Autostart with elevated privileges

Issues & Assistance
1

Hello Garuda users.

I want each OS to set a custom Bluetooth MAC so that I can pair the same device to each instance of a multiboot system. I created an item in .config/autostart that references a shell script with the commands. Because elevated privileges are necessary, I edited /etc/sudoers to allow my user to execute this script without entering a password. Finally I made root owner of the script and set it read-only.

I'm thinking this is fairly secure but I'm wondering about creating a service to allow systemd to manage the Bluetooth MAC address so that I don't need to expose su at all. What do you think?

-- Michael

 ╭─mickleby@mickleby in ~ took 1s
 ╰─λ sudo garuda-inxi
[sudo] password for mickleby:
System:
  Kernel: 6.2.10-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 12.2.1
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
    root=UUID=7ce7773f-cf24-4ed4-92fd-61d4b91d7a28 rw rootflags=subvol=@
    quiet quiet splash rd.udev.log_priority=3 vt.global_cursor_default=0
    loglevel=3
  Desktop: Qtile v: 0.22.1 wm: LG3D dm: SDDM Distro: Garuda Linux
    base: Arch Linux
Machine:
  Type: Desktop System: AZW product: SEi v: N/A serial: N/A
  Mobo: AZW model: SEi serial: N/A UEFI: American Megatrends LLC.
    v: ALDER109 date: 12/01/2022
Battery:
  Device-1: hidpp_battery_0 model: Logitech Illuminated Living-Room Keyboard
    K830 serial: <filter> charge: 100% (should be ignored) rechargeable: yes
    status: discharging
CPU:
  Info: model: 12th Gen Intel Core i5-1235U socket: U3E1 bits: 64
    type: MST AMCP arch: Alder Lake level: v3 note: check built: 2021+
    process: Intel 7 (10nm ESF) family: 6 model-id: 0x9A (154) stepping: 4
    microcode: 0x429
  Topology: cpus: 1x cores: 10 mt: 2 tpc: 2 st: 8 threads: 12 smt: enabled
    cache: L1: 928 KiB desc: d-8x32 KiB, 2x48 KiB; i-2x32 KiB, 8x64 KiB
    L2: 6.5 MiB desc: 2x1.2 MiB, 2x2 MiB L3: 12 MiB desc: 1x12 MiB
  Speed (MHz): avg: 1951 high: 2500 min/max: 400/4400:3300
    base/boost: 1188/4400 scaling: driver: intel_pstate governor: powersave
    volts: 0.7 V ext-clock: 100 MHz cores: 1: 614 2: 2500 3: 547 4: 2500
    5: 2500 6: 400 7: 1857 8: 2500 9: 2500 10: 2500 11: 2500 12: 2500
    bogomips: 59904
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities: <filter>
Graphics:
  Device-1: Intel Alder Lake-UP3 GT2 [Iris Xe Graphics] driver: i915 v: kernel
    arch: Gen-12.2 process: Intel 10nm built: 2021-22+ ports: active: HDMI-A-1
    empty: HDMI-A-2 bus-ID: 00:02.0 chip-ID: 8086:46a8 class-ID: 0300
  Display: x11 server: X.Org v: 21.1.8 compositor: Picom v: git-c4107
    driver: X: loaded: modesetting alternate: fbdev,intel,vesa dri: iris
    gpu: i915 display-ID: :0 screens: 1
  Screen-1: 0 s-res: 1360x768 s-dpi: 96 s-size: 358x202mm (14.09x7.95")
    s-diag: 411mm (16.18")
  Monitor-1: HDMI-A-1 mapped: HDMI-1 model: LG (GoldStar) TV
    serial: <filter> built: 2012 res: 1360x768 hz: 60 dpi: 216 gamma: 1.2
    size: 160x90mm (6.3x3.54") diag: 1836mm (72.3") ratio: 16:9 modes:
    max: 1920x1080 min: 720x400
  API: OpenGL Message: Unable to show GL data. Required tool glxinfo
    missing.
Audio:
  Device-1: Intel Alder Lake PCH-P High Definition Audio driver: snd_hda_intel
    v: kernel alternate: snd_sof_pci_intel_tgl bus-ID: 00:1f.3
    chip-ID: 8086:51c8 class-ID: 0403
  API: ALSA v: k6.2.10-zen1-1-zen status: kernel-api tools: alsamixer,amixer
  Server-1: PipeWire v: 0.3.68 status: n/a (root, process) with:
    1: pipewire-pulse status: active 2: wireplumber status: active
    3: pipewire-alsa type: plugin 4: pw-jack type: plugin
    tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Intel Alder Lake-P PCH CNVi WiFi driver: iwlwifi v: kernel
    bus-ID: 00:14.3 chip-ID: 8086:51f0 class-ID: 0280
  IF: wlo1 state: down mac: <filter>
  Device-2: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    driver: r8169 v: kernel pcie: gen: 1 speed: 2.5 GT/s lanes: 1 port: 3000
    bus-ID: 03:00.0 chip-ID: 10ec:8168 class-ID: 0200
  IF: enp3s0 state: up speed: 1000 Mbps duplex: full mac: <filter>
Bluetooth:
  Device-1: Intel AX201 Bluetooth type: USB driver: btusb v: 0.8
    bus-ID: 2-10:3 chip-ID: 8087:0026 class-ID: e001
  Report: bt-adapter ID: hci0 rfk-id: 0 state: up address: <filter>
Drives:
  Local Storage: total: 476.94 GiB used: 6.87 GiB (1.4%)
  SMART Message: Required tool smartctl not installed. Check --recommends
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Micron model: 2400 MTFDKBA512QFM
    size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 63.2 Gb/s
    lanes: 4 type: SSD serial: <filter> rev: V3MA002 temp: 33.9 C scheme: GPT
Partition:
  ID-1: / raw-size: 38.67 GiB size: 38.67 GiB (100.00%) used: 6.84 GiB (17.7%)
    fs: btrfs block-size: 4096 B dev: /dev/nvme0n1p5 maj-min: 259:5
  ID-2: /boot/efi raw-size: 100 MiB size: 96 MiB (96.00%)
    used: 34.7 MiB (36.2%) fs: vfat block-size: 512 B dev: /dev/nvme0n1p1
    maj-min: 259:1
  ID-3: /home raw-size: 38.67 GiB size: 38.67 GiB (100.00%)
    used: 6.84 GiB (17.7%) fs: btrfs block-size: 4096 B dev: /dev/nvme0n1p5
    maj-min: 259:5
  ID-4: /var/log raw-size: 38.67 GiB size: 38.67 GiB (100.00%)
    used: 6.84 GiB (17.7%) fs: btrfs block-size: 4096 B dev: /dev/nvme0n1p5
    maj-min: 259:5
  ID-5: /var/tmp raw-size: 38.67 GiB size: 38.67 GiB (100.00%)
    used: 6.84 GiB (17.7%) fs: btrfs block-size: 4096 B dev: /dev/nvme0n1p5
    maj-min: 259:5
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
  ID-1: swap-1 type: zram size: 15.39 GiB used: 0 KiB (0.0%) priority: 100
    dev: /dev/zram0
Sensors:
  System Temperatures: cpu: 33.0 C mobo: N/A
  Fan Speeds (RPM): N/A
Info:
  Processes: 385 Uptime: 3h 55m wakeups: 233 Memory: 15.39 GiB
  used: 3.73 GiB (24.2%) Init: systemd v: 253 default: graphical
  tool: systemctl Compilers: gcc: 12.2.1 Packages: pm: pacman pkgs: 1130
  libs: 316 tools: pamac,paru Shell: garuda-inxi (sudo) default: Bash
  v: 5.1.16 running-in: alacritty inxi: 3.3.26
Garuda (2.6.16-1):
  System install date:     2023-04-11
  Last full system update: 2023-04-13
  Is partially upgraded:   No
  Relevant software:       snapper NetworkManager dracut
  Windows dual boot:       Yes
  Failed units:

 ╭─mickleby@mickleby in ~ as 🧙 took 5s
 ╰─λ
2

I recently learned how to create my own service and timer systemd units and found this article very helpful and you may too.

https://opensource.com/article/20/7/systemd-timers

And yes, a systemd service would work I imagine.

2 Likes
3

I'm wondering if adding an After clause to the Bluetooth service is all I need to launch my setCustomMAC.service.

4

I agree that using a systemd service is a good solution. Make sure you move your script out of the /home directory or systemd may have problems using it. A common place for keeping a script like this would be /usr/local/bin.

Something like this I think could work:

micro /etc/systemd/system/my_cool_bluetooth_thing.service

[Unit]
Desription=My Cool Bluetooth Thing
After=bluetooth.service
Requires=bluetooth.service

[Service]
Type=simple
ExecStart=/usr/local/bin/my_cool_bluetooth_script
Restart=on-failure
RestartSec=5

[Install]
WantedBy=bluetooth.target

systemctl enable --now my_cool_bluetooth_thing.service
2 Likes
5

Cheers!

Here's where I'm at: The service returns SUCCESS and yet doesn't actually change the MAC during boot. It does change the MAC when I run this service after my user session comes up... I'm think I must add another item to After=bluetooth.service.

6

Hmm, I wonder if it is failing to change the MAC, or if something else is changing the MAC again after it runs?

Try further delaying the start of the service by changing the After= line to graphical-session.target to see if you get a different result.

After=graphical-session.target

Check to see if you are getting anything interesting in the journal.

journalctl -b | grep bluetooth

Paste the script in the thread when you get a chance so we can see what it is trying to do.

1 Like
7

I have graphical.target but I don’t think that changed the behavior. I’m going to try [email protected] next.

8

Meh. I have a functioning hack: I insert a sleep 3 in my script. :man_shrugging:

Why does the journal record reaching Bluetooth target 3x?

 ╰─λ journalctl -g "Reached target Bluetooth"|tail -n4
-- Boot a52a088fb51c450c9f0ab8f762488d38 --
Apr 14 08:45:55 mickleby-sei systemd[1]: Reached target Bluetooth Support.
Apr 14 08:46:09 mickleby-sei systemd[703]: Reached target Bluetooth.
Apr 14 08:46:09 mickleby-sei systemd[1215]: Reached target Bluetooth.

 ╭─mickleby@mickleby in ~ as 🧙 took 59ms

Maybe if I understood how to wait for of these other systemd PIDs? What are they, anyway?

9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.