How can I run something that needs sudo at every login without having to do so manually?

ReCursing@kbin.social to Linux@kbin.social – 3 points –

I want to run openvpn every time I log on, but currently I run

sudo openvpn --config <myconfig> --auth-user-pass <user/pass>

every time. Is there a way to make it run that automatically and not need my password?

I could make it launch a terminal and run a script but is there a way that would not require me to type my password every time? Can I maybe give myself permissions to whatever openvpn needs so it doesn't need sudo? How do I find out what those permissions are? Is this the right place to ask?

I'm running KDE/Plasma 6 on Manjaro should that matter

edit: Thanks all! I'm going to try the systemd option, if I can't get that working I'll fall back to the cronjob option, and failing that changing openvpn to not need a password for sudo and launching a script at kde statup.

15

This is the way I would handle this.

Yeah OP, look into this. It's easy once you get the hang of it, and you don't have to make your system vulnerable by making sudo password less.

You can make sudo password-less for a single command (including using specific arguments) though, so even if using sudo were the only solution, it wouldn't be that bad. For example, I have a sudoers entry that allows my user to decrypt my ZFS pool by executing a root-owned script (with permissions 700), but everything else requires a password.

That looks pretty straightforward. I'll look into doing that. And if I can;t make it work I'll go with the cron job option suggested by @Andromeda above

For this in particular, look into setting up NetworkManager to do the openvpn configuration, it has that functionality built in. Otherwise, systemd unit file

I don’t use open VPN so I don’t know for sure, but I think you’re right as the best way to go. Pretty sure I recall Network Manager having an option to set a vpn to be always on when a network connection is made and an option to save credentials.

AFAIK you can allow it in the sudoers file to not need a password, if you keep the sudo.

idk how KDE autostarts, tho.

Look into editing the sudoers file. Add a line that allows you to run openvpn with the NOPASSWD option.

I strongly recommend not using that for everything, just the specific commands you need to run non-interactively.

I didn't know that was an option! Sounds generally insecure but if the other options here don't work out this should solve it. Thanks!

It's only as insecure as you make it. It's an option, it needs to be used responsibly.

Read the documentation on the sudoers file. You can specify particular commands to not require a password.

If you're using NetworkManager, I'd recommend you to use it to create a VPN profile instead and connect to that on startup through the unprivileged nmcli.