Sudo gvm-start errors and root privileges

Getting Started
1

Hello everyone,
I’ve been using the OpenVas scanner for my undergraduate research for a month or so now, I’m using the API offered to create scripts in python via gmp that allow me to create targets, create tasks, run scans, and take the results returned from the scan report and everything seems to be working properly.

Only now I notice that when I start the rest server with the command “sudo gvm-start” the following error occurs:

Sep 13 10:23:21 kali systemd[1]: Starting gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)...
Sep 13 10:23:21 kali systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
Sep 13 10:23:23 kali systemd[1]: Started gvmd.service - Greenbone Vulnerability Manager daemon (gvmd).

since I am not very experienced I will put you below the entire answer that appears in the terminal along with the error.

sudo gvm-start
[>] Please wait for the GVM services to start.
[>]
[>] You might need to refresh your browser once it opens.
[>]
[>]  Web UI (Greenbone Security Assistant): https://127.0.0.1:9392

● gsad.service - Greenbone Security Assistant daemon (gsad)
     Loaded: loaded (/lib/systemd/system/gsad.service; disabled; preset: disabled)
     Active: active (running) since Wed 2023-09-13 10:23:28 EDT; 20ms ago
       Docs: man:gsad(8)
             https://www.greenbone.net
   Main PID: 17413 (gsad)
      Tasks: 1 (limit: 6855)
     Memory: 912.0K
        CPU: 6ms
     CGroup: /system.slice/gsad.service
             └─17413 /usr/sbin/gsad --foreground --listen 127.0.0.1 --port 9392

Sep 13 10:23:28 kali systemd[1]: Starting gsad.service - Greenbone Security Assistant daemon (gsad)...
Sep 13 10:23:28 kali systemd[1]: Started gsad.service - Greenbone Security Assistant daemon (gsad).

● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
     Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; preset: disabled)
     Active: active (running) since Wed 2023-09-13 10:23:23 EDT; 5s ago
       Docs: man:gvmd(8)
    Process: 17354 ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock --listen-group=_gvm (code=exited, status=0/SUCCESS)
   Main PID: 17355 (gvmd)
      Tasks: 1 (limit: 6855)
     Memory: 177.8M
        CPU: 953ms
     CGroup: /system.slice/gvmd.service
             └─17355 "gvmd: gvmd: Wa" --osp-vt-update=/run/ospd/ospd.sock --listen-group=_gvm

Sep 13 10:23:21 kali systemd[1]: Starting gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)...
Sep 13 10:23:21 kali systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
Sep 13 10:23:23 kali systemd[1]: Started gvmd.service - Greenbone Vulnerability Manager daemon (gvmd).

● ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
     Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; preset: disabled)
     Active: active (running) since Wed 2023-09-13 10:23:21 EDT; 7s ago
       Docs: man:ospd-openvas(8)
             man:openvas(8)
    Process: 17336 ExecStart=/usr/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf --log-config /etc/gvm/ospd-logging.conf (code=exited, status=0/SUCCESS)
   Main PID: 17342 (ospd-openvas)
      Tasks: 5 (limit: 6855)
     Memory: 46.2M
        CPU: 888ms
     CGroup: /system.slice/ospd-openvas.service
             ├─17342 /usr/bin/python3 /usr/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf --log-config /etc/gvm/ospd-logging.conf
             └─17345 /usr/bin/python3 /usr/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf --log-config /etc/gvm/ospd-logging.conf

Sep 13 10:23:20 kali systemd[1]: Starting ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)...
Sep 13 10:23:21 kali systemd[1]: Started ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).

[>] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3... 2... 1...

The questions I ask are:

  1. Is there any way to solve this problem?
  2. Are the rest of the answers the terminal gives me correct or is there some other problem?
  3. What causes this problem to be present since the way I use it, everything seems to be working?
  4. Bonus question: when I run scripts where I use gmp, I necessarily have to use root privileges “sudo python3 file.py” to run them, is there any way to avoid using root privileges to run the file?
2

Here are my swings at these questions:

Question 1: I suggest searching the forum for other discussions on this same topic: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted to gain some insight into potential causes.

Question 2: If there are no other errors reported, then there are unlikely any other problems, unless its an undocumented error or bug. If you discover that you can contribute the findings to the Greenbone GitHub issues page for the relevant package such as gvmd.

Question 3: See question 1.

Question 4: I guess that elevated privileges are required to access the /run/gvmd/gvmd.sock file. Perhaps you can add your user to the gvm / _gvm group to avoid root user privs. Don’t quote me on that though.

1 Like
3

and how should I go about changing the privileges?

I know these are stupid questions but I don’t understand much about it and I’ve already tried to check in the site and I can’t really understand what exactly I should do

4

Hi,

seems to be a similar issue with gvmd as we occurred with gsad in Gsad.service activating

We fixed that in gsad with Change service start up type from forking to exec by rfc6919 · Pull Request #84 · greenbone/gsad · GitHub Seems that a similar fix should be implemented for gvmd.

2 Likes
5

For the OP, I believe what @bricks is saying is that the system service file needs to be altered as per this post: Debian11 / gvm 22.4: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted - #2 by bricks

The steps would be:

  1. Edit the gvmd systems service file:
sudo nano /etc/systemd/system/gvmd.service
  1. Then:
  • Change Type=forking to Type=exec
  • Add -f to the ExecStart line
  1. Save the changes and restart the gvmd service.
sudo systemctl restart gvmd
2 Likes
6

Thank you both very much for your replies, now it seems the problem is gone :slight_smile:

my one concern is that the file you pointed me to was not in that directory but in another one (/usr/lib/systemd/system/gvmd.service) , could this be a problem?

Also as a last thing, if you can tell me step by step what I should modify to change the privileges and run the scripts where I use gmp without using sudo I would really appreciate it

7

The location of the service file varies depending on your install path. Looking at your post details, the service file is being found so not an issue.

My suggestion is to add your user to the gvm or _gvm group depending which username for GVM is in use on your system. Kali native install is typically _gvm, while Docker containers and source code install is typically gvm. You can add your own user to the group using:

sudo usermod -aG gvm $(whoami)
1 Like
8

I checked among the groups in

/etc/group

and the _gvm group is present, so I tried to run the script you pointed me to for the _gvm group, but once I try to run the file it always returns the same problem:

python3 report.py     
Traceback (most recent call last):
  File "/home/kali/Desktop/Tesi/1 - OpenVAS/report.py", line 19, in <module>
    with Gmp(connection=connection, transform=transform) as gmp:
  File "/usr/lib/python3/dist-packages/gvm/protocols/gmp.py", line 116, in __enter__
    self._gmp = self.determine_supported_gmp()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/gvm/protocols/gmp.py", line 98, in determine_supported_gmp
    version_str = self.determine_remote_gmp_version().split(".", 1)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/gvm/protocols/gmp.py", line 81, in determine_remote_gmp_version
    self.connect()
  File "/usr/lib/python3/dist-packages/gvm/protocols/base.py", line 107, in connect
    self._connection.connect()
  File "/usr/lib/python3/dist-packages/gvm/connections.py", line 519, in connect
    self._socket.connect(self.path)
PermissionError: [Errno 13] Permission denied

Is there any other step I need to follow?

9

You might have to log out and log back in or alternatively su your-username for the shell to recognize the group. It works for me on Kali native package.

sudo usermod -aG _gvm $(whoami)

then

su username

finally

python3 gmp-script.py
1 Like
10

now it works, thank you very much for the support!

last question that came to my mind now:

  • in case I put this script in an executable app that I create in my virtual machine that I use now, and later run it from another computer (assuming it can connect to the rest server) should I again change the group or would it work correctly?