root


Anonabox Pro – Set Root Password On Initial Setup

The following video demonstrates how to setup the root password for a new (or recently flashed) Anonabox Pro.

  1. Connect to the device via the LAN Ethernet port.
    It has a DHCP server by default so you do not need to configure the IP.
    After you get connected, go to the default location of the device interface, which is http://192.168.19.84:1776/.
  2. After the interface loads, click on the Login button without entering a password (if you enter one, it will be ignored).
  3. Then go to the top menu System and select the option Administration
  4. At the new page, under the category Router Password enter the password you wish to use both at the Password and Confirmation fields.
  5. Finally, click on the Save & Apply button and wait for the changes to get applied, a confirmation message will appear at the top of the page under the top menu.
Advertisements

Start Arduino IDE as root on Fedora / Allow root to start an X application

Solution

Execute the following as a normal user

xhost +si:localuser:root;
sudo ./arduino;

Background Story and More Information

Recently we needed to start the official Arduino IDE as root on Fedora to allow the application to take control of the serial port.
We were getting the following error whenever we tried to upload the application to the board:

processing.app.debug.RunnerException
 at cc.arduino.packages.uploaders.SerialUploader.uploadUsingPreferences(SerialUploader.java:160)
 at cc.arduino.UploaderUtils.upload(UploaderUtils.java:78)
 at processing.app.SketchController.upload(SketchController.java:713)
 at processing.app.SketchController.exportApplet(SketchController.java:686)
 at processing.app.Editor$DefaultExportHandler.run(Editor.java:2168)
 at java.lang.Thread.run(Thread.java:748)
Caused by: processing.app.SerialException: Error touching serial port '/dev/ttyACM0'.
 at processing.app.Serial.touchForCDCReset(Serial.java:107)
 at cc.arduino.packages.uploaders.SerialUploader.uploadUsingPreferences(SerialUploader.java:144)
 ... 5 more
Caused by: jssc.SerialPortException: Port name - /dev/ttyACM0; Method name - openPort(); Exception type - Permission denied.
 at jssc.SerialPort.openPort(SerialPort.java:170)
 at processing.app.Serial.touchForCDCReset(Serial.java:101)
 ... 6 more

So, we tried to start the arduino IDE using root and got another error:

[[email protected] bin]$ sudo ./arduino;
[sudo] password for george: 
No protocol specified
Picked up JAVA_TOOL_OPTIONS: 
No protocol specified
java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.
	at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
	at sun.awt.X11GraphicsEnvironment.access$200(X11GraphicsEnvironment.java:65)
	at sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java:115)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.awt.X11GraphicsEnvironment.(X11GraphicsEnvironment.java:74)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:264)
	at java.awt.GraphicsEnvironment.createGE(GraphicsEnvironment.java:103)
	at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvironment.java:82)
	at sun.awt.X11.XToolkit.(XToolkit.java:126)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:264)
	at java.awt.Toolkit$2.run(Toolkit.java:860)
	at java.awt.Toolkit$2.run(Toolkit.java:855)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:854)
	at java.awt.SystemColor.updateSystemColors(SystemColor.java:473)
	at java.awt.SystemColor.(SystemColor.java:465)
	at processing.app.Theme.init(Theme.java:84)
	at processing.app.Base.(Base.java:219)
	at processing.app.Base.main(Base.java:144)

This error occurred because the default configuration of the X server permissions did not allow the root to connect to it.
To verify this, we used xhost (the X server access control program) to check the permissions.
Executing xhost with no command line arguments gave us a message indicating whether or not access control was currently enabled, followed by the list of those users allowed to connect.
For example in our case the output was as follows:

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:george

To add root to the list of users that was allowed to start an X application we executed the following command:

[[email protected] bin]$ xhost +si:localuser:root
localuser:root being added to access control list

Executing xhost again, we got the updated list which included the root

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:root
SI:localuser:george

After this, we were able to start arduino IDE using sudo with no problems.

[[email protected] bin]$ sudo ./arduino;

Note: This patch is not permanent, we actually execute it once at every restart of the machine.


Start CLion as root on Fedora 1

Solution

Execute the following as a normal user

xhost +si:localuser:root;
sudo ./clion.sh;

Background Story and More Information

Recently we needed to start CLion as root on Fedora to allow the application we were developing to bind the DHCP service of the system.
When we tried to start CLion as root we got the following error:

java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.

Specifically, the whole error log was as follows:

[[email protected] bin]$ sudo ./clion.sh 
[sudo] password for george: 
No protocol specified

Start Failed: Failed to initialize graphics environment

java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.
    at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
    at sun.awt.X11GraphicsEnvironment.access$200(X11GraphicsEnvironment.java:65)
    at sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java:115)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:74)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:264)
    at java.awt.GraphicsEnvironment.createGE(GraphicsEnvironment.java:103)
    at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvironment.java:82)
    at sun.awt.X11.XToolkit.<clinit>(XToolkit.java:126)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:264)
    at java.awt.Toolkit$2.run(Toolkit.java:860)
    at java.awt.Toolkit$2.run(Toolkit.java:855)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:854)
    at java.awt.Toolkit.getEventQueue(Toolkit.java:1734)
    at java.awt.EventQueue.isDispatchThread(EventQueue.java:1043)
    at javax.swing.SwingUtilities.isEventDispatchThread(SwingUtilities.java:1361)
    at javax.swing.text.StyleContext.reclaim(StyleContext.java:454)
    at javax.swing.text.StyleContext.addAttribute(StyleContext.java:311)
    at javax.swing.text.html.StyleSheet.addAttribute(StyleSheet.java:578)
    at javax.swing.text.StyleContext$NamedStyle.addAttribute(StyleContext.java:1501)
    at javax.swing.text.StyleContext$NamedStyle.setName(StyleContext.java:1312)
    at javax.swing.text.StyleContext$NamedStyle.<init>(StyleContext.java:1259)
    at javax.swing.text.StyleContext.addStyle(StyleContext.java:107)
    at javax.swing.text.StyleContext.<init>(StyleContext.java:87)
    at javax.swing.text.html.StyleSheet.<init>(StyleSheet.java:166)
    at javax.swing.text.html.HTMLEditorKit.getStyleSheet(HTMLEditorKit.java:391)
    at com.intellij.util.ui.UIUtil.<clinit>(UIUtil.java:102)
    at com.intellij.ide.plugins.PluginManager.start(PluginManager.java:73)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.ide.Bootstrap.main(Bootstrap.java:39)
    at com.intellij.idea.Main.main(Main.java:81)

This error occurred because the default configuration of the X server permissions did not allow the root to connect to it.
To verify this, we used xhost X server access control program to check the permissions.
Executing xhost with no command line arguments gave us a message indicating whether or not access control was currently enabled, followed by the list of those users allowed to connect.
For example in our case the output was as follows:

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:george

To add root to the list of users that was allowed to start an X application we executed the following command:

[[email protected] bin]$ xhost +si:localuser:root
localuser:root being added to access control list

Executing xhost again, we got the updated list which included the root

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:root
SI:localuser:george

After this, we were able to start CLion using sudo with no problems.

[[email protected] bin]$ sudo ./clion.sh

Note: This patch is not permanent, we actually execute it once at every restart of the machine.


Fedora and CentOS GNU/Linux: Add an existing user to the Sudoers list

So, you are a system administrator on a Fedora or a CentOS GNU/Linux machine and a user requests that you upgrade their account to allow the execution of privileged commands using sudo.

Warning

Be very careful to which users you give this right!
Being in the Sudoers list allows particular users to run various commands as the root user, without needing the root password.
Assuming that the user has a valid reason for you to add them to the Sudoers list, proceed with the commands below:

Using sudo

If you are using an account that is already in the Sudoers list and you want to allow the account useraccount to use sudo, execute the following

sudo chmod +w /etc/sudoers
sudo echo 'useraccount ALL=(ALL) ALL ' >> /etc/sudoers
sudo chmod -w /etc/sudoers

Using the root account

If you are using the root user account and you want to allow the account useraccount to use sudo, execute the following

chmod +w /etc/sudoers
echo 'useraccount ALL=(ALL) ALL ' >> /etc/sudoers
chmod -w /etc/sudoers

Notes

The /etc/sudoers file must have very limited access rights for it to be valid.

The system expects that:

  • it will be owned by the root user
  • it will belong to the group root
  • it has only that read access right
  • the read access right belongs only to the owner and to the group

For this reason we first use chmod +w to enable the right access on the file, then we append at the end of the file our configuration using echo >> and finally we remove the write access using chmod -w.

In case you are wondering how the file should be, using ls -l it should appear as follows:

ls -l /etc/sudoers
-r--r-----. 1 root root 3762 Oct 19 13:21 /etc/sudoers

If for some reason your file does not have these access rights, you can repair the file access right of your /etc/sudoers file using

sudo chmod 440 /etc/sudoers

Bonus

No password

Using the above method, it will prompt the user to enter their account password when they first want to use a sudo command after some time of inactivity.

In case you want the user to execute sudo without using a password at all (which is dangerous and definitely not recommended) use the following code

chmod +w /etc/sudoers
echo 'useraccount ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
chmod -w /etc/sudoers

The NOPASSWD directive in the echo command will instruct the system to not ask for a password when sudo is needed.

A valid occasion for you to allow this would be to allow an automated script to perform some tasks that require elevated privileges without the need to have the password hardcoded in the script not having to get the user involved each time in the process.

Adding a whole group to the sudoers list

Assuming you want enable all users of a specific group to execute sudo commands

Using sudo

If you are using an account that is already in the Sudoers list and you want to allow all the users of the user group usergroup to use sudo, execute the following

sudo chmod +w /etc/sudoers
sudo echo '%usergroup ALL=(ALL) ALL ' >> /etc/sudoers
sudo chmod -w /etc/sudoers

Same thing without a password

sudo chmod +w /etc/sudoers
sudo echo '%usergroup ALL=(ALL) NOPASSWD: ALL ' >> /etc/sudoers
sudo chmod -w /etc/sudoers

Using the root account

If you are using the root user account and you want to allow all the users of the user group usergroup to use sudo, execute the following

chmod +w /etc/sudoers
echo '%usergroup ALL=(ALL) ALL ' >> /etc/sudoers
chmod -w /etc/sudoers

Same thing without a password

chmod +w /etc/sudoers
echo '%usergroup ALL=(ALL) NOPASSWD: ALL ' >> /etc/sudoers
chmod -w /etc/sudoers