search

Botspot / vdesktop

Run a second instance of Raspbian inside Raspbian.
GNU General Public License v3.0
125 stars 21 forks source link

Support deleting default pi user #11

Closed mtlynch closed 3 years ago

mtlynch commented 4 years ago

Is there any way to delete the pi user on an image non-interactively?

If I sudo su into another user while running under cli-login, the new user can't delete pi because it's still running the sudo session.

My current workaround is to just lock the account:

sudo usermod --lock --shell /bin/nologin pi

But it would be cool to be able to delete the account entirely.

If I could do non-interactive login with a user other than pi / raspberry, that would make it pretty simple. Is that possible?

Botspot commented 4 years ago

Maybe you could get cli-login to login as user root instead of user pi. Try changing line 297 from this:

  send -- pi\r

To this:

  send -- root\r
mtlynch commented 4 years ago

The root password is disabled by default on Raspberry Pi OS. I guess I could create one and then delete it after, but that's getting a bit complicated.

Would you accept a PR that's sort of like this?

  if [ -z "$3" ]; then
    LOGIN_USER="$3"
  else
    LOGIN_USER="pi"
  fi
  if [ -z "$4" ]; then
    LOGIN_PASS="$4"
  else
    LOGIN_PASS="raspberry"
  fi
  spawn ${DIRECTORY}/nspawn $mntpnt
  expect -re .*login:
  send -- "${LOGIN_USER}\r"
  expect -re .*Password:
  send -- "${LOGIN_PASS}\r"
  interact ''
  expect eof"

So that users could do:

./vdesktop my.img cli-login my-user my-pass
Botspot commented 4 years ago

Adding more cli flags would get exponentially more complicated. cli-login is already sub-optimal IMHO. For more advanced options, maybe a conf file would be a better fit. I will think about it.

Botspot commented 3 years ago

I couldn't set the username or password to variables - the expect subprocess kept throwing errors and it was getting into a mess. The only way I could think of was to have a second script that edits the vdesktop script beforehand, pasting in a username and password. But that did not go well at all.

To me, it looks like the only option left is to manually edit the username and password fields.

mtlynch commented 3 years ago

I'm able to get it working with variables. I know you're not crazy about additional CLI parameters, but #12 shows a working example of making username and password into variables.

Botspot commented 3 years ago

I'm baffled this is possible. I had tried the same thing a few months ago but was never able to get it working using variables. Will look into it and test your code.

Botspot commented 3 years ago

OK I've been able to reproduce your results. Turns out my earlier problems were caused by bad syntax and non-escaped quotation marks. I'm currently working on a Botspot-pleasing solution. :)

Botspot commented 3 years ago

OK, please check out the new version that I pushed. I've added a config file and have tested a few scenarios, though there may be some bugs. The old version is still accessible at the old-version branch.

mtlynch commented 3 years ago

Would it be possible to document the new semantics? I'm not sure how the changes affect my previous workflow.

Botspot commented 3 years ago

Vdesktop will behave exactly as it did before, but now you have a config file to easily change some settings. The config file is (hopefully) self-explanatory, given the comments I put in it.