VectorLinux

Vectorbie Station => Vectorbie Questions => Topic started by: Pai Mei on August 05, 2008, 06:14:27 pm

Title: How to start Firestarter without root privileges? [SOLVED]
Post by: Pai Mei on August 05, 2008, 06:14:27 pm
Hello Vector Linux Community.

I installed Firestarter-1.0.3.tar.gz using (as a root): tar -zxvf firestarter...; ./configure; make; make install. Compilation and installation went ok, added a icon Firestarter in my Menu -> System -> Firestarter but when a click in this icon, appears the message: Insufficient privileges: You must have root privileges to use Firestarter. :'(
When I'm in a terminal with root (su;mypasswd; #firestarter) its starts; but with normal user ($ firestarter) appears the message (Insufficient privileges: You must have root privileges...)

I went to /usr/local/bin and tried (as root) chmod 777 firestarter - no change. Tried to edit sudoers (as root) by visudo, and added (like the firestarter manual said): myusername ALL= NOPASSWD: /usr/bin/firestarter in the bottom line - doesn't work. Tried also to add (using visudo): Cmnd_Alias FIRESTARTER=/usr/bin/firestarter and add to line
 %users  ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,PDMOUNT,SMBMOUNT,WIFI,FIRESTARTER and doesn't work.

So, anyone can help to make firestarter start when a click in its icon without a root password? (just like gKrellm of the system tab)?

I'm using Vector Linux 5.9 Gold and appreciate any help.
Title: Re: How to start Firestarter without root privileges?
Post by: Pai Mei on August 05, 2008, 06:19:48 pm
Hello Vector Linux Community.

I installed Firestarter-1.0.3.tar.gz using (as a root): tar -zxvf firestarter...; ./configure; make; make install. Compilation and installation went ok, added a icon Firestarter in my Menu -> System -> Firestarter but when a click in this icon, appears the message: Insufficient privileges: You must have root privileges to use Firestarter. :'(
When I'm in a terminal with root (su;mypasswd; #firestarter) its starts; but with normal user ($ firestarter) appears the message (Insufficient privileges: You must have root privileges...)

I went to /usr/local/bin and tried (as root) chmod 777 firestarter - no change. Tried to edit sudoers (as root) by visudo, and added (like the firestarter manual said): myusername ALL= NOPASSWD: /usr/bin/firestarter in the bottom line - doesn't work. Tried also to add (using visudo): Cmnd_Alias FIRESTARTER=/usr/bin/firestarter and add to line
 %users  ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,PDMOUNT,SMBMOUNT,WIFI,FIRESTARTER and doesn't work.

So, anyone can help to make firestarter start when a click in its icon without a root password? (just like gKrellm of the system tab)?

I'm using Vector Linux 5.9 Gold and appreciate any help.
PS: excuse my bad english - I'm a brazilian user of Vector Linux.
Title: Re: How to start Firestarter without root privileges?
Post by: wcs on August 05, 2008, 06:23:22 pm
I think there's only one thing missing: change the command to "sudo firestarter --start-hidden" (if you want it to go to the system tray). Only the sudo was missing. You can change that in the firestarter desktop file in /usr/share/applications.

But before you do, try to start firestarter in that way from a console as a normal user to see if it works.

Everything else seems right to me (adding /usr/bin/firestarter in your username and the alias FIRESTARTER for all users is probably redundant, but it doesn't create problems).
Title: Re: How to start Firestarter without root privileges?
Post by: Pai Mei on August 05, 2008, 06:36:14 pm
I tried sudo firestarter --start-hidden,in a normal terminal, but there a strange fact (in my Vector Linux): my sudo password doens't match with my su password. You can think that I make something wrong, but the fact is this; so I can't use the sudo properlly cause I don't know what password its want (if it is my root password or my user password) - so a use su instead (and works for firestarter; sudo doesn work because I don't know what password to type). I know that is a newbie error, but i used Ubuntu, Kurumin (brazilian-debbian-based distro) and others, and the sudo password always was the same as the root (su) password.

Also, I tried to find the firestarter desktop file in /usr/share/applications but there no sign of the firestarter file (???) - so I can't modify it.

But I thank you WCS for fast repply to my doubt.

PS: excuse for my bad english.
Title: Re: How to start Firestarter without root privileges?
Post by: bigpaws on August 05, 2008, 08:09:47 pm
This document will help:

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo (http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo)

Bigpaws
Title: Re: How to start Firestarter without root privileges?
Post by: wcs on August 06, 2008, 03:29:31 am
That's strange. Once you put the FIRESTARTER alias in the %users ALL=NOPASSWD line in /etc/sudoers, typing "sudo firestarter" should start it without asking you for a password. Does it still ask for it?
Maybe I'm missing something.
Title: Re: How to start Firestarter without root privileges?
Post by: wcs on August 06, 2008, 04:26:55 am
I just tried it myself and it seems to work fine.
Here are the two relevant lines in my /etc/sudoers:

Code: [Select]
Cmnd_Alias      FIRESTARTER=/usr/bin/firestarter
%users             ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,WIFI,SGINFO,FIRESTARTER

"sudo firestarter" from the command line starts it with no password.

If it works, edit the launcher in /usr/share/gnome/apps/Internet/Firestarter.desktop (it's a Gnome app, so it seems to be here).
Title: Re: How to start Firestarter without root privileges?
Post by: Pai Mei on August 06, 2008, 05:36:53 pm
Some weird things happens - I solved some problems, others no. I will relate, step-by-step, for someone understand how this thing is going on:

1) According WCS repply, I added (and modified) the followings lines in visudo:

Cmnd_Alias      FIRESTARTER=/usr/local/bin/firestarter     

%users ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,
WIFI,SGINFO,FIRESTARTER

(used /usr/local/bin/firestarter because the whereis command told me that firestarter is here...)

Results: no change... BUT I added (in sequence) the following line to sudoers files (via visudo):
%admin   ALL=NOPASSWD:ALL

then I can, in a terminal, do sudo firestarter without the ask of a password - and it works!

2) Next, I commented the line in sudoers file: %admin   ALL=NOPASSWD:ALL (#%admin   ALL=NOPASSWD:ALL), and do sudo firetarter, or sudo firestarter --start-hidden still works without asking my sudo password (so the hint of WCS worked). Thanks WCS!

Ok... First problem solved.

The only problem left (that I consider a small problem) is that the firestarter icon on menu System, when clicked, still says "Insufficient privileges: You must have root privileges to use Firestarter" (but I can do it by a terminal window, using sudo???). If anyones know how to fix this, I appreciate some help.

Don't find the firestarter launcher in /usr/share/gnome/apps/Internet/Firestarter.desktop, WCS, because there is no apps folder in usr/share/gnome - I assume that is because I'm using XFCE (in Vector 5.9 Gold)  and doesn't installed full desktop gnome (only the necessary deppendecies to run firestarter).

bigpaws: I read the topic that you send, - it's helped a lot to understand the su, sudo and groups structures and uses. Thanks. But I still don't understand why my sudo password is diferrent from my su password - because this I added the line %admin   ALL=NOPASSWD:ALL to override the ask for a password by sudo - and strangelly the sudo firestarter begins to work... Maybe I miss something (not my root or user password, since I modified it (by VASM) to test if was some restrition for them (size,characters,etc) and no problems - except the problem for sudo password). There is something missing, I think. I will try more things later.

Anyway, thanks WCS and bigpaws for the repplies.
Title: Re: How to start Firestarter without root privileges?
Post by: wcs on August 06, 2008, 06:25:06 pm
Quote
Don't find the firestarter launcher in /usr/share/gnome/apps/Internet/Firestarter.desktop, WCS, because there is no apps folder in usr/share/gnome

It's gotta be somewhere...  :) Search for it with find or slocate:
Code: [Select]
slocate -u (as root)
slocate -i firestarter.desktop
Once you find it change the exec line to "sudo firestarter". That should allow you to start it from the icon without a password.

(I've packaged firestarter for the repositories. It should be in the testing repo soon, so you might give it a try. Not that there's anything wrong with your compile, it's just so that the binary and the .desktop file end up in the "standard" places)

Quote
because this I added the line %admin   ALL=NOPASSWD:ALL to override the ask for a password by sudo - and strangelly the sudo firestarter begins to work

The stuff below is everything in my /etc/sudoers (except for the aliases):
Code: [Select]
root   ALL=(ALL) ALL
%users        ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,WIFI,SGINFO,FIRESTARTER
%users         ALL=VASM,HW2

Maybe your root line wasn't there or was commented??
If it looks similar, then I don't know what went on...
Title: Re: How to start Firestarter without root privileges?
Post by: Pai Mei on August 06, 2008, 07:46:34 pm
I found the Firestarter.desktop using slocate -i (thanks WCS), in

Code: [Select]
/usr/local/share/gnome/apps/Internet/firestarter.desktop
edited the firestarter.desktop with mcedit, added to line

Code: [Select]
Exec=sudo firestarter
Save,reboot, and... didn't work. Still need the root password. Don't know what's hapenning.

My /etc/sudoers was with the root line, not commented (there are some commented lines bellow, that came with sudoers file - like #wheel ALL=ALL (ALL) and #melvin can run..., but I didn't touch them). The trick, I see now, was the usr/local/bin/firestarter (I was following the firestarter guide, who says /usr/sbin or /usr/bin).

Anyway, I still try others things, but I appreciate the help WCS.
Title: Re: How to start Firestarter without root privileges?
Post by: wcs on August 06, 2008, 08:02:59 pm
Quote
Save,reboot, and... didn't work. Still need the root password. Don't know what's hapenning.

Very strange... you can do "sudo firestarter" from the Terminal and no need for password, but when you put it in the .desktop file it still asks for it ?!

I think I've seen this behavior once or twice before... sometimes the changes in the .desktop files don't seem to stick.
When this appened to me, I have fixed it by:
Moving the file to another location. The menu icon should have disappeared. Then logout and back in (just in case).
Then move the file again to its previous location. Logout, login. The icon should be there and with its new exec.

If it still doesn't work, repeat the procedure but put it in /usr/share/applications, which is the place where you'll find almost all .desktop files in xfce.
Title: Re: How to start Firestarter without root privileges?
Post by: Pai Mei on August 07, 2008, 04:55:59 pm
Thanks WCS for the "move fix"! It's works!

I moved the Firestarter.desktop to another location, logoff, login, put the file in the original location (/usr/local/share/gnome/apps/Internet/), logoff, login, go to System menu, click in the icon and...voilá! Firestarter doesn't ask for a password, and start minimized in tray bar (I added the parameter --start-hidden to see if works). :)

Thank very much for your help. Now I should consider (for my next compilations) to use packages from the repos (to avoid another problems, like files in non-standard locations).





Title: Re: How to start Firestarter without root privileges?
Post by: wcs on August 07, 2008, 05:08:42 pm
Good! You can edit the title of this thread to put [SOLVED] on it.
Title: Re: How to start Firestarter without root privileges? [SOLVED]
Post by: wcs on August 11, 2008, 01:25:08 am
Just one more thing.

Note that giving any user privilegies to run a firewall is NOT a good idea security-wise.

I'm doing it at the moment, because I'm silly, but the best thing is to make the firestarter rules persistent with a script and then having to input the root password for occasional changes.

I'm looking into this at the moment.
Title: Re: How to start Firestarter without root privileges? [SOLVED]
Post by: wcs on August 11, 2008, 05:17:47 am
So I've put the following line at the end of /etc/rc.d/rc.local:
Code: [Select]
/etc/firestarter/firestarter.sh start(it might be different in your installation because it went to /usr/local... perhaps /usr/local/etc/...)

This makes the previous firewall configuration start at boot.
Then I only use the firestarter GUI if I need to monitor or change something.

I removed the firestarter changes in /etc/sudoers (those two lines) and need to start it as root.

You can get rid of that annoying message when you click the icon and instead get a dialog to input root's password by changing the .desktop file to read:
Code: [Select]
Exec=vsuper firestarter
The more I think about it, the more it seems a bad idea to let a normal user change the configuration.

Anyway, maybe you knew all of this already  :)
Hope it helps.
Title: Re: How to start Firestarter without root privileges? [SOLVED]
Post by: Pai Mei on August 11, 2008, 06:32:10 pm
Great hint WCS, using:

Quote
Exec=vsuper firestarter

to ask me for root password and remove the root privileges of firestarter from sudoers.

I tried to add the line to the bottom of /etc/rc.d/rc.local like you said:

/usr/local/etc/firestarter/firestarter.sh start (my system path to firestarter.sh)

saved, reboot, but didn't work. Any hint?

But using Exec=vsuper firestarter in firestarter.sh is a great victory. Thanks WCS.
I will try to study the rc.local structure more to learn what is missing for me.



Title: Re: How to start Firestarter without root privileges? [SOLVED]
Post by: wcs on August 12, 2008, 01:35:09 pm
Are you sure?
Because running the script only means that the firewall is on.
You shouldn't see anything. Firestarter will not start, but your firestarter rules are operating.

To check, run status for that script:
Code: [Select]
/usr/local/etc/firestarter/firestarter.sh statusIt will tell you whether the firestarter firewall is on or not.

Also, type (as root):
Code: [Select]
iptables -LThat should give lots of firewall rules.

If it's NOT working, the iptables command will only show you this (with no specific rules for input and output):
Quote
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Then, when you need to monitor the firewall events or to make changes to your policy that's when you run firestarter from the icon (and put in your root password).
You close it again, but the rules are operating in the background and after you reboot they're always there, protecting your machine.

(another possibility is that you need to write "sh /usr/local/firestarter/firestarter.sh start"... check the command in a terminal and see if you need to write sh before or not).

Title: Re: How to start Firestarter without root privileges? [SOLVED]
Post by: Pai Mei on August 12, 2008, 05:21:57 pm
You are right, WCS. Firestarter is running in background. When I tipped (as root):

Quote
/usr/local/etc/firestarter/firestarter.sh status

the answer is:

Quote
Firestarter is running...

so  my computer is firewalled. The only thing is that the icon doesn't appear in tray bar, but knowing that firestarter is only a GUI to configure the IPTABLES, the absence of the icon at tray is a minor thing.

Thanks WCS for the help.