noconfirm lightdm lightdm-gtk-greeter
fi
# Method 1: Update the main lightdm.conf file directly
sed -i "/^#autologin-user=/c\autologin-user=${TARGET_USER}" "$lightdm_conf"
sed -i "/^#autologin-user-timeout=/c\autologin-user-timeout=0" "$lightdm_conf"
sed -i "/^#autologin-session=/c\autologin-session=i3" "$lightdm_conf"
sed -i "/^#autologin-in-background=/c\autologin-in-background=false" "$lightdm_conf"
# Also set user-session to i3 as fallback
sed -i "/^#user-session=/c\user-session=i3" "$lightdm_conf"
echo "✓ LightDM auto-login configured in main config file"
# Method 2: Also create the separate config file for redundancy
cat > "$custom_conf" << EOF
# LightDM Auto-Login Configuration
# Created by setup_passwordless_system.sh on $(date)
[Seat:*]
# Enable auto-login
autologin-user=${TARGET_USER}
autologin-user-timeout=0
autologin-session=i3
# Disable user switching and guest account
allow-user-switching=false
allow-guest=false
# Set session defaults
user-session=i3
greeter-session=lightdm-gtk-greeter
# Disable screen lock timeout during login
autologin-in-background=false
EOF
echo "✓ LightDM auto-login also configured in separate config file: $custom_conf"
# Enable lightdm service
systemctl enable lightdm.service
echo "✓ LightDM service enabled"
# Restart lightdm to apply changes
echo "Restarting LightDM to apply auto-login settings..."
systemctl restart lightdm.service
echo "✓ LightDM restarted"
}
# Function to configure i3 session
configure_i3_session() {
echo ""
echo "3. Configuring i3 Session..."
echo "==========================="
local xsessions_dir="/usr/share/xsessions"
local i3_desktop="$xsessions_dir/i3.desktop"
# Create xsessions directory if it doesn't exist
mkdir -p "$xsessions_dir"
# Check if i3.desktop exists, create if not
if [[ ! -f "$i3_desktop" ]]; then
cat > "$i3_desktop" << EOF
[Desktop Entry]
Name=i3
Comment=improved dynamic tiling window manager
Exec=i3
TryExec=i3
Type=Application
X-LightDM-DesktopName=i3
DesktopNames=i3
Keywords=tiling;wm;windowmanager;window;manager;
EOF
echo "✓ Created i3 desktop session file: $i3_desktop"
else
echo "✓ i3 desktop session file already exists"
fi
# Ensure user has i3 config directory
local user_home="/home/${TARGET_USER}"
local i3_config_dir="$user_home/.config/i3"
if [[ ! -d "$i3_config_dir" ]]; then
sudo -u "$TARGET_USER" mkdir -p "$i3_config_dir"
echo "✓ Created i3 config directory for user: $TARGET_USER"
fi
}
# Function to configure additional auto-login settings
configure_additional_settings() {
echo ""
echo "4. Configuring Additional Settings..."
echo "===================================="
# Add user to autologin group if it exists
if getent group autologin &> /dev/null; then
usermod -a -G autologin "$TARGET_USER"
echo "✓ Added $TARGET_USER to autologin group"
else
# Create autologin group
groupadd -r autologin
usermod -a -G autologin "$TARGET_USER"
echo "✓ Created autologin group and added $TARGET_USER"
fi
# Configure pam for auto-login (if needed)
local pam_lightdm="/etc/pam.d/lightdm-autologin"
if [[ ! -f "$pam_lightdm" ]]; then
cat > "$pam_lightdm" << EOF
#%PAM-1.0
# LightDM auto-login PAM configuration
# Created by setup_passwordless_system.sh on $(date)
auth required pam_unix.so nullok
auth optional pam_permit.so
auth optional pam_gnome_keyring.so
account include system-local-login
password include system-local-login
session include system-local-login
session optional pam_gnome_keyring.so auto_start
EOF
echo "✓ Created PAM configuration for auto-login"
fi
}
# Function to test configurations
test_configurations() {
echo ""
echo "5. Testing Configurations..."
echo "==========================="
# Test sudo configuration
echo "Testing passwordless sudo..."
if sudo -u "$TARGET_USER" sudo -n true 2>/dev/null; then
echo "✓ Passwordless sudo test passed"
else
echo "! Passwordless sudo test failed (may require logout/login)"
fi
# Test lightdm configuration
echo "Testing LightDM configuration..."
if lightdm --test-mode --debug 2>/dev/null | grep -q "seat"; then
echo "✓ LightDM configuration test passed"
else
echo "! LightDM configuration test completed (check logs if issues occur)"
fi
# Verify user is in autologin group
if groups "$TARGET_USER" | grep -q autologin; then
echo "✓ User is in autologin group"
else
echo "! User may not be in autologin group"
fi
}
# Function to show security warnings
show_security_warnings() {
echo ""
echo "⚠️ SECURITY WARNINGS ⚠️"
echo "========================"
echo ""
echo "The following security changes have been made:"
echo ""
echo "1. PASSWORDLESS SUDO:"
echo " • User '$TARGET_USER' can now run ANY command as root without password"
echo " • This includes system-critical operations and file modifications"
echo " • Malicious software running as this user can gain full system access"
echo ""
echo "2. AUTO-LOGIN:"
echo " • System automatically logs in user '$TARGET_USER' on boot"
echo " • No password required to access the desktop environment"
echo " • Physical access to the machine = full user access"
echo ""
echo "3. RECOMMENDATIONS:"
echo " • Use full disk encryption to protect against physical access"
echo " • Ensure the system is in a physically secure location"
echo " • Consider using this only on personal/development machines"
echo " • Regularly monitor system logs for unauthorized access"
echo " • Keep the system updated and use a firewall"
echo ""
echo "4. TO DISABLE THESE SETTINGS:"
echo " • Remove passwordless sudo: sudo rm /etc/sudoers.d/99-passwordless-${TARGET_USER}"
echo " • Disable auto-login: sudo rm /etc/lightdm/lightdm.conf.d/50-autologin.conf"
echo " • Restart LightDM: sudo systemctl restart lightdm"
echo ""
}
# Function to show final instructions
show_final_instructions() {
echo ""
echo "=========================================="
echo "Passwordless System Setup Complete"
echo "=========================================="
echo "Summary:"
echo "✓ Passwordless sudo configured for user: $TARGET_USER"
echo "✓ LightDM auto-login configured"
echo "✓ i3 session configured"
echo "✓ Additional auto-login settings applied"
echo ""
echo "Changes will take effect after:"
echo "• Logout/login for sudo changes"
echo "• System reboot for auto-login"
echo ""
echo "To verify after reboot:"
echo " sudo whoami # Should not ask for password"
echo " systemctl status lightdm # Should show auto-login active"
echo ""
echo "Configuration files created:"
echo " /etc/sudoers.d/99-passwordless-${TARGET_USER}"
echo " /etc/lightdm/lightdm.conf.d/50-autologin.conf"
echo " /etc/pam.d/lightdm-autologin"
echo ""
echo "IMPORTANT: Reboot recommended to activate all changes!"
}
# Main execution
configure_passwordless_sudo
configure_lightdm_autologin
configure_i3_session
configure_additional_settings
test_configurations
show_security_warnings
show_final_instructions
echo ""
echo "Would you like to reboot now to activate all changes?"
read -p "Reboot system now? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "Rebooting system in 5 seconds..."
sleep 5
reboot
else
echo "Remember to reboot when convenient to activate all changes."
fi