Hi, I need the proxy manager Nekoray to always start in sudo mode, so that I don’t need to enter the sudo password multiple times when using the program.
(I know this can be done in the terminal, but it is inconvenient, plus I would need to keep the respective terminal window open.)
(1) Is this possible in Fedora 40 Gnome?
(2) If it isn’t, how do I at least run Nekoray with sudo privileges at system start-up?
It sounds like you want to run a systemd service:
sudo tee /etc/systemd/system/nekoray.service << EOF > /dev/null
[Unit]
Description=Nekoray service
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/path/to/nekoray...
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl --now enable nekoray.service
Thank you.
This will create a systemd Nekoray service starting at Fedora startup, right?
I have executed the command, it was successful, but after a restart I ran Nekoray and it still requests a password.
(Just so I don’t sound too picky, I’ll explain – the program asks for the password three times, to turn on various network modes, which is quite annoying.)
Check the output:
systemctl status nekoray.service
systemctl cat nekoray.service
journalctl --no-pager -b -u nekoray.service
$ journalctl --no-pager -b -u nekoray.service
Oct 20 23:45:38 x270 systemd[1]: Started nekoray.service - Nekoray service.
Oct 20 23:45:38 x270 systemd[1]: nekoray.service: Main process exited, code=exited, status=203/EXEC
Oct 20 23:45:38 x270 systemd[1]: nekoray.service: Failed with result 'exit-code'.
$ systemctl status nekoray.service
× nekoray.service - Nekoray service
Loaded: loaded (/etc/systemd/system/nekoray.service; enabled; preset: disa>
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: failed (Result: exit-code) since Sun 2024-10-20 23:45:38 MSK; 8min>
Duration: 13ms
Process: 1441 ExecStart=/path/to/nekoray... (code=exited, status=203/EXEC)
Main PID: 1441 (code=exited, status=203/EXEC)
CPU: 1ms
Oct 20 23:45:38 x270 systemd[1]: Started nekoray.service - Nekoray service.
Oct 20 23:45:38 x270 systemd[1]: nekoray.service: Main process exited, code=exi>
Oct 20 23:45:38 x270 systemd[1]: nekoray.service: Failed with result 'exit-code>
lines 1-13/13 (END)
# /etc/systemd/system/nekoray.service
[Unit]
Description=Nekoray service
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/path/to/nekoray...
[Install]
WantedBy=multi-user.target
# /usr/lib/systemd/system/service.d/10-timeout-abort.conf
# This file is part of the systemd package.
# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer.
#
# To facilitate debugging when a service fails to stop cleanly,
# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
# the time allotted. This will cause the service to be terminated with SIGABRT
# and a coredump to be generated.
#
# To undo this configuration change, create a mask file:
# sudo mkdir -p /etc/systemd/system/service.d
# sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf
[Service]
TimeoutStopFailureMode=abort
lines 1-25
Which of the files should be executed?
/usr/lib64/nekoray/nekoray likely?
I’ve edited this file /etc/systemd/system/nekoray.service with ExecStart=/usr/lib64/nekoray/nekoray.
After a reboot, I ran the program and it requests a password.
$ journalctl --no-pager -b -u nekoray.service
Oct 21 00:13:35 x270 systemd[1]: Started nekoray.service - Nekoray service.
Oct 21 00:13:36 x270 nekoray[1452]: qt.qpa.xcb: could not connect to display
Oct 21 00:13:36 x270 nekoray[1452]: qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
Oct 21 00:13:36 x270 nekoray[1452]: This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.
Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.
Oct 21 00:13:36 x270 systemd[1]: nekoray.service: Main process exited, code=dumped, status=6/ABRT
Oct 21 00:13:36 x270 systemd[1]: nekoray.service: Failed with result 'core-dump'.
Thanks.
I’ll try creating a sudo cronjob for Nekoray and will get back here if I succeed.
To be clear, they recommend to set up sudoers, not cronjob.
In addition, there are arguments and flags for nekobox_core and nekoray_core that can be used to create the respective services.
Do you find it odd that Nekoray needs sudo privileges at all?
I’m kind of curious why they have an executable in lib64 and seemingly the whole file structure there 
I hope whatever that is has limited SELinux contexts! Not entirely sure how much that would matter with root though, and agree it doesn’t sound like a 3rd-party proxy manager would need root (I imagine it should be fine to set user-side network conf once you’re logged-in), unless you want it definitely system-wide?
I don’t know what Nekoray is exactly but it doesn’t sound like it needs nor should ever have system-wide root access.
It is an open source VPN client. Apparently developed in China. My uninformed guess is that, yes, it is supposed to take over all the traffic system-wide.
P.S. It is in two Fedora COPRs. Not sure if those things get revised at all.