How to start deCONZ without auto login?

Hello!

I would like that my Raspberry Pi 2 (running latest deCONZ with GUI image as of writing this post) does not auto login (neither to GUI, nor to CLI), but it should start deCONZ.

How is this possible? Am I right that deCONZ could then only be started without GUI (i.e. headless), even if the OS does have the desktop environment installed (and working, I checked this)?

Reason: I do not want a device running in an logged in state (security issue) but need deCONZ running also after a reboot.

Thanks for sharing your thoughts! :+1:

Hello, I don’t understand.

I do not want a device running in an logged in state

What is a logged state ? when a device is included in the network, it can connect at every reboot, the key is memorised on the device.

GUI or not GUI it’s same, deconz is running, (the difference is only visual) else don’t launch it, you can remove the auto run.

Where are you seen a security issue ?

I meant the Raspberry Pi OS. I never leave a device (RPi, mobile phone, laptop, PC) unlocked. But for the RPi running deCONZ I thought that the OS needs to auto login (either to the GUI or to the CLI) in order to have deCONZ started. But maybe I was wrong. I will check.

EDIT1:
As I expected, without auto login, deCONZ does not start. I.e., if the Raspberry Pi OS (5.3, July 2024) boots only to the GUI with the login screen and no login happens, the gateway is unreachable. As soon as I have logged in and the deCONZ GUI has loaded, the gateway is reachable again.

Is there a way to start deCONZ as a service before login?

EDIT2:
I can reach the gateway, i.e. via Phoscon app or its WebGUI, but on the RPi, the deCONZ GUI (2.28.1) starts with a logon screen “Connect to Device”. There is a drop-down list, but it is empty. Hence, clicking on “Connect” has no effect. I never saw this before.

What mean for you “locked” ? I I restart my phone, it will work immediatly and alone, but no one can change the setting without the pin code, same for my notebook. You want the pi run or not ? So it’s a question about the OS, nothing to see with the application ?

Why do you want to prevent deconz running alone ? But are agree to let the OS running ? Can you explain me an sample of problem you can have whith that ?

You have probably 2 deconz instances running, and only one can access to the gateway.

Ok, a very hypothetical example - for the sake of it:

The Raspberry Pi OS runs with user pi logged in, but the desktop (GUI) session is not locked (as compared to leaving your work PC in the office unlocked, which is not recommended in most companies).

I leave home (maybe for an even longer period, e.g. on vacation), and burglers break into the house. Again, this is very hypothetical, but they could get access to the Raspberry Pi OS without the need to login (as the session is unlocked) and do bad things in the network.

Unless I am completely wrong about this scenario, I would like to understand how the Zigbee hub (RPi OS with deCONZ) and its clients (lights etc.) can work without the need to autologin to the OS and even better without the need to manually login the first time. Best thing would be: Power RPi, which boots and starts whatever is needed (no login).

I thought that maybe deCONZ can run as a service in the background without the need that a user (pi) logs in or is automatically logged in without providing a password.

Hopefully, I have described it in an understandable manner now. Thanks for your patience! :heart:

So if you are afraid by that, lock your OS session (like you do at your work), even if the deconz application is locked, they have access to all the rest, and at all your home, as they are already inside your home, if they prefer hack your network to see your mail instead of stealing your TV, and using your Raspberry instead of direclty connecting their computer to your network.

But for information, if you have the hardware in your hand, even it’s locked, you can have access to data.

Zigbee is a network, your ethernet network another, The conbee+deconz is a gateway between the 2 network. All your zigbee devices use only the zigbee network. The conbee act too as coordinator for the zigbee network.

I am unable to clearly explain my concerns and what I wanted, sorry. :face_with_open_eyes_and_hand_over_mouth:

I want to run it either as a service without GUI, i.e. without the need to logon as a user to the OS desktop, or as the usual deCONZ desktop, but then I need to (auto)login to the OS desktop.

EDIT:
I added the last line to /etc/xdg/lxsession/LXDE-pi/autostart, and that was all I needed:

@lxpanel --profile LXDE-pi
@pcmanfm --desktop --profile LXDE-pi
@xscreensaver -no-splash
@dm-tool lock

It auto-locks the session after auto-login. :grinning:

For reference:
https://forums.raspberrypi.com/viewtopic.php?t=280482
https://forums.raspberrypi.com/viewtopic.php?t=294014