Wednesday, May 30, 2018

Passwordless Debian Login

I run Debian inside a VirtualBox VM and share my home folder on the host OS, and now I've decided that it's silly to have to enter my password inside the VM all the time. Mainly, I want to auto-login to the console tty, and also convince sudo to let me run commands without entering a password.

I thought this should be as straightforward as googling for a recipe. It turns out the instructions I found on the internet are just wrong and truly awful.

First, to configure auto-login on Debian running systemd the correct way, run systemctl edit getty@tty1 and enter the following:
ExecStart=-/sbin/agetty --autologin USERNAME %I $TERM
Replace USERNAME with your actual username. Here are the ways that this page got it wrong: on Debian, there is no /usr/bin/agetty; it is found under /sbin/agetty. Also, the dangling I in the ExecStart line should have been %I which is the systemd expansion for the instance name. Baud rate should be omitted.

If something goes wrong, just switch to tty2 with Alt-F2 (or Fn-Optoin-F2 on a Mac) and fix the problem. If you have a touch bar, configure it to always show function keys. Otherwise, rebooting with the Debian installer CD into rescue mode always works.

Now, to convince sudo to let me run commands without a password, run visudo and make sure we swap the user and group specifications with an end result like this:
# Allow members of group sudo to execute any command

# User privilege specification
The space between NOPASSWD: and ALL is optional, and it works either way. What is tricky is that the statements below overrides the ones above. This is counter-intuitive as an access control list, which typically matches top-down. By default, the group specification appears below the user specification, so the group overrides the user, but that makes no sense. It makes more sense for the individual user setting to override the group one.

I don't have a lot of high hopes for a man page that begins with a quick guide to EBNF.
Post a Comment