First baby steps to running as user zeus

October 24, 2022 — BarryK

I posted about giving a non-root user administration privileges:

https://bkhome.org/news/202210/how-to-give-a-user-full-root-privileges.html

The essence of implementing this is some simple code in '3buildeasydistro':

#20221023 login as zeus...
if [ $EOS_ADMIN_ZEUS -eq 1 ];then
 echo '::sysinit:/etc/rc.d/rc.sysinit
tty1::respawn:/sbin/getty -n -l /sbin/zeuslogin 38400 tty1
tty2::respawn:/sbin/getty 38400 tty2
::ctrlaltdel:/sbin/reboot' > rootfs-complete/etc/inittab
 #this will run Xorg as root:
 chmod 4755 rootfs-complete/usr/bin/Xorg
 chmod 4755 rootfs-complete/usr/bin/Xephyr
fi

That script is in woofQ, the EasyOS builder system.

I have also edited some scripts that test if running as root.

It took several hours to arrive at the above code, as I first tried changing to user zeus when do the switch_root in the initrd. So, /sbin/init will be executed as user zeus. I thought that could make that work, as zeus has the same rights as root; busybox init does accept that as "single-user" mode. However, that is a very unnatural mode to be attempting; did get to a prompt but lots of obstacles, so fell back to logging in as zeus in a more normal way.

Anyway, so far do get a desktop, but a very broken desktop.

EDIT 2022-10-25:
Currently, have a mostly-working desktop. /sbin/zeuslogin:

#!/bin/ash
#called from /etc/inittab
#20221025
. /etc/rc.d/PUPSTATE
export HOME="/root"
export USER="zeus"
if [ "$BOOT_PW_FLG" == "" ];then
 exec /sbin/capsh --keep=1 --user=zeus --inh=all --addamb=all -- -c "/sbin/zeusshell"
else
 #need to decrypt encrypted folders for user zeus...
 exec /sbin/capsh --keep=1 --user=zeus --inh=all --addamb=all -- -c "/usr/local/clients/run-client-indirect /sbin/zeusshell"
fi

However, getting into holiday mode. Will be shelving all EasyOS development for awhile. Will be camping at sites without phone signal, taking books to read!

Tags: easy