World Community Grid - View Thread - GUI RPC password is empty. BOINC can be controlled by any user on this computer.

World Community Grid Forums

Category: Support

Forum: BOINC Agent Support

Thread: GUI RPC password is empty. BOINC can be controlled by any user on this computer.

Quick Go »

No member browsing this thread

Thread Status: Active
Total posts in this thread: 5

[ ]

Author

This topic has been viewed 71 times and has 4 replies

Occam
Advanced Cruncher
Joined: Jan 1, 2024
Post Count: 67
Status: Offline


GUI RPC password is empty. BOINC can be controlled by any user on this computer.

New install and 1st time I've ever got this warning. I'm Linux 7.18.1 and as the only user on this computer I'm not worried about it unless someone knows a reason I should be. Is there a quick fix or will it eventually go away?
Thanks

[Jan 19, 2025 9:50:09 PM]

adriverhoef
Master Cruncher
The Netherlands
Joined: Apr 3, 2009
Post Count: 2089
Status: Offline
Project Badges:

5 year badge for Human Proteome Folding - Phase 2

90 day badge for Nutritious Rice for the World

2 year badge for Help Fight Childhood Cancer

2 year badge for Help Cure Muscular Dystrophy - Phase 2

14 day badge for Discovering Dengue Drugs - Together - Phase 2

180 day badge for The Clean Energy Project - Phase 2

1 year badge for Computing for Clean Water

1 year badge for Drug Search for Leishmaniasis

1 year badge for GO Fight Against Malaria

45 day badge for Computing for Sustainable Water

100 year badge for Mapping Cancer Markers

1 year badge for Uncovering Genome Mysteries

20 year badge for Outsmart Ebola Together

2 year badge for FightAIDS@Home - Phase 2

20 year badge for Smash Childhood Cancer

5 year badge for Microbiome Immunity Project

10 year badge for Africa Rainfall Project

50 year badge for OpenPandemics - COVID-19


Re: GUI RPC password is empty. BOINC can be controlled by any user on this computer.

That warning message will not go away unless you undertake action to fix it. A quick fix would be to put some valid password into the file gui_rpc_auth.cfg, then restart BOINC. Or else just let it be and accept that there will always be a warning message about an empty password.

See https://boinc.berkeley.edu/gui_rpc_passwd.php

If you're the only user of your computer, that's OK. If there are other users, and you don't want them to control BOINC, do the following:

sudo rm /var/lib/boinc/gui_rpc_auth.cfg
sudo usermod -a -G boinc $USER
exec su $USER
sudo systemctl restart boinc-client

This will add you to the 'boinc' group, and will create a new access control file readable only by members of that group. If you want to let other users control BOINC, add them to the group also.

Adri

[Jan 19, 2025 11:42:22 PM]

gj82854
Advanced Cruncher
Joined: Sep 26, 2022
Post Count: 70
Status: Offline
Project Badges:

10 year badge for Mapping Cancer Markers

2 year badge for Africa Rainfall Project


Re: GUI RPC password is empty. BOINC can be controlled by any user on this computer.

Later releases of BOINC are going to enforce the password requirement. They will not allow an empty gui_rpc_auth.cfg file. I don't remember which release begins the enforcement.

[Jan 20, 2025 12:56:34 AM]

Occam
Advanced Cruncher
Joined: Jan 1, 2024
Post Count: 67
Status: Offline


Re: GUI RPC password is empty. BOINC can be controlled by any user on this computer.

Ok, thanks. So am I correct that as a single user of my computers this does not reflect any security or privacy issue?

[Jan 20, 2025 1:14:57 AM]

gj82854
Advanced Cruncher
Joined: Sep 26, 2022
Post Count: 70
Status: Offline
Project Badges:


Re: GUI RPC password is empty. BOINC can be controlled by any user on this computer.

After reviewing the code and some of the pull requests, it looks like there may have been a reversal of policy(I think this went in with 7.20.x of the client):

boinccmd: show alert messages after attach RPCs

PR #3709 disallowed empty GUI RPC password files.
This increased security on shared machines.
But it meant that on Linux, after installing BOINC as a package,
the user had to locate and change the protection
and/or the ownership of the password file, which is undesirable.

This change allows empty password files but tells the user
that they should think about the security implications.
With the Manager this is delivered as a notice.
With boinccmd the message is written to stderr after an attach operation.

----------------------------------------
[Edit 1 times, last edit by gj82854 at Jan 20, 2025 2:22:21 AM]

[Jan 20, 2025 2:20:28 AM]

[ ]