Upgrade to custom kernel with no multiuser support

Question

I am playing around with kernel customization on my headless Ubuntu Server system. Currently I have 6.8.0-48-generic kernel. My intention is to remove kernel features that I don't need. I decided to start with removing multiuser support so that there would only be root user (mainly to not type sudo for everything). I have built the kernel using my /boot/config-6.8.0-48-generic as a base with disabled CONFIG_MULTIUSER.Disabling this option also removes setuid syscall and turnes out a lot of my existing applications rely on it. During boot process I see a lot of "setuid: Function not implemented"-like messages. The problem is that I don't even get a shell after boot (neither on serial or on an monitor, ssh is also not running). What would be thet steps to proceed further? How can I "tell" the applications that the system is single-user now. Or at least, how can I get a shell?

If you intend to reply with something like "this is a security risk" please ignore this post.

Answer 1

I decided to start with removing multiuser support

there's very little inside the kernel for that, as "user" to the kernel is nothing but the user number that a process inherits from its parent process, or if a process is running as UID 0 already, the number it changes to using setuid; also, these numbers appear again as owner of a files.

So, that seems like something that makes no sense to remove to me?

Disabling this option also removes setuid syscall and turnes out a lot of my existing applications rely on it

Well, so far so expected. Exactly the thing you asked it to do: remove the kernel parts that deal with users.

So, if your software depends on that, you can't remove that. End of story.

You're also not really reducing any complexity: the kernel still needs to keep around all the data structures for processes, it still needs to understand file ownership (even if it doesn't "do anything" with it in practice).

If you want to do such low-level things to a kernel, doing that underneath a full Linux distro that expects a working, compatible kernel, is also the wrong choice – especially using Ubuntu, which heavily relies on multiuser features even to boot. So, I'm afraid short of rewriting systemd, most aspects of your shell, and a complete userland, you won't be able to pull this off. If you think you can do that, I think you might be lacking expertise.

Answer 2

What's Required In Linux?

Quoting Richard Stallman:

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

Many users do not understand the difference between the kernel, which is Linux, and the whole system, which they also call “Linux.” The ambiguous use of the name doesn't help people understand. These users often think that Linus Torvalds developed the whole operating system in 1991, with a bit of help.

Let's boil this down a bit. There are only 3 things needed to run a Linux:

1. Hardware, A.K.A. a computer.
2. The GNU collection of software.
3. The Linux Kernel.

Note that 1 and 2 existed way before 3. See GNU Hurd.

The Wrong Approach

As Marcus has stated in his answer, and as you have found out the ability to have multiple users is a core value in any distribution, because it was a core value in UNIX. See:

• What is the need of multiple users in linux? [duplicate] - Even though this is a duplicate, read the Accepted Answer.
• People in the '80s Thought Unix Would Take Over. Here's Why They Were Right.

I chose the above 2 links to illustrate two things:

1. UNIX was expensive, but because this was the early days of networked computing it was easier for users to share one main computer connected via a teletype, a.k.a. a TTY. This should look familiar.
2. Linux was meant to be a "free" solution to UNIX, as described in the "takeover" article. Because of this, the multiuser concept was replicated.

As such, the OP shouldn't try to remove a core design principle of all distributions of Linux. I do agree that the kernel can be streamlined to remove bloat, but should not be done haphazardly.

Customizing A Kernel - Proper Tools

While there are a bunch of sites on how to build a kernel, I found these:

• Compiling Your Own Linux Kernel (Debian) - Brief but thorough explaination of steps. See Section 4.3 in the Handbook below, as the post writer is using the pristine approach.
• Debian Linux Kernel Handbook - Always use your distributions preferred method of kernel building.

Customizing A Kernel - What To Take Out

These are pointers on what I would take out. As a Gentoo user for nearly 20 years, I've built plenty of kernels from source. There is only one main section in the menuconfig that one should focus on to start, and that would be Device Drivers. One can safely disable all drivers that aren't installed or present on the PC. Some common tools to find what hardware is on the PC are:

• lspci
• lsusb
• lsblk
• inxi

Compiling and Recompiling a kernel in this way is an iterative process, but in short, one should not remove core parts of the base support, i.e., multiple user access. One note here: It is possible to boot the system with the defaault kernel into Rescue Mode, a.k.a. Emergency Mode. See: Rescue mode (rescue.target) and Emergency mode (emergency.target) descriptions. The link in the accepted answer is valid even though the version is 18.04 because SystemD's behavior hasn't changed.