[OpenBSD] Xenodm auto login
Introduction
I own a nas (openBSD on a NUC6CAYH) that is connected over a HDMI cable to a monitor, I am using that to watch video files hosted on that machine. This nas as located on a shelf with nothing else connected to it than the HDMI cable and an ethernet cable.
Before today, after a reboot, I needed to plug a keyboard and a mouse to manually login on xenodm and then open a terminal to type xhost +, which would allow anybody to connect to the X server (which is not a best practice at all).
All of that then allows me to connect over ssh, enter the command export DISPLAY=:0 and then use mpv to watch a video file.
In this post, I will explain how to automate:
- The login on xenodm
- the permission for a user logged over ssh to connect to the X server
Autologin xenodm
A single configuration line is needed in /etc/X11/xenodm/xenodm-config to automate the logging of a specific user:
DisplayManager.*.autoLogin: media
DisplayManager.DISPLAY.autoLogin
This resource specifies the name of an user that will be logged
in automatically, without displaying the xlogin widget.
To avoid using a fully priviledge account, I created a new account media
with no permission beside accessing the media files storage.
Here is the new xenodm-config file:
nas$ cat /etc/X11/xenodm/xenodm-config
! $OpenBSD: xenodm-config.in,v 1.5 2018/11/03 18:04:45 matthieu Exp $
!
DisplayManager.authDir: /etc/X11/xenodm
DisplayManager.errorLogFile: /var/log/xenodm.log
DisplayManager.servers: /etc/X11/xenodm/Xservers
DisplayManager*resources: /etc/X11/xenodm/Xresources
! All displays should use authorization, but we cannot be sure
! X terminals may not be configured that way, so they will require
! individual resource settings.
DisplayManager*authorize: true
!
DisplayManager*startup: /etc/X11/xenodm/Xstartup
DisplayManager*session: /etc/X11/xenodm/Xsession
DisplayManager*reset: /etc/X11/xenodm/Xreset
DisplayManager*authComplain: true
! The following three resources set up display :0 as the console.
DisplayManager._0.setup: /etc/X11/xenodm/Xsetup_0
DisplayManager._0.startup: /etc/X11/xenodm/GiveConsole
DisplayManager._0.reset: /etc/X11/xenodm/TakeConsole
DisplayManager.*.authName: MIT-MAGIC-COOKIE-1
DisplayManager.*.autoLogin: media
Enable X server connection
By creating a .xession file in the home directory of the user media
, we can automaticly allow that any user connected on that machine can connect to the X server.
xhost local:nas
[+]name The given name (the plus sign is optional) is added to the list
allowed to connect to the X server. The name can be a host
name or a complete name (See NAMES for more details).
[...]
NAMES
A complete name has the syntax ``family:name'' where the families are
as follows:
inet Internet host (IPv4)
inet6 Internet host (IPv6)
dnet DECnet host
nis Secure RPC network name
krb Kerberos V5 principal
local contains only one name, the empty string
si Server Interpreted
[...]
Here is the final /home/media/.xsession file
xhost local:nas
feh --bg-fill --no-fehbg /share/IMG_20231122_174448.jpg
cwm