You are not logged in.
Beowulf, Mate desktop. I run a script during user login that opens a Veracrypt volume. Veracrypt is installed same way as in ASCII, same settings in sudoers, script copied from ASCII with same permissions.
Situation is that in Beowulf I am asked to enter either a user or the root password. What can be the reason for this changed behaviour?
Thanks for any idea, rolfie
Last edited by rolfie (2020-06-28 09:01:37)
Offline
Tried to call the script with a sudo in front sudo /path/to/script.sh, that does not work.
Then I directly started the script in a user terminal and got this error:
(veracrypt:5104): dbind-WARNING **: 17:05:21.998: Couldn't register with accessibility bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
How do I have to interpret this?
rolfie
Offline
Well, found this hint in the net on https://wiki.archlinux.de/title/GNOME#Tipps_und_Tricks
Add export NO_AT_BRIDGE=1 to /etc/environment.
The dbind-warning error when calling up the script directly as shown in the previous post is gone.
Does not bring the complete solution. Still getting asked for user or root passwd.
rolfie
Last edited by rolfie (2020-06-28 09:00:01)
Offline
Fixed it by adding /usr/bin/uptime to the priviligues specification for veracrypt in the sudoers. Found it somewhere in the sourceforge forum for veracrypt.
The sudoers entry reads like this now:
$username$ ALL=(root) NOPASSWD: /usr/bin/veracrypt, /usr/bin/uptime
rolfie
Last edited by rolfie (2020-06-28 09:01:18)
Offline
Intriguing that something wants to run uptime with sudo. I didn't think it took any special privileges to view that information. Maybe a script could be updated to exclude the "sudo" command in front of uptime.
This space intentionally left blank.
Offline
Got the hint from here: https://sourceforge.net/p/veracrypt/dis … 04d12bba8/
There is some change between ASCII and Beowulf. This way it works.
rolfie
Offline
Here's the test in veracrypt:
FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");
I've seen this test before, thanks to dzz (the other refracta dev):
refractasnapshot-wrapper.sh:15:sudo_allowed=$(sudo -n uptime 2>&1 | grep load | wc -l)
If the output is '1' then the user has sudo privs.
Offline
Oh, so perhaps the tool is merely using uptime as a way to check if the user has full sudo access. Hm, I guess "sudo -l /actual/command/to/run ; echo $?" is more obtuse...
This space intentionally left blank.
Offline
All it's doing is checking how many lines containing 'load average' uptime produced. So it's just testing if you can use sudo. But I've not seen this technique before. And as bgstack15 said "sudo -l /actual/command/to/run ; echo $?" is probably better, it should not fail if you can run uptime but can't run the actual command.
Chris
Offline