Cannot start the script as root by doas without entering the password

one_time_user

New Member


Messages: 1

Hello. I have some Python script to get an OpenVpn file from VpnGate. Note that it starts OpenVPN by using bash (kind of external command in Python) inside to create a connection. I should say it works fine. But I would like to do it without entering any password to be able to engage a hotkey.

I'm Linux user (and intensely apologizing for that) who uses doas as main utility to execute command as root. I've built doas with "persist" support as well. Meanwhile, the reboot, for instance, is works in right way.

[ permit nopass gentoo as root cmd reboot ] (I don't know how to arrange any code here with correct displaying)

For OpenVpn I thought it's correct to set it up like

[ permit nopass gentoo as root cmd /usr/sbin/openvpn ] or on emergency [ permit nopass gentoo as root cmd /usr/bin/python3.9 ] (for Python script needs, according to my logic)

But all of this still requires the password. Thanks in advance.
 

cmoerz

Member

Reaction score: 15
Messages: 46

I might be completely off, but two things that stick out to me:
  1. Are you running doas as user gentoo (I do assume yes, just making sure)
  2. Are you running on FreeBSD (I assume yes, just making sure) - if so, your executable paths are probably incorrect; they'd need to be in /usr/local/sbin or /usr/local/bin for openvpn and python. Maybe that's what's causing you troubles?
 

scottro

Daemon

Reaction score: 836
Messages: 1,975

If you look at the manpage for doas.conf, it states that persist does not work with FreeBSD (or Linux, but it sounds as if it may work for you in Gentoo.) It doesn't work with FreeBSD. Otherwise, I think cmoerz is correct, the paths are different, in FreeBSD any third party package or port has its executable in /usr/local/bin, not /usr/bin.
 

monwarez

Active Member

Reaction score: 51
Messages: 123

You will have to edit /usr/local/etc/doas.conf (your path was not correct for python and openvpn)

Code:
permit nopass gentoo as root cmd reboot
permit nopass gentoo as root cmd /usr/local/sbin/openvpn
permit nopass gentoo as root cmd /usr/local/bin/python3.9

The persist option is to ask only once the password, but it is not implemented on FreeBSD.

PS: to put text in code block you can use [code]text[/code]
 
Last edited:

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 11,618
Messages: 37,958

Top