I thought this should be as straightforward as googling for a recipe. It turns out the instructions I found on the internet are just wrong and truly awful.
First, to configure auto-login on Debian running systemd the correct way, run
systemctl edit getty@tty1 and enter the following:
[Service] ExecStart= ExecStart=-/sbin/agetty --autologin USERNAME %I $TERMReplace USERNAME with your actual username. Here are the ways that this page got it wrong: on Debian, there is no
/usr/bin/agetty; it is found under /sbin/agetty. Also, the dangling I in the ExecStart line should have been %I which is the systemd expansion for the instance name. Baud rate should be omitted.If something goes wrong, just switch to tty2 with Alt-F2 (or Fn-Optoin-F2 on a Mac) and fix the problem. If you have a touch bar, configure it to always show function keys. Otherwise, rebooting with the Debian installer CD into rescue mode always works.
Now, to convince sudo to let me run commands without a password, run
visudo and make sure we swap the user and group specifications with an end result like this:# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # User privilege specification root ALL=(ALL:ALL) ALL myuser ALL=(ALL:ALL) NOPASSWD: ALLThe space between
NOPASSWD: and ALL is optional, and it works either way. What is tricky is that the statements below overrides the ones above. This is counter-intuitive as an access control list, which typically matches top-down. By default, the group specification appears below the user specification, so the group overrides the user, but that makes no sense. It makes more sense for the individual user setting to override the group one.I don't have a lot of high hopes for a man page that begins with a quick guide to EBNF.
New (2020/03/19): tell systemd to use sulogin --force when root account is locked. If a service fails to start during init, systemd would fallback into rescue mode by running sulogin, but sulogin would print this message, and systemd would enter an infinite loop.
Cannot open access to console, the root account is locked. See sulogin(8) man page for more details. Press Enter to continue.Unfortunately this is very common. Either a new kernel does not have the vboxsf module compiled for it (since the VirtualBox guest additions modules are not manage by DKMS), or a new VirtualBox version changed the protocol so the existing vboxsf module couldn't talk to the host.
The solution is to convince systemd to use sulogin --force. Run
systemctl edit rescue.service and enter the following:
[Service] Environment=SYSTEMD_SULOGIN_FORCE=1This should automatically drop down to root if something goes wrong.
