LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-08-2019, 02:47 PM   #1
A Traveller
LQ Newbie
 
Registered: Nov 2009
Posts: 14

Rep: Reputation: 1
How to use veracrypt without needing root?


Hi all.

Please see the link below for info on what I wish to achieve.

https://www.pclinuxos.com/forum/inde...,149247.0.html

One of the bits of advice given in reply to the above post was "If you want to use veracrypt, then investigate how to set up sudo for it to allow it to run from your normal account."

I consequently searched the web and found the following post, which seemed relevant, so I followed the instructions and replaced the word 'truecrypt' with 'veracrypt, i.e. the following code.

# chmod 4755 /usr/bin/veracrypt

After doing this, now veracrypt won't even load from the normal terminal. It gives me the following error.

(process:13268): Gtk-WARNING **: 19:31:12.868: This process is currently running setuid or setgid.
This is not a supported use of GTK+. You must create a helper
program instead. For further details, see:

http://www.gtk.org/setuid.html

Refusing to initialize GTK+.


I then tried to fix this by searching the web again and using the following code, but I am still getting the same error.

chmod u+s /usr/bin/veracrypt

Does anyone know how I can get it back to how it was and if so, what the correct way is of achieving what I am looking for?

Any help would be most appreciated as I have NO idea what I'm doing!

Thanks.
 
Old 06-10-2019, 01:00 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,820
Blog Entries: 15

Rep: Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664
You got the same error after chmod because you were doing essentially the same thing. You can set permissions with octal values (e.g. 4755) or by specifying user/group/other and special bit (e.g. u+s).

You're trying to run a GUI version of veracrypt using setuid/setgid and GTK+ tells you it doesn't allow that.

You could add your program to sudoers (see visudo command) for specific user (e.g. your own login) then run the program with "sudo /usr/bin/veracrypt". That tells it to run as the root user which is not exactly the same as putting the setuid/setgid bit on veracrypt itself. You might run into other issues with DISPLAY and XAUTHORITY if they were set by your login.

Alternatively it appears you can do non-GUI version of veracrypt. Try doing "unset DISPLAY" and see if you get the same error when running veracrypt.

In general putting setuid/setgid on programs is a bad idea. It should be done very seldom. It is better to run things as non-root users if they allow it or if not to run them via sudo which at least requires the password to be re-entered and only gives access to the commands desired.

I haven't used veracrypt myself so can't offer much other assistance.
 
1 members found this post helpful.
Old 06-12-2019, 02:51 PM   #3
A Traveller
LQ Newbie
 
Registered: Nov 2009
Posts: 14

Original Poster
Rep: Reputation: 1
Thanks for your reply, MensaWater.

I have searched for info on your suggestion of 'unset display' and still don't understand what it does exactly. I don't want to risk my computer not working altogether as I don't have the knowledge to fix things if they go wrong, which as you can see is my current situation.

So I take it there is no recommended method to have full access to files through a program that can only be opened by entering the administrator/root password, whether Veracrypt or anything else. I tried changing the permissions in 'Properties' to 'nobody' and 'no group' and also my log in username, but that, nor 'root' allows the files to be cut and paste elsewhere.

Last edited by A Traveller; 06-12-2019 at 02:53 PM.
 
Old 06-12-2019, 03:10 PM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,820
Blog Entries: 15

Rep: Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664Reputation: 1664
Quote:
Originally Posted by A Traveller View Post
I have searched for info on your suggestion of 'unset display' and still don't understand what it does exactly.
1) unset DISPLAY (NOT "unset display" - Linux is case sensitive).

2) The DISPLAY variable is used by X-Windows (GUI) applications to tell them where to show the GUI. You can see its current value by typing "echo $DISPLAY". Many applications check to see if you're capable of GUI by examining the setting of DISPLAY variable. If it is not set the applications usually assume you can only do character/text based work on your terminal and won't try to run the GUI.

Typing "unset DISPLAY" in your current terminal removes the value that was "set" (if any). It only "unsets" it for the current terminal session so has no impact on global setup or other terminal sessions that might be running.

You can get it "set" again simply by logging out and logging back in. The initial "set" of display might be in a system profile (global or local to the user) or might be generated by how you attached to the terminal (e.g. in PuTTY if one enables X-11 forwarding it sets DISPLAY by default but if not it doesn't set that.)

Alternatively you can do something like the following to save the original DISPLAY variable, unset it then add it back:
export OLDDISPLAY=$DISPLAY
unset DISPLAY
Run your commands for vercrypt
export DISPLAY=$OLDDISPLAY

Note that in general it is a bad idea to hard code the DISPLAY variable in a system profile because it would override any dynamic setting such as that done by X-11 forwarding. Despite that many users do it to this day and have issues because of it.

My read of veracrypt overview suggests it has both a GUI (GTK+ based) version and a character/text version hence my suggestion to "unset DISPLAY" then rerunning the command to see if it gives you the character/text version instead of the error.
 
1 members found this post helpful.
Old 06-16-2019, 09:04 AM   #5
A Traveller
LQ Newbie
 
Registered: Nov 2009
Posts: 14

Original Poster
Rep: Reputation: 1
Thanks for the reply, MensaWater.

Re-installing the software made things go back to the way they were.

I think I understand the permissions issue better now (not fully, however) by endless experimenting!

Thanks for the help.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How To Install & Use VeraCrypt In Linux An Alternative To TrueCrypt LXer Syndicated Linux News 0 02-21-2016 02:33 PM
Veracrypt problem actinide Linux - Newbie 1 11-12-2015 10:20 AM
Veracrypt - mounting as removable medium Archlinux Lucjusz Linux - Software 0 10-21-2015 06:45 PM
LXer: FLOSS Weekly 340: VeraCrypt LXer Syndicated Linux News 0 06-11-2015 05:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration