Jump to content
Not connected, Your IP: 34.229.151.87
Zensen

How To Autostart AirVPN As Root With No Password (Solved)

Recommended Posts

If you're running AirVPN on Linux you probably don't want to have to type your sudo password in each time it runs. Why? If you're auto-starting it, you want your network lock and VPN connection to happen as soon as you login. Here's what I did for Ubuntu (Actually Kubuntu)...

 

  1. Install gksu (sudo apt install gksu)
  2. Add AirVPN to your autostart list and for command use gksudo /usr/bin/airvpn
  3. Run sudo nano /usr/share/applications/AirVPN.desktop and change the command to gksudo /usr/bin/airvpn
  4. Edit the AirVPN entry in your application launcher and change the command to gksudo /usr/bin/airvpn
  5. Run sudo visudo and add the line %airvpn ALL=(ALL:ALL) NOPASSWD: /usr/bin/airvpn after all other rules (Press Ctrl+x and then Enter to exit and save).
  6. Run sudo groupadd airvpn
  7. Run sudo usermod -a -G airvpn user replacing "user" with your account's username.

 

You're done. The next time you login (Or start it any any other way) AirVPN will start without entering any password.

 

Note: Your AirVPN settings will be back to default after doing this. Don't worry, just set them again and they'll save.

Share this post


Link to post

We very strongly recommend to not apply this solution for security reasons.

 

Kind regards

 

 

Still useful for those who may want to, this solution could use some extra security. The application has to be run as su to begin with so there's no more security concern there in that regard. Of course it would be nice to be able to restrict the alteration of eddie client's files. I'm not sure if some solution exists to restrict file modifications based on hashing. I'd be surprised if there wasn't. Even Windows does this and will not grant admin privs automatically to a file that has been modified since it was whitelisted.

 

I'll search for such a solution on Linux. There must be some way.

Share this post


Link to post

Go with the solution in 2 posts below this one, it's how it actually should be done.

 

What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.

If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.

Also asking for learning purpose.

 

I'm using Fedora 28

 

EDIT:

 

And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy 

Set line

 

 <allow_active>auth_admin</allow_active>
 

 

 to 

 

<allow_active>yes</allow_active> 
 

 

and no password is asked.

 

Is this safe enough for normal personal use?

Edited ... by keikari

Share this post


Link to post

What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.

If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.

Also asking for learning purpose.

 

I'm using Fedora 28

 

EDIT:

 

And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy 

Set line

 

 <allow_active>auth_admin</allow_active>
 

 

 to 

 

<allow_active>yes</allow_active> 
 

 

and no password is asked.

 

Is this safe enough for normal personal use?

Thank you so much for this description! It's unbearable to enter password each time I want to run eddie...

PS : Works also on Ubuntu!

Share this post


Link to post

What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.

If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.

Also asking for learning purpose.

 

I'm using Fedora 28

 

EDIT:

 

And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy 

Set line

 

 <allow_active>auth_admin</allow_active>
 

 

 to 

 

<allow_active>yes</allow_active> 
 

 

and no password is asked.

 

Is this safe enough for normal personal use?

 

In my opinion, it's a bad practice to alter the policy file provided by Eddie. I would rather define a new rule: Create a new file under /etc/polkit-1/rules.d named "49-eddie_nopasswd.rules" (or anything similar to that) with the following content:

 

Quote

polkit.addRule(function(action, subject) {

    if ((action.id == "org.airvpn.eddie.ui.policy")  &&  subject.isInGroup("wheel"))

    {

        return polkit.Result.YES;

    }

}):

Share this post


Link to post

If you can't be bothered typing in your password for Eddie then you can use this launch script.

 

 

#!/bin/bash

printf 'YOURPASSWORD\n' | sudo -S eddie-ui

 

 

Save it as yourscript.sh (whatever you want) into $HOME/bin and make sure $HOME/bin is in your paths with 'echo $PATH'. If you do not see $HOME/bin then add this to .profile

 

 

# set PATH so it includes user's private bin if it exists

if [ -d "$HOME/bin" ] ; then

PATH="$HOME/bin:$PATH"

fi

 

 

Change the permissions so only you can read or write to it also

 

chmod u+x,go-rwx $HOME/bin/yourscript.sh

 

 

 

For security reasons however (as staff said above) it's inadvisable to do this....

Share this post


Link to post

If you can't be bothered typing in your password for Eddie then you can use this launch script.
 

 

#!/bin/bash
printf 'YOURPASSWORD\n' | sudo -S eddie-ui

 

Maybe not elegant, but it works. Thank you very much !

Share this post


Link to post

#!/bin/bash

printf 'YOURPASSWORD\n' | sudo -S eddie-ui

 

While this works, it's not a good idea to save your password in what is essentially a text file. Above, I have posted a solution using polkit rules that is more secure.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...