Jump to content


Photo

How To Autostart AirVPN As Root With No Password (Solved)

autostart sudo gksu eddie airvpn linux root password

  • Please log in to reply
13 replies to this topic

#1 Zensen

Zensen

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 26 November 2016 - 07:06 PM

If you're running AirVPN on Linux you probably don't want to have to type your sudo password in each time it runs. Why? If you're auto-starting it, you want your network lock and VPN connection to happen as soon as you login. Here's what I did for Ubuntu (Actually Kubuntu)...

 

  1. Install gksu (sudo apt install gksu)
  2. Add AirVPN to your autostart list and for command use gksudo /usr/bin/airvpn
  3. Run sudo nano /usr/share/applications/AirVPN.desktop and change the command to gksudo /usr/bin/airvpn
  4. Edit the AirVPN entry in your application launcher and change the command to gksudo /usr/bin/airvpn
  5. Run sudo visudo and add the line %airvpn ALL=(ALL:ALL) NOPASSWD: /usr/bin/airvpn after all other rules (Press Ctrl+x and then Enter to exit and save).
  6. Run sudo groupadd airvpn
  7. Run sudo usermod -a -G airvpn user replacing "user" with your account's username.

 

You're done. The next time you login (Or start it any any other way) AirVPN will start without entering any password.

 

Note: Your AirVPN settings will be back to default after doing this. Don't worry, just set them again and they'll save.



#2 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7564 posts

Posted 28 November 2016 - 11:42 PM

We very strongly recommend to not apply this solution for security reasons.

 

Kind regards



#3 Zensen

Zensen

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 15 January 2017 - 04:48 AM

We very strongly recommend to not apply this solution for security reasons.

 

Kind regards

 

 

Still useful for those who may want to, this solution could use some extra security. The application has to be run as su to begin with so there's no more security concern there in that regard. Of course it would be nice to be able to restrict the alteration of eddie client's files. I'm not sure if some solution exists to restrict file modifications based on hashing. I'd be surprised if there wasn't. Even Windows does this and will not grant admin privs automatically to a file that has been modified since it was whitelisted.

 

I'll search for such a solution on Linux. There must be some way.



#4 HullMeister

HullMeister

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 13 June 2018 - 02:58 PM

did all of the above, a now the gui just sits on desktop waiting for me to put username/password in, not even pre-filled as before


th_Tigers%20Logo_zpsiilcxf6n.jpg


#5 corrado

corrado

    Advanced Member

  • Members
  • PipPipPip
  • 195 posts

Posted 13 June 2018 - 03:31 PM

You should not use gksu anymore - it's heavily deprecated and has been abandoned by many popular distributions, e.g. Ubuntu. what

#6 corrado

corrado

    Advanced Member

  • Members
  • PipPipPip
  • 195 posts

Posted 13 June 2018 - 03:31 PM

You should not use gksu anymore - it's heavily deprecated and has been abandoned by many popular distributions, e.g. Ubuntu. what

#7 rnd227

rnd227

    Member

  • Members
  • PipPip
  • 13 posts

Posted 14 June 2018 - 10:55 AM

It just doesn't work as advertised. :(

 

Any other suggestion on the topic would be very welcome !



#8 keikari

keikari

    Advanced Member

  • Members
  • PipPipPip
  • 46 posts

Posted 02 July 2018 - 03:08 PM

Go with the solution in 2 posts below this one, it's how it actually should be done.

 

What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.

If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.

Also asking for learning purpose.

 

I'm using Fedora 28

 

EDIT:

 

And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy 

Set line

 

 <allow_active>auth_admin</allow_active>
 

 

 to 

 

<allow_active>yes</allow_active> 
 

 

and no password is asked.

 

Is this safe enough for normal personal use?


Edited by keikari, 03 September 2018 - 11:57 AM.


#9 ambiguity

ambiguity

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 17 July 2018 - 12:44 PM

What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.

If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.

Also asking for learning purpose.

 

I'm using Fedora 28

 

EDIT:

 

And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy 

Set line

 

 <allow_active>auth_admin</allow_active>
 

 

 to 

 

<allow_active>yes</allow_active> 
 

 

and no password is asked.

 

Is this safe enough for normal personal use?

Thank you so much for this description! It's unbearable to enter password each time I want to run eddie...

PS : Works also on Ubuntu!



#10 corrado

corrado

    Advanced Member

  • Members
  • PipPipPip
  • 195 posts

Posted 13 August 2018 - 02:22 PM

What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.

If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.

Also asking for learning purpose.

 

I'm using Fedora 28

 

EDIT:

 

And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy 

Set line

 

 <allow_active>auth_admin</allow_active>
 

 

 to 

 

<allow_active>yes</allow_active> 
 

 

and no password is asked.

 

Is this safe enough for normal personal use?

 

In my opinion, it's a bad practice to alter the policy file provided by Eddie. I would rather define a new rule: Create a new file under /etc/polkit-1/rules.d named "49-eddie_nopasswd.rules" (or anything similar to that) with the following content:

 

Quote

polkit.addRule(function(action, subject) {
    if ((action.id == "org.airvpn.eddie.ui.policy")  &&  subject.isInGroup("wheel"))
    {
        return polkit.Result.YES;
    }
}):



#11 j7j3

j7j3

    Member

  • Members
  • PipPip
  • 12 posts

Posted 02 September 2018 - 10:49 AM

If you can't be bothered typing in your password for Eddie then you can use this launch script.


#!/bin/bash
printf 'YOURPASSWORD\n' | sudo -S eddie-ui


Save it as yourscript.sh (whatever you want) into $HOME/bin and make sure $HOME/bin is in your paths with 'echo $PATH'. If you do not see $HOME/bin then add this to .profile


# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi


Change the permissions so only you can read or write to it also

chmod u+x,go-rwx $HOME/bin/yourscript.sh



For security reasons however (as staff said above) it's inadvisable to do this....

#12 rnd227

rnd227

    Member

  • Members
  • PipPip
  • 13 posts

Posted 03 September 2018 - 12:37 PM

If you can't be bothered typing in your password for Eddie then you can use this launch script.
 

 

#!/bin/bash
printf 'YOURPASSWORD\n' | sudo -S eddie-ui

 

Maybe not elegant, but it works. Thank you very much !



#13 corrado

corrado

    Advanced Member

  • Members
  • PipPipPip
  • 195 posts

Posted 03 September 2018 - 03:19 PM

#!/bin/bash
printf 'YOURPASSWORD\n' | sudo -S eddie-ui

 

While this works, it's not a good idea to save your password in what is essentially a text file. Above, I have posted a solution using polkit rules that is more secure.



#14 rnd227

rnd227

    Member

  • Members
  • PipPip
  • 13 posts

Posted 05 September 2018 - 09:25 AM

You're right. Thanks you. I'm using qomui, by the way. :)







Similar Topics Collapse


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 15134 - BW: 54044 Mbit/sYour IP: 54.198.55.167Guest Access.