Page 1 of 1

Can I start/stop my vpn without a password?

PostPosted: Sep 29th, '13, 02:00
by mark9117
I am using the vpn connection manager in the network-applet to start and stop my vpn. Whenever I toggle the vpn on or off, I have to enter a root password. I assumed this was related to a requirement that openvpn run with root permissions, so I added this to sudoers:

Code: Select all
my_user  ALL=(root) NOPASSWD: /usr/sbin/openvpn


The more experienced of you will probably realize that this didn't resolve my issue, and in fact, it did nothing.

Is there a way to toggle my vpn connection without having to deal with a root password?

Thanks.

Mark

Re: Can I start/stop my vpn without a password?

PostPosted: Sep 29th, '13, 13:51
by doktor5000
You want to change the authentication for net_applet / drakvpn, as that's what you're clicking at when starting/stopping VPN connections, no?
As root via
Code: Select all
draksec
change the value for VPN to what you want?

Re: Can I start/stop my vpn without a password?

PostPosted: Oct 4th, '13, 07:17
by mark9117
doktor5000 wrote:You want to change the authentication for net_applet / drakvpn, as that's what you're clicking at when starting/stopping VPN connections, no?
As root via
Code: Select all
draksec
change the value for VPN to what you want?


That doesn't work. I've set everything under Networking in draksec to "no password" and it still asks me to authenticate as root when I try to start/stop my vpn.

It does not appear to be drakvpn - drakvpn is the applet that allows you to configure the vpn. I have it configured, I just want to use the net-applet to toggle the vpn on/off.

Thanks anyway.

Mark

Re: Can I start/stop my vpn without a password?

PostPosted: Oct 4th, '13, 21:46
by doktor5000
If you look at the process tree of net_applet with e.g. watch -n 1 you'll see that it launches drakvpn via consolehelper-gtk and usermode if you click on VPN connection -> manage VPN connection. Maybe you should do the same and check what it runs when you select a VPN connection.
Code: Select all
watch -n 1 pstree $(pgrep net_applet)


Which desktop where you running? And was that a fresh install, or an upgrade? Sorry can't remember anymore ...

Re: Can I start/stop my vpn without a password?

PostPosted: Oct 5th, '13, 06:16
by mark9117
doktor5000 wrote:If you look at the process tree of net_applet with e.g. watch -n 1 you'll see that it launches drakvpn via consolehelper-gtk and usermode if you click on VPN connection -> manage VPN connection. Maybe you should do the same and check what it runs when you select a VPN connection.
Code: Select all
watch -n 1 pstree $(pgrep net_applet)


Which desktop where you running? And was that a fresh install, or an upgrade? Sorry can't remember anymore ...


Okay, thanks for that tip.

Here's what I'm getting:

Code: Select all
net_applet-+-consolehelper-g-+-userhelper
           |                 `-2*[{consolehelper-g}]
           `-{net_applet}


Not sure what that means. Seems to implicate userhelper, whatever that is.

I'm doing all this under KDE. The install was new in May or so. 3.8.13.4-server-1.mga3 #1 SMP Thu Jul 4 14:13:28 UTC 2013 i686 i686 i686 GNU/Linux

Mark

Enabling/disabling VPN without root password

PostPosted: Oct 23rd, '13, 18:41
by mailedfist
I'm sure this must be possible, because an alternative issue with Mandriva and wireless is long since fixed, but I can't remember how.

I've recently set up a VPN connection which can be turned on and off using NetApplet. However, one needs to enter the root password to turn it on and off. This is undesirable for the use case that it is intended for. What do I need to do please to allow normal users to enable and disable the VPN?

Re: Can I start/stop my vpn without a password?

PostPosted: Oct 23rd, '13, 21:02
by doktor5000
Merged into existing thread.

You should report it as a bug if changing this via draksec doesn't have the expected result.

Re: Can I start/stop my vpn without a password?

PostPosted: Oct 24th, '13, 16:36
by wintpe
i see this also, it asks me for a password, but if i just hit enter and
ignore the password prompt, after using draksec as suggested, it starts or stops it.

seems the password prompt is being called, but the password is not actually required.

regards peter

Re: Can I start/stop my vpn without a password?

PostPosted: Oct 24th, '13, 20:46
by doktor5000
I'm not sure about this, but could be a problem with either /etc/security/console.apps/drakvpn or the integration with consolehelper (which implements the password prompt, see below)

Code: Select all
[doktor5000@localhost ~]$ cat /etc/security/console.apps/drakvpn
USER=root
PROGRAM=/usr/sbin/drakvpn
FALLBACK=false
SESSION=true
[doktor5000@localhost ~]$ ls -al /usr/bin/drakvpn
lrwxrwxrwx 1 root root 27 Sep 28 21:14 /usr/bin/drakvpn -> ../../usr/bin/consolehelper*
[doktor5000@localhost ~]$ ls -al /usr/sbin/drakvpn                                                                                                       
-rwxr-xr-x 1 root root 407 Aug 21 18:09 /usr/sbin/drakvpn*
[doktor5000@localhost ~]$