airvpnclient 13 Posted ... On 2/8/2019 at 7:25 PM, rok1 said: Is this ready for use on Ubuntu/Debian distributions? I've been clamoring to build a low power embedded Deluge box with VPN only internet access. I have no need for a window manager so I am all about the command line. I will be testing it on Xbian today since I have the same use case, but find that with proper resource management I can have my RPi 2 do double duty as a Deluge box and a mediacentre. I would actually prefer to bring things up using eddie-cli automatically at boot without user intervention, preferably as a service or alternately via rc.local. Almost there, after hours of struggling because I was trying to run eddie-cli as superuser, in my eddie-cli upstart configuration (Yay - no systemd!). Now that I am not, I get this, though: # /etc/rc.local . 2021.01.27 08:37:47 - Eddie version: 2.19.7 / linux_armv7l, System: Linux, Name: XBian GNU/Linux 10 \n \l, Version: Linux xbian 4.19.90+ #1 SMP PREEMPT Wed Dec 18 20:39:10 CET 2019 armv7l GNU/Linux, Mono/.Net: 5.18.0.240 (Debian 5.18.0.240+dfsg-3 Wed Apr 17 18:28:16 UTC 2019); Framework: v4.0.30319 . 2021.01.27 08:37:48 - Command line arguments (7): path.resources="/usr/share/eddie-cli" path.exec="/usr/bin/eddie-cli" netlock="True" login="airvpnclient" password="My.cat.has.pings." server="Rotanev" connect="True" . 2021.01.27 08:37:48 - Raise system privileges sudo: no tty present and no askpass program specified F 2021.01.27 08:37:48 - Unable to obtain elevated privileges (required): Unable to start (already exit) . 2021.01.27 08:37:48 - Shutdown in progress . 2021.01.27 08:37:48 - Shutdown complete ... Also, the script should work on this Debian based box since firewalld exists: root@xbian:/home/xbian# whereis firewalld firewalld: /usr/local/lib/firewalld Quote Share this post Link to post
airvpnclient 13 Posted ... (edited) On 1/27/2021 at 8:50 AM, airvpnclient said: I will be testing it on Xbian today since I have the same use case, but find that with proper resource management I can have my RPi 2 do double duty as a Deluge box and a mediacentre. I would actually prefer to bring things up using eddie-cli automatically at boot without user intervention, preferably as a service or alternately via rc.local. Almost there, after hours of struggling because I was trying to run eddie-cli as superuser, in my eddie-cli upstart configuration (Yay - no systemd!). Now that I am not, I get this, though: # /etc/rc.local . 2021.01.27 08:37:47 - Eddie version: 2.19.7 / linux_armv7l, System: Linux, Name: XBian GNU/Linux 10 \n \l, Version: Linux xbian 4.19.90+ #1 SMP PREEMPT Wed Dec 18 20:39:10 CET 2019 armv7l GNU/Linux, Mono/.Net: 5.18.0.240 (Debian 5.18.0.240+dfsg-3 Wed Apr 17 18:28:16 UTC 2019); Framework: v4.0.30319 . 2021.01.27 08:37:48 - Command line arguments (7): path.resources="/usr/share/eddie-cli" path.exec="/usr/bin/eddie-cli" netlock="True" login="airvpnclient" password="My.cat.has.pings." server="Rotanev" connect="True" . 2021.01.27 08:37:48 - Raise system privileges sudo: no tty present and no askpass program specified F 2021.01.27 08:37:48 - Unable to obtain elevated privileges (required): Unable to start (already exit) . 2021.01.27 08:37:48 - Shutdown in progress . 2021.01.27 08:37:48 - Shutdown complete ... Also, the script should work on this Debian based box since firewalld exists: root@xbian:/home/xbian# whereis firewalld firewalld: /usr/local/lib/firewalld Finally found time to get back to this and have a solution (with some notable security risks) Three things challenged my efforts to run eddie-cli in rc.local: 1. rc.local runs as root, but eddie-cli expects to be run by an unprivileged user (it is installed in /usr/bin). 2. rc.local does not, by default provision a terminal (ttx) while eddie-cli depends on it. These two issues can be addressed using the su command "su -P -c 'eddie-cli ....{options)...' User." The command su -c lets rc.local run it as a normal user and the -P option gives rc.local access to a pseudo-terminal. 3. Even when the -batch directive is used, some forking program wants a typed password when escalating privileges during startup. In order to get around that I gave my user password-free access via sudo by editing the sudoers file as set out here:https://linuxhandbook.com/sudo-without-password/ Sadly, I do not know what command eddie-cli executes via sudo, so I had to use the highest risk method to give my user password-free access by using the # visudo command to amend this line to the sudoers file: xbian ALL=(ALL) NOPASSWD:ALL !!! As noted in the reference above, this is generally not a good security practice, but since I am the only one with access to the host, I can absorb the risk. If @Staff can provide the specific command that is being run via sudo, a more limited escalation of user privileges would be a better solution. So here is the command I am using with success in rc.local: su -P -c "/usr/bin/eddie-cli -netlock -login=airvpnclient -password=************* -server=Rotanev -connect -batch" xbian One remaining issue is that run this way, eddie-cli seems to be resistant to a SIGTERM (15) or SIGKILL (9) signal. It seems to keep respawning itself. Will look into this further, but for my purposes it hardly matters, since I want eddie-cli to be always-on. Edited ... by airvpnclient needed to add the bit about escalated user privileges via sudoers configuration. Quote Share this post Link to post
airvpnclient 13 Posted ... P.S. -- sorry @nwlyocfor the thread-jack, I should have started a new thread about non-interactive eddie-cli startup a boot, and I don't think there is a way to move these last couple of posts at this point. The Wrapper work you did here looks fabulous and I will try it on my desktop and provide feedback. Thanks. Quote Share this post Link to post
airvpnclient 13 Posted ... On 1/28/2021 at 7:07 PM, airvpnclient said: ....I had to use the highest risk method to give my user password-free access by using the # visudo command to amend this line to the sudoers file: xbian ALL=(ALL) NOPASSWD:ALL Now using the much lower exposure: xbian ALL=(ALL) NOPASSWD:/usr/lib/eddie-cli/eddie-cli-elevated,/usr/lib/eddie-cli/eddie-cli-elevated2 Quote Share this post Link to post
Not connected, Your IP: 3.133.145.17
Online: 25990 users - 300302 Mbit/s total BW