VectorLinux
April 19, 2014, 02:01:26 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1] 2
  Print  
Author Topic: How to start Firestarter without root privileges? [SOLVED]  (Read 5001 times)
Pai Mei
Member
*
Posts: 8


Shaolin Vector User


« on: August 05, 2008, 05:14:27 pm »

Hello Vector Linux Community.

I installed Firestarter-1.0.3.tar.gz using (as a root): tar -zxvf firestarter...; ./configure; make; make install. Compilation and installation went ok, added a icon Firestarter in my Menu -> System -> Firestarter but when a click in this icon, appears the message: Insufficient privileges: You must have root privileges to use Firestarter. Cry
When I'm in a terminal with root (su;mypasswd; #firestarter) its starts; but with normal user ($ firestarter) appears the message (Insufficient privileges: You must have root privileges...)

I went to /usr/local/bin and tried (as root) chmod 777 firestarter - no change. Tried to edit sudoers (as root) by visudo, and added (like the firestarter manual said): myusername ALL= NOPASSWD: /usr/bin/firestarter in the bottom line - doesn't work. Tried also to add (using visudo): Cmnd_Alias FIRESTARTER=/usr/bin/firestarter and add to line
 %users  ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,PDMOUNT,SMBMOUNT,WIFI,FIRESTARTER and doesn't work.

So, anyone can help to make firestarter start when a click in its icon without a root password? (just like gKrellm of the system tab)?

I'm using Vector Linux 5.9 Gold and appreciate any help.
« Last Edit: August 07, 2008, 04:27:08 pm by Pai Mei » Logged

It's the wood that should fear your hand, not the other way around. No wonder you can't do it, you acquiesce to defeat before you even begin.
Pai Mei
Member
*
Posts: 8


Shaolin Vector User


« Reply #1 on: August 05, 2008, 05:19:48 pm »

Hello Vector Linux Community.

I installed Firestarter-1.0.3.tar.gz using (as a root): tar -zxvf firestarter...; ./configure; make; make install. Compilation and installation went ok, added a icon Firestarter in my Menu -> System -> Firestarter but when a click in this icon, appears the message: Insufficient privileges: You must have root privileges to use Firestarter. Cry
When I'm in a terminal with root (su;mypasswd; #firestarter) its starts; but with normal user ($ firestarter) appears the message (Insufficient privileges: You must have root privileges...)

I went to /usr/local/bin and tried (as root) chmod 777 firestarter - no change. Tried to edit sudoers (as root) by visudo, and added (like the firestarter manual said): myusername ALL= NOPASSWD: /usr/bin/firestarter in the bottom line - doesn't work. Tried also to add (using visudo): Cmnd_Alias FIRESTARTER=/usr/bin/firestarter and add to line
 %users  ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,PDMOUNT,SMBMOUNT,WIFI,FIRESTARTER and doesn't work.

So, anyone can help to make firestarter start when a click in its icon without a root password? (just like gKrellm of the system tab)?

I'm using Vector Linux 5.9 Gold and appreciate any help.
PS: excuse my bad english - I'm a brazilian user of Vector Linux.
Logged

It's the wood that should fear your hand, not the other way around. No wonder you can't do it, you acquiesce to defeat before you even begin.
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #2 on: August 05, 2008, 05:23:22 pm »

I think there's only one thing missing: change the command to "sudo firestarter --start-hidden" (if you want it to go to the system tray). Only the sudo was missing. You can change that in the firestarter desktop file in /usr/share/applications.

But before you do, try to start firestarter in that way from a console as a normal user to see if it works.

Everything else seems right to me (adding /usr/bin/firestarter in your username and the alias FIRESTARTER for all users is probably redundant, but it doesn't create problems).
Logged
Pai Mei
Member
*
Posts: 8


Shaolin Vector User


« Reply #3 on: August 05, 2008, 05:36:14 pm »

I tried sudo firestarter --start-hidden,in a normal terminal, but there a strange fact (in my Vector Linux): my sudo password doens't match with my su password. You can think that I make something wrong, but the fact is this; so I can't use the sudo properlly cause I don't know what password its want (if it is my root password or my user password) - so a use su instead (and works for firestarter; sudo doesn work because I don't know what password to type). I know that is a newbie error, but i used Ubuntu, Kurumin (brazilian-debbian-based distro) and others, and the sudo password always was the same as the root (su) password.

Also, I tried to find the firestarter desktop file in /usr/share/applications but there no sign of the firestarter file (Huh) - so I can't modify it.

But I thank you WCS for fast repply to my doubt.

PS: excuse for my bad english.
« Last Edit: August 05, 2008, 06:30:13 pm by Pai Mei » Logged

It's the wood that should fear your hand, not the other way around. No wonder you can't do it, you acquiesce to defeat before you even begin.
bigpaws
Vectorian
****
Posts: 1831


« Reply #4 on: August 05, 2008, 07:09:47 pm »

This document will help:

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo

Bigpaws
Logged
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #5 on: August 06, 2008, 02:29:31 am »

That's strange. Once you put the FIRESTARTER alias in the %users ALL=NOPASSWD line in /etc/sudoers, typing "sudo firestarter" should start it without asking you for a password. Does it still ask for it?
Maybe I'm missing something.
Logged
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #6 on: August 06, 2008, 03:26:55 am »

I just tried it myself and it seems to work fine.
Here are the two relevant lines in my /etc/sudoers:

Code:
Cmnd_Alias      FIRESTARTER=/usr/bin/firestarter
%users             ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,WIFI,SGINFO,FIRESTARTER

"sudo firestarter" from the command line starts it with no password.

If it works, edit the launcher in /usr/share/gnome/apps/Internet/Firestarter.desktop (it's a Gnome app, so it seems to be here).
Logged
Pai Mei
Member
*
Posts: 8


Shaolin Vector User


« Reply #7 on: August 06, 2008, 04:36:53 pm »

Some weird things happens - I solved some problems, others no. I will relate, step-by-step, for someone understand how this thing is going on:

1) According WCS repply, I added (and modified) the followings lines in visudo:

Cmnd_Alias      FIRESTARTER=/usr/local/bin/firestarter     

%users ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,
WIFI,SGINFO,FIRESTARTER


(used /usr/local/bin/firestarter because the whereis command told me that firestarter is here...)

Results: no change... BUT I added (in sequence) the following line to sudoers files (via visudo):
%admin   ALL=NOPASSWD:ALL

then I can, in a terminal, do sudo firestarter without the ask of a password - and it works!

2) Next, I commented the line in sudoers file: %admin   ALL=NOPASSWD:ALL (#%admin   ALL=NOPASSWD:ALL), and do sudo firetarter, or sudo firestarter --start-hidden still works without asking my sudo password (so the hint of WCS worked). Thanks WCS!

Ok... First problem solved.

The only problem left (that I consider a small problem) is that the firestarter icon on menu System, when clicked, still says "Insufficient privileges: You must have root privileges to use Firestarter" (but I can do it by a terminal window, using sudoHuh). If anyones know how to fix this, I appreciate some help.

Don't find the firestarter launcher in /usr/share/gnome/apps/Internet/Firestarter.desktop, WCS, because there is no apps folder in usr/share/gnome - I assume that is because I'm using XFCE (in Vector 5.9 Gold)  and doesn't installed full desktop gnome (only the necessary deppendecies to run firestarter).

bigpaws: I read the topic that you send, - it's helped a lot to understand the su, sudo and groups structures and uses. Thanks. But I still don't understand why my sudo password is diferrent from my su password - because this I added the line %admin   ALL=NOPASSWD:ALL to override the ask for a password by sudo - and strangelly the sudo firestarter begins to work... Maybe I miss something (not my root or user password, since I modified it (by VASM) to test if was some restrition for them (size,characters,etc) and no problems - except the problem for sudo password). There is something missing, I think. I will try more things later.

Anyway, thanks WCS and bigpaws for the repplies.
Logged

It's the wood that should fear your hand, not the other way around. No wonder you can't do it, you acquiesce to defeat before you even begin.
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #8 on: August 06, 2008, 05:25:06 pm »

Quote
Don't find the firestarter launcher in /usr/share/gnome/apps/Internet/Firestarter.desktop, WCS, because there is no apps folder in usr/share/gnome

It's gotta be somewhere...  Smiley Search for it with find or slocate:
Code:
slocate -u (as root)
slocate -i firestarter.desktop
Once you find it change the exec line to "sudo firestarter". That should allow you to start it from the icon without a password.

(I've packaged firestarter for the repositories. It should be in the testing repo soon, so you might give it a try. Not that there's anything wrong with your compile, it's just so that the binary and the .desktop file end up in the "standard" places)

Quote
because this I added the line %admin   ALL=NOPASSWD:ALL to override the ask for a password by sudo - and strangelly the sudo firestarter begins to work

The stuff below is everything in my /etc/sudoers (except for the aliases):
Code:
root   ALL=(ALL) ALL
%users        ALL=NOPASSWD:SHUTDOWN,DIAL,SERVER,HW1,MOUNT1,SGMAP,PDMOUNT,SMBMOUNT,WIFI,SGINFO,FIRESTARTER
%users         ALL=VASM,HW2

Maybe your root line wasn't there or was commented??
If it looks similar, then I don't know what went on...
Logged
Pai Mei
Member
*
Posts: 8


Shaolin Vector User


« Reply #9 on: August 06, 2008, 06:46:34 pm »

I found the Firestarter.desktop using slocate -i (thanks WCS), in

Code:
/usr/local/share/gnome/apps/Internet/firestarter.desktop

edited the firestarter.desktop with mcedit, added to line

Code:
Exec=sudo firestarter

Save,reboot, and... didn't work. Still need the root password. Don't know what's hapenning.

My /etc/sudoers was with the root line, not commented (there are some commented lines bellow, that came with sudoers file - like #wheel ALL=ALL (ALL) and #melvin can run..., but I didn't touch them). The trick, I see now, was the usr/local/bin/firestarter (I was following the firestarter guide, who says /usr/sbin or /usr/bin).

Anyway, I still try others things, but I appreciate the help WCS.
Logged

It's the wood that should fear your hand, not the other way around. No wonder you can't do it, you acquiesce to defeat before you even begin.
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #10 on: August 06, 2008, 07:02:59 pm »

Quote
Save,reboot, and... didn't work. Still need the root password. Don't know what's hapenning.

Very strange... you can do "sudo firestarter" from the Terminal and no need for password, but when you put it in the .desktop file it still asks for it ?!

I think I've seen this behavior once or twice before... sometimes the changes in the .desktop files don't seem to stick.
When this appened to me, I have fixed it by:
Moving the file to another location. The menu icon should have disappeared. Then logout and back in (just in case).
Then move the file again to its previous location. Logout, login. The icon should be there and with its new exec.

If it still doesn't work, repeat the procedure but put it in /usr/share/applications, which is the place where you'll find almost all .desktop files in xfce.
Logged
Pai Mei
Member
*
Posts: 8


Shaolin Vector User


« Reply #11 on: August 07, 2008, 03:55:59 pm »

Thanks WCS for the "move fix"! It's works!

I moved the Firestarter.desktop to another location, logoff, login, put the file in the original location (/usr/local/share/gnome/apps/Internet/), logoff, login, go to System menu, click in the icon and...voilá! Firestarter doesn't ask for a password, and start minimized in tray bar (I added the parameter --start-hidden to see if works). Smiley

Thank very much for your help. Now I should consider (for my next compilations) to use packages from the repos (to avoid another problems, like files in non-standard locations).





Logged

It's the wood that should fear your hand, not the other way around. No wonder you can't do it, you acquiesce to defeat before you even begin.
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #12 on: August 07, 2008, 04:08:42 pm »

Good! You can edit the title of this thread to put [SOLVED] on it.
Logged
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #13 on: August 11, 2008, 12:25:08 am »

Just one more thing.

Note that giving any user privilegies to run a firewall is NOT a good idea security-wise.

I'm doing it at the moment, because I'm silly, but the best thing is to make the firestarter rules persistent with a script and then having to input the root password for occasional changes.

I'm looking into this at the moment.
Logged
wcs
Packager
Vectorian
****
Posts: 1144


« Reply #14 on: August 11, 2008, 04:17:47 am »

So I've put the following line at the end of /etc/rc.d/rc.local:
Code:
/etc/firestarter/firestarter.sh start
(it might be different in your installation because it went to /usr/local... perhaps /usr/local/etc/...)

This makes the previous firewall configuration start at boot.
Then I only use the firestarter GUI if I need to monitor or change something.

I removed the firestarter changes in /etc/sudoers (those two lines) and need to start it as root.

You can get rid of that annoying message when you click the icon and instead get a dialog to input root's password by changing the .desktop file to read:
Code:
Exec=vsuper firestarter

The more I think about it, the more it seems a bad idea to let a normal user change the configuration.

Anyway, maybe you knew all of this already  Smiley
Hope it helps.
Logged
Pages: [1] 2
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!