3

I'm running essentially an X-based kiosk program on an embedded Linux and I want to disable the ability to log-in under some configurations. I want to run some distro-nonspecific console commands in the Exec of one systemd service early in boot to disable all login prompts, including the one on the first virtual terminal, so that only the output of systemd services appears on the mandatory VT. Also I need another service to be able to start X and a fullscreen application.

Currently my service file is ordered

Before=systemd-logind.service systemd-networkd.service NetworkManager.service dhclient.service
Before=MyKioskApp.service

WantedBy=basic.target

And the executable runs

for UNIT in systemd-logind.service systemd-networkd.service systemd-networkd.socket NetworkManager.service dhclient.service
do
    systemctl stop $UNIT
    systemctl mask --runtime $UNIT
done

This combined with other tricks does most of what I want, but if my kiosk application hits an error and exits I still see a login prompt. Adding the getty service to the list seems to break things so X refuses to start. I think there's a PAM module of some sort I need to disable but I don't have the command I've seen recommended for updating that config. I can't add new packages for this task but I can modify the filesystem.

davolfman
  • 479
  • 2
  • 7
  • You probably should make it more clear that this is for a kiosk application. Right now, that's buried in the fourth paragraph. – Andrew Henle Jul 16 '20 at 18:53

1 Answers1

1

Masking the getty services turned out to be the way to go. Adding console-getty.service and [email protected] to the list of masked services disabled the login prompt on TTY1. Effectively systemd-logind is responsible for starting additional virtual terminal sessions, and getty is responsible for serving login prompts on them, in seeming direct contradiction of their names.

davolfman
  • 479
  • 2
  • 7