Jump to content
Not connected, Your IP: 3.12.163.120
SkyFyx

systemd for start with elevation ( linux )

Recommended Posts

Hi, 

In settings i've checked "Don't ask elevation every run".
But i don't know how to create service, or rather what to put in the service to make it work. 

And is it possible to tell the qbittorrent service to start up after Eddie-UI?
If so, could someone please help me?

Thanks !

Share this post


Link to post
6 minutes ago, SkyFyx said:

In settings i've checked "Don't ask elevation every run".


This setting creates the unit. You don't need to do anything yourself. You can check whether it exists with:

$ systemctl list-unit-files eddie*

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
11 minutes ago, OpenSourcerer said:

This setting creates the unit. You don't need to do anything yourself. You can check whether it exists with:

$ systemctl list-unit-files eddie*

.

Yes I have eddie-elevated-service but when my system reboot, Eddie-ui need password of root for start.

And you think i can say to my service "qbittorrent" to start after "eddie-elevated-service" for starting after the VPN ? 


Ps: i use the autostart from ubuntu for start eddie-ui, there might be another alternative ?

Share this post


Link to post
9 hours ago, SkyFyx said:

Yes I have eddie-elevated-service but when my system reboot, Eddie-ui need password of root for start.


Hmm, a similar thing is discussed here, with no solutions yet:
9 hours ago, SkyFyx said:

And you think i can say to my service "qbittorrent" to start after "eddie-elevated-service" for starting after the VPN ? 


You mean, start qB after Eddie starts?
 
9 hours ago, SkyFyx said:

Ps: i use the autostart from ubuntu for start eddie-ui, there might be another alternative ?


No, that is the proper way to launch GUI applications.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
43 minutes ago, OpenSourcerer said:

Hmm, a similar thing is discussed here, with no solutions yet:

Thank you for this topic, I'll wait and see if it evolves
 
44 minutes ago, OpenSourcerer said:
You mean, start qB after Eddie starts?

Yes , because i don't find how to proceed.
 
45 minutes ago, OpenSourcerer said:
No, that is the proper way to launch GUI applications.

Thanks again ;) 

Share this post


Link to post
11 minutes ago, SkyFyx said:

Yes , because i don't find how to proceed.


Eddie cannot start applications after connection anymore, so I think the manual way is the only one. But maybe someone else has got a solution for you.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
1 hour ago, OpenSourcerer said:

Eddie cannot start applications after connection anymore, so I think the manual way is the only one. But maybe someone else has got a solution for you.

Hello!

It can. In your example the proper event to start them is the "VPN Up" event. Do you experience any problem with it? For qBittorrent remember to uncheck "Wait for end of process".

Kind regards
 

Share this post


Link to post
1 hour ago, Staff said:

It can. In your example the proper event to start them is the "VPN Up" event. Do you experience any problem with it? For qBittorrent remember to uncheck "Wait for end of process".


Wait, I thought this feature is disarmed because you'd start everything privileged?

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
2 hours ago, Staff said:

It can. In your example the proper event to start them is the "VPN Up" event. Do you experience any problem with it? For qBittorrent remember to uncheck "Wait for end of process".


I don't understand very well : I don't know what is "VPN up", and I can't find the line "Wait for end of process" in which section is it supposed to be ? 

Thanks again.

Share this post


Link to post
25 minutes ago, SkyFyx said:
I don't understand very well : I don't know what is "VPN up", and I can't find the line "Wait for end of process" in which section is it supposed to be ? 

Thanks again.

Hello!

Eddie can run script/binaries when definite events occur, with the privileges of the user which started the CLI or the GUI (not root). The events can be configured in "Preferences" > "Events" window .

However, the message we wrote is not a solution to your main problem, which will be put to the attention of the devs, but only an inquiry into OpenSourcerer's statement in order to understand whether there's something wrong which we missed in the events management after the latest update.
 
1 hour ago, OpenSourcerer said:

Wait, I thought this feature is disarmed because you'd start everything privileged?


Several years ago Eddie Desktop edition was re-designed and split into a "frontend" and a "backend". The frontend runs with the privileges of the user which starts it, while the backend runs with root privileges. The entities run by the events are cut out from root privileges and will run as the same user who started the frontend, and no more as root. The feature remained as it is very comfortable.

We deemed this modification as critically necessary because in the other way the attack surface was enlarged and could cause successful attacks with privilege escalation up to root if the attacker could gain in the attacked system any normal user privilege.

The available events are (in parenthesis a rough explanation of when the script or binary is launched):
  • App Start
    (something to be launched just after Eddie starts but before any session starts)
  • App End
    (something to be launched as last thing when Eddie shuts down, but before Eddie finishes the shutdown - note the if "Wait for end of process" is unchecked, then Eddie will finish shut down without waiting the process to exit, of course)
  • Session Start
    (something to be launched when a session (login) begins, but before a VPN connection is started)
  • Session End
    (something to be launched when a session ends)
  • VPN Pre
    (something to be launched when a connection is ordered, but before the connection is established)
  • VPN Up
    (something to be launched when a VPN connection is successfully established)
  • VPN Down
    (something to be launched when a VPN disconnection occurs)
For each event you can tell Eddie whether it must wait for an exit code by what was launched or not.

Kind regards
 

Share this post


Link to post
22 minutes ago, Staff said:
App Start
(something to be launched just after Eddie starts but before any session starts)

Oh ! Thanks, so i can start a service after the vpn up ! I'm gonna try. ( and it's here to uncheck "wait end of process" it's right ? I can run SH file ? 

And you think it's possible to activate a kill switch ? ( because i've activate an option "active Network lock at startup ) But I don't know if I'll lose my connection to the vpn, if my internet connection will be cut off.


Ps: sorry if i'm bad with english sometimes, it's not my tongue language.

Share this post


Link to post
10 minutes ago, SkyFyx said:

Oh ! Thanks, so i can start a service after the vpn up ! I'm gonna try. ( and it's here to uncheck "wait end of process" it's right ?


Hello!

Yes, you need to decide according to your needs. In your case we guess that Eddie must not wait for the process to end, but of course you may have different needs. Please decide on a case by case basis.
 
12 minutes ago, SkyFyx said:

And you think it's possible to activate a kill switch ? ( because i've activate an option "active Network lock at startup ) But I don't know if I'll lose my connection to the vpn, if my internet connection will be cut off.


For that you don't even need events, as you noticed. Just check "Activate Network Lock at startup" and Eddie will activate Network Lock even before a session starts (so you have no time pressure to connect to the VPN). It will try to do it as soon as possible. Network Lock prevents any possible traffic leak outside the VPN tunnel through proper firewall rules (iptables, nftables, pf and WFP are supported). If the Internet connection is cut off you will lose VPN connection. However Network Lock remains in place and when the Internet "comes back" your system will not leak traffic. Note: Network Lock will be disabled if you shut down Eddie cleanly; however an Eddie's dirty exit (for example a crash or a kill without grace) will not put Network Lock down, that's important for your safety. Only root by resetting the firewall could bring Network Lock down in that case.
 
16 minutes ago, SkyFyx said:

Ps: sorry if i'm bad with english sometimes, it's not my tongue language.


Your messages are perfectly understandable. However, if you have some issue to read help messages or instructions and you need support in different languages, the support team can read and write in French, Japanese, Spanish, Italian and German (moderately delayed answers may occur).

Kind regards
 

Share this post


Link to post

Thanks again for your help ! i think all is good.

For "Vpn up" event i have attribute a bash file ( with a command to start the service of qbittorrent ) so now i'm sure the service start after the VPN is up and running. 
 

4 minutes ago, Staff said:

For that you don't even need events, as you noticed. Just check "Activate Network Lock at startup" and Eddie will activate Network Lock even before a session starts (so you have no time pressure to connect to the VPN). It will try to do it as soon as possible. Network Lock prevents any possible traffic leak outside the VPN tunnel through proper firewall rules (iptables, nftables, pf and WFP are supported). If the Internet connection is cut off you will lose VPN connection. However Network Lock remains in place and when the Internet "comes back" your system will not leak traffic. Note: Network Lock will be disabled if you shut down Eddie cleanly; however an Eddie's dirty exit (for example a crash or a kill without grace) will not put Network Lock down, that's important for your safety. Only root by resetting the firewall could bring Network Lock down in that case.


Thanks you again for your explaination ! 

I have find a way to deactivate password needed on start for Eddie. 
I don't know if it's a good idea but, with this thread https://askubuntu.com/questions/614534/disable-authentication-prompts-in-15-04/614537#614537 it's worked. (because i need it too for my bash file, for start qbittorrent service )

Share this post


Link to post

I see. I've had it memorized that you disabled the feature and so far didn't reenable it, but I think I missed connecting the separation of frontend and backend to the Events being reenabled. Good to know.
 

1 hour ago, Staff said:

the support team can read and write in French, Japanese, Spanish, Italian and German (moderately delayed answers may occur).


That makes it two things I learned from this thread today.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 7/21/2023 at 10:24 PM, SkyFyx said:

Hi, 

In settings i've checked "Don't ask elevation every run".
But i don't know how to create service, or rather what to put in the service to make it work. 

And is it possible to tell the qbittorrent service to start up after Eddie-UI?
If so, could someone please help me?

Thanks !


Hello!

When you check "Don't ask elevation every run", Eddie creates a systemd unit (you don't need to create it manually) and therefore after you reboot the system, even if you run Eddie from your DE, no password should be asked, except the keying password, or the Master Password if you enabled it. Might it be that you were prompted for that password? If you reproduce the issue, can we see a screenshot showing this password prompt?

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...