How to install and start openvas service as non root user

Use this category only if you have build GSE or components thereof from sources .

Please read About the Greenbone Source Edition (GSE) and About GVM Architecture before posting.

When posting you should provide information about your environment using the following template:

GVM versions

gsa: (‘gsad --version’)
gvm: (‘gvmd --version’) : 7.0.3
openvas-scanner: (‘openvassd --version’) 5.1.3
gvm-libs:

Environment

Operating system: ubuntu
Kernel: (‘uname -a’) Linux santhosh-KVM 5.0.0-29-generic #31~18.04.1-Ubuntu SMP Thu Sep 12 18:29:21 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Installation method / source:
gvm-cli 2.0.0 (API version 1.0.0)

As I am trying to install and run gvm-cli it can run only in non root user. But to make that it will try to read sock file of openvasmd which is under root.

But if I try to install openvasmd and scanner without root I am unable to do the same. Please help me to resolve this.

log --------

gvm@santhosh-KVM:/home/santhosh$ gvm-cli socket --socketpath /var/run/openvasmd.sock --xml “<get_version/>”
Traceback (most recent call last):
File “/usr/local/bin/gvm-cli”, line 11, in
sys.exit(main())
File “/usr/local/lib/python3.6/dist-packages/gvmtools/cli.py”, line 127, in main
with protocol_class(connection, transform=transform) as protocol:
File “/usr/local/lib/python3.6/dist-packages/gvm/protocols/gmp.py”, line 78, in enter
self.connect()
File “/usr/local/lib/python3.6/dist-packages/gvm/protocols/base.py”, line 107, in connect
self._connection.connect()
File “/usr/local/lib/python3.6/dist-packages/gvm/connections.py”, line 349, in connect
self._socket.connect(self.path)
PermissionError: [Errno 13] Permission denied

You can install Greenbone to a place where you can write w.o root, for example in the home from the normal user. you can use this command:

cmake -DCMAKE_INSTALL_PREFIX=/home/user/install/build …

And please take a look at the following arguments of gvmd

  --listen-group=<string>                      Group of the unix socket
  --listen-mode=<string>                       File mode of the unix socket
  --listen-owner=<string>                      Owner of the unix socket
4 Likes

Still need to check this scenario

Hi thanks for your feedback. It worked.

1 Like