How can I run something that needs sudo at every login without having to do so manually?

I want to run openvpn every time I log on, but currently I run

sudo openvpn --config <myconfig> --auth-user-pass <user/pass>

every time. Is there a way to make it run that automatically and not need my password?

I could make it launch a terminal and run a script but is there a way that would not require me to type my password every time? Can I maybe give myself permissions to whatever openvpn needs so it doesn't need sudo? How do I find out what those permissions are? Is this the right place to ask?

I'm running KDE/Plasma 6 on Manjaro should that matter

edit: Thanks all! I'm going to try the systemd option, if I can't get that working I'll fall back to the cronjob option, and failing that changing openvpn to not need a password for sudo and launching a script at kde statup.

jadi,
@jadi@mastodon.social avatar

@ReCursing you can set your user to be able to run openvpn as root (sudo) without password
https://www.youtube.com/watch?v=rNxitwVtRvo

Supermariofan67,

For this in particular, look into setting up NetworkManager to do the openvpn configuration, it has that functionality built in. Otherwise, systemd unit file

tophneal,

I don’t use open VPN so I don’t know for sure, but I think you’re right as the best way to go. Pretty sure I recall Network Manager having an option to set a vpn to be always on when a network connection is made and an option to save credentials.

Andromeda,

The way I would do it is to change to the root user (sudo su), then set up a cron job (crontab -e). You don't need to use sudo in the cron job, so it would look like

@reboot openvpn --config <myconfig> --auth-user-pass <user/pass>

That will start openvpn at every reboot, and because it is in the root crontab it will run as root. This is probably the second best way. Making it a systemd service is arguably better, but I use a cron job to start things at reboot as root because for me it's easier - I don't have to look up or try to guess how to do it using systemd. Like many things in Linux, there are several ways to accomplish the same objective, and some of those ways are better for people with good memories!

ReCursing,
ReCursing avatar

I'm gonna try to sort a systemd service, if that doesn't work for any reason I'll use the cronjob option

tophneal,

A systemd service file can do this

ReCursing,
ReCursing avatar

That looks pretty straightforward. I'll look into doing that. And if I can;t make it work I'll go with the cron job option suggested by @Andromeda above

tophneal,

Actually OP, for the easiest, safest option to your system I would say @Supermariofan67 hit the nail on the head. Use your network manager settings: forum.manjaro.org/t/…/46298

If it’s not already installed there’s an openvpn plugin: software.manjaro.org/…/networkmanager-openvpn

Godort,

This is the way I would handle this.

MentalEdge,
@MentalEdge@sopuli.xyz avatar

Definitely the correct way to do this. And openvpn even ships some tools to make it simple to do.

I already linked to them in my other comment.

nieceandtows,

Yeah OP, look into this. It’s easy once you get the hang of it, and you don’t have to make your system vulnerable by making sudo password less.

exscape,
exscape avatar

You can make sudo password-less for a single command (including using specific arguments) though, so even if using sudo were the only solution, it wouldn't be that bad. For example, I have a sudoers entry that allows my user to decrypt my ZFS pool by executing a root-owned script (with permissions 700), but everything else requires a password.

MentalEdge, (edited )
@MentalEdge@sopuli.xyz avatar

This is what systemd is for.

Atemu,
@Atemu@lemmy.ml avatar

If you’re using NetworkManager, I’d recommend you to use it to create a VPN profile instead and connect to that on startup through the unprivileged nmcli.

UID_Zero,
@UID_Zero@infosec.pub avatar

Look into editing the sudoers file. Add a line that allows you to run openvpn with the NOPASSWD option.

I strongly recommend not using that for everything, just the specific commands you need to run non-interactively.

ReCursing,
ReCursing avatar

I didn't know that was an option! Sounds generally insecure but if the other options here don't work out this should solve it. Thanks!

UID_Zero,
@UID_Zero@infosec.pub avatar

It’s only as insecure as you make it. It’s an option, it needs to be used responsibly.

lurch,

AFAIK you can allow it in the sudoers file to not need a password, if you keep the sudo.

idk how KDE autostarts, tho.

AutumnSpark1226,
@AutumnSpark1226@lemmy.today avatar

Allowing only openvpn to run without password is possible: askubuntu.com/…/how-do-i-run-specific-sudo-comman…

e_t_,

Read the documentation on the sudoers file. You can specify particular commands to not require a password.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux
  • DreamBathrooms
  • magazineikmin
  • ngwrru68w68
  • mdbf
  • rosin
  • Youngstown
  • vwfavf
  • slotface
  • modclub
  • khanakhh
  • cubers
  • kavyap
  • thenastyranch
  • PowerRangers
  • provamag3
  • everett
  • Durango
  • InstantRegret
  • osvaldo12
  • tester
  • normalnudes
  • tacticalgear
  • ethstaker
  • GTA5RPClips
  • anitta
  • Leos
  • cisconetworking
  • megavids
  • All magazines
    •