run root command at startup without systemd [Solved]

[shmu26]

I run a qemu virtual machine after login, but before I can start it up, I need to run the command

Code: Select all

sudo virsh net-start default

If I run

Code: Select all

virsh net-autostart default

then the session does not load properly. The desktop gets mangled and frozen.

So I want it to autostart with a delay.

[shmu26]

4 steps:

1 allow this process

Code: Select all

/usr/bin/virsh 

to run as root without password prompt as described here:
https://askubuntu.com/questions/159007/ ... a-password
Don't forget to write in the sudoers file the full path of the process: /usr/bin/virsh
But you don't write the command, just the process with path.

2 Create a startup script:

Code: Select all

#!/bin/bash
sleep 8 && sudo virsh net-start default

3 Set the script to be executable

4 Set the script to run at login:
System settings/Startup and shutdown/Autostart/Add/Add login script

[RedSnt]

4 steps:

1 allow this process

Code: Select all

/usr/bin/virsh 

to run as root without password prompt as described here:
https://askubuntu.com/questions/159007/ ... a-password
Don't forget to write in the sudoers file the full path of the process: /usr/bin/virsh
But you don't write the command, just the process with path.

2 Create a startup script:

Code: Select all

#!/bin/bash
sleep 8 && sudo virsh net-start default

3 Set the script to be executable

4 Set the script to run at login:
System settings/Startup and shutdown/Autostart/Add/Add login script

Thanks for this.

I preferred having my autostart app open in a terminal so I just added the script as an app, then clicked the 'open file dialogue' and chose my .sh file, then under terminal options chose 'run in terminal'.

I wish one could restrict the use of this further though, or done in another way, because I had to run a java application on startup that I've installed in /opt/, and giving java nopasswd sudo access seems risky.

[DukeComposed]

I wish one could restrict the use of this further, or done in another way, because I had to run a java application on startup that I've installed in /opt/, and giving java nopasswd sudo access seems risky.

sudo is meant to run a program as root. You typically run a program as root because it's necessary to make some kind of change to the system or use a low-level system resource, like a reserved port. If you don't want java running as root, don't use sudo.

Otherwise, consider running the java process with something like firejail, which allows you to restrict the resources it can access. This creates a chicken and egg problem, because you need to run firejail with elevated permissions in order for it be able to take those permissions away from another root process.

[dolphin_oracle]

you could just add the command /etc/rc.local, above the exit 0 line. this file gets processed by both sysVinit and systemd, and runs as root not user.

[RedSnt]

I wish one could restrict the use of this further, or done in another way, because I had to run a java application on startup that I've installed in /opt/, and giving java nopasswd sudo access seems risky.

sudo is meant to run a program as root. You typically run a program as root because it's necessary to make some kind of change to the system or use a low-level system resource, like a reserved port. If you don't want java running as root, don't use sudo.

Otherwise, consider running the java process with something like firejail, which allows you to restrict the resources it can access. This creates a chicken and egg problem, because you need to run firejail with elevated permissions in order for it be able to take those permissions away from another root process.

Thanks for the firejail recommendation, I'll look into that. Luckily dolphin_oracle's recommendation works fine for me, and instead of launching the application in a terminal after KDE has launched, I'm just using "tail -f file.log" which is good enough for my use case.

Launching scripts requiring sudo from /etc/rc.local is a great tip! Sorry for hijacking the thread.

EDIT: Editing instead of necroing this thread: I found that since what I was launching, a DNS proxy that needs to run all the time while the computer is on, that it was easier to add the script in roots cron table (MX Job Scheduler -> File -> Start as root) as a @reboot job. The reason why this is better is that a script running all the time blocks the X11 virtual consoles, which is no bueno. I looked into creating a init.d daemon script and found a good enough example on how to do it, but I'm just not certain they get run with elevated privileges..