The officially official Devuan Forum!

You are not logged in.

#1 2020-06-26 20:29:52

rolfie
Member
Registered: 2017-11-25
Posts: 364  

[Solved] Password required for startup script

Beowulf, Mate desktop. I run a script during user login that opens a Veracrypt volume. Veracrypt is installed same way as in ASCII, same settings in sudoers, script copied from ASCII with same permissions.

Situation is that in Beowulf I am asked to enter either a user or the root password. What can be the reason for this changed behaviour?

Thanks for any idea, rolfie

Last edited by rolfie (2020-06-28 09:01:37)

Offline

#2 2020-06-27 15:12:42

rolfie
Member
Registered: 2017-11-25
Posts: 364  

Re: [Solved] Password required for startup script

Tried to call the script with a sudo in front sudo /path/to/script.sh, that does not work.

Then I directly started the script in a user terminal and got this error:

(veracrypt:5104): dbind-WARNING **: 17:05:21.998: Couldn't register with accessibility bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

How do I have to interpret this?

rolfie

Offline

#3 2020-06-27 15:30:55

rolfie
Member
Registered: 2017-11-25
Posts: 364  

Re: [Solved] Password required for startup script

Well, found this hint in the net on https://wiki.archlinux.de/title/GNOME#Tipps_und_Tricks

Add export NO_AT_BRIDGE=1 to /etc/environment.

The dbind-warning error when calling up the script directly as shown in the previous post is gone.

Does not bring the complete solution. Still getting asked for user or root passwd.

rolfie

Last edited by rolfie (2020-06-28 09:00:01)

Offline

#4 2020-06-27 21:45:30

rolfie
Member
Registered: 2017-11-25
Posts: 364  

Re: [Solved] Password required for startup script

Fixed it by adding /usr/bin/uptime to the priviligues specification for veracrypt in the sudoers. Found it somewhere in the sourceforge forum for veracrypt.

The sudoers entry reads like this now:

$username$    ALL=(root)      NOPASSWD:       /usr/bin/veracrypt, /usr/bin/uptime

rolfie

Last edited by rolfie (2020-06-28 09:01:18)

Offline

#5 2020-06-28 18:58:17

bgstack15
Member
Registered: 2018-02-04
Posts: 154  

Re: [Solved] Password required for startup script

Intriguing that something wants to run uptime with sudo. I didn't think it took any special privileges to view that information. Maybe a script could be updated to exclude the "sudo" command in front of uptime.


This space intentionally left blank.

Offline

#6 2020-06-28 19:25:23

rolfie
Member
Registered: 2017-11-25
Posts: 364  

Re: [Solved] Password required for startup script

Got the hint from here: https://sourceforge.net/p/veracrypt/dis … 04d12bba8/

There is some change between ASCII and Beowulf. This way it works.

rolfie

Offline

#7 2020-06-28 22:50:22

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,570  

Re: [Solved] Password required for startup script

Here's the test in veracrypt:

FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	

I've seen this test before, thanks to dzz (the other refracta dev):

refractasnapshot-wrapper.sh:15:sudo_allowed=$(sudo -n uptime 2>&1 | grep load | wc -l)

If the output is '1' then the user has sudo privs.

Offline

#8 2020-06-29 14:12:28

bgstack15
Member
Registered: 2018-02-04
Posts: 154  

Re: [Solved] Password required for startup script

Oh, so perhaps the tool is merely using uptime as a way to check if the user has full sudo access. Hm, I guess "sudo -l /actual/command/to/run ; echo $?" is more obtuse...


This space intentionally left blank.

Offline

#9 2020-06-29 16:24:23

chris2be8
Member
Registered: 2018-08-11
Posts: 91  

Re: [Solved] Password required for startup script

All it's doing is checking how many lines containing 'load average' uptime produced. So it's just testing if you can use sudo. But I've not seen this technique before. And as bgstack15 said "sudo -l /actual/command/to/run ; echo $?" is probably better, it should not fail if you can run uptime but can't run the actual command.

Chris

Offline

Board footer