拾人牙慧

移除 Serial Console Port 的自動登入(auto-login)功能

在產品開發階段，auto-login 功能可以方便工程師進行開發，不需要在開機後手動輸入帳號、密碼，而是開機後，自動以 root 登入系統。
但在出貨版本上，因為安全性考量，此功能需要被移除。

在 Debian 系統上，其 Console Port 自動登入的功能是實現在 serial-getty service 中：
/usr/lib/systemd/system/serial-getty@.service

完整的程式碼內容為：

#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Serial Getty on %I
Documentation=man:agetty(8) man:systemd-getty-generator(8)
Documentation=http://0pointer.de/blog/projects/serial-console.html
BindsTo=dev-%i.device
After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
After=rc-local.service

# If additional gettys are spawned during boot then we should make
# sure that this is synchronized before getty.target, even though
# getty.target didn't actually pull it in.
Before=getty.target
IgnoreOnIsolate=yes

# IgnoreOnIsolate causes issues with sulogin, if someone isolates
# rescue.target or starts rescue.service from multi-user.target or
# graphical.target.
Conflicts=rescue.service
Before=rescue.service

[Service]
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
ExecStart=-/sbin/agetty --autologin root --noclear %I $TER
#ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM
Type=idle
Restart=always
UtmpIdentifier=%I
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes

[Install]
WantedBy=getty.target

因此，要移除以 root 進行 autologin 的設定，只需要將 autologin 的部分移除即可：

#ExecStart=-/sbin/agetty --autologin root --noclear %I $TER
ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,38400,9600 %I $TERM

文字內容 或 影像內容 部份參考、引用自網路，如有侵權，請告知。