On 1/4/23 10:43, Ulrich Sibiller wrote:
I agree that the error messages should be more helpful. On the other hand all this would not have occurred if the installer had checked for the group to exist before creating another one. Plus: Your systems should always return the same GID for a given groupname. From your description it looks like this is not ensured. So maybe check if you NIS setup (or rather your nscd, sssd, nsswitch.conf) is clean.Uli
The Fedora package does check before creating the group or user:
%pre common
getent group x2gouser >/dev/null || groupadd -r x2gouser
getent passwd x2gouser >/dev/null || \
useradd -r -g x2gouser -d /var/lib/x2go -s /sbin/nologin \
-c "x2go" x2gouser
exit 0
Of course this assumes the NIS is setup and running at the time of
package install, which may not be the case.
On Wed, Jan 4, 2023 at 5:08 PM Robert Kudyba <rkud...@fordham.edu> wrote:The chmod commands allowed X2Go to open. So perhaps not a bug per se but a suggestion to improve on some error checking. We still use NIS/yp (yes it's ok to groan). The NIS server included the x2gouser GID in /etc/group. This led to creation of the user when x2go was installed adopting that GID (461) in /etc/passwd instead of the one that the installation created (973) in /etc/group. (Thus /etc/passwd had x2gouser:x:977:461 while /etc/group had x2gouser:x:973.) The GID of the setgid program /usr/lib64/x2go/libx2go-server-db-sqlite3-wrapper was the one in /etc/group, namely 973, while the GID of /var/lib/x2go and /var/lib/x2go/x2go_sessions was the one in /etc/passwd, namely 461. Hence when the process adopted the GID 973 of the wrapper, it was not granted access to files with GID 461. This caused any of the x2go library scripts that access the database to fail when run as a normal user, In practice, the first one that is run as a session is starting is x2gogetports, which returned a "cannot open file" error message instead of a list of port numbers. This error message (or more precisely the first "word" of it) was fed to x2gocheckports at line 131, which tried to interpret it as a port number, and got a syntax error as a result. In fact, there are many ways that the x2go server process could fail to open the database file. All of them will generate the exact same error message. If I may suggest a change, it would be to catch these errors earlier (e.g. by a success code from x2gogetports and its kin) and report the file open failure with a message based on the errno, (e.g. no such file or access denied). This would narrow down the possible causes of the failure. Thanks for all of your suggestions in getting this to work. On Mon, Jan 2, 2023 at 3:52 AM <m...@jcn50.com> wrote:It could be a bug: the version distributed with Fedora 37 is 4.1.0.3-19.fc37.x86_64.rpm whereas the one in CentOS 8 is x2goserver-4.1.0.3-17.el8.1.x86_64.rpm , with this showing in the change log: 2022-07-23 - Fedora Release Engineering <rel...@fedoraproject.org> - 4.1.0.3-19 - Rebuilt for https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Fedora-5F37-5FMass-5FRebuild&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=c4doz1suIijY2NueNOG6O9qnEmjwZUxxuWDG4ja3upV5tc8ZxcyS12WTuJJIWT3F&s=L9tIePHQQsnuZYnxUL9fh-gQnR4Rx0oKIVntrG7c-LE&e= 2022-05-30 - Jitka Plesnikova <jples...@redhat.com> - 4.1.0.3-18 - Perl 5.36 rebuild Those are the permissions I have on my side (on Debian 11 but it should be the same): root@dev:~# ls -lah /var/lib/ drwxrwx---+ 2 x2gouser x2gouser 4.0K Dec 29 01:37 x2go root@dev:~# ls -lah /var/lib/x2go/ -rw-rw----+ 1 root x2gouser 40K Dec 29 01:37 x2go_sessions So try this: sudo chmod 0770 /var/lib/x2go && sudo chown x2gouser:x2gouser /var/lib/x2go && sudo chmod 0660 /var/lib/x2go/x2go_sessions && sudo chown root:x2gouser /var/lib/x2go/x2go_sessions && echo "PERMISSIONS FIXED" If it still doesn't work: maybe you can revert to version x2goserver-4.1.0.3-17 ? I tried to find the package for Fedora 37 but could only find the el8 ones... Maybe this command would work: sudo dnf install x2goserver-4.1.0.3-17.fc37 Otherwise, the only last option to test out would be to use the EPEL8 repo and install the x2goserver-4.1.0.3-17.el8 package... Regards, Chris, Quantum HostingĀ®. On 2023-01-02 02:26, Robert Kudyba wrote:Well a hypothesis was tested with simply changing permissions as follows X2Go launched: sudo chmod 777 /var/lib/x2go pascal:~/$ sudo chmod 666 /var/lib/x2go/x2go_sessions Is x2go_sessions is needed after a session is up and running? This proves that it is a problem of permission to read and write the db. Permission should be gotten via the sgid wrapper, but for some reason it is not. Uninstalling and reinstalling did not work. Is there a script to fix permissions correctly? Should we remove the x2go user and group and re-add? On Sun, Jan 1, 2023, 2:33 PM <m...@jcn50.com> wrote:Hi again Robert, I have tried (and succeeded) on a server using AlmaLinux 8 (I don't have access to Fedora 37, sorry) and this is the command I used (you might skip the 2x "epel" commands?): dnf upgrade -y && dnf installhttps://urldefense.proofpoint.com/v2/url?u=https-3A__dl.fedoraproject.org_pub_epel_epel-2Drelease-2Dlatest-2D8.noarch.rpm&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=7p_4VYLAUDElk8vMZgdq0Z9McN077vuO0VabguwetT409bSXJvY1JoGQ0Pc6wHog&s=zksEEUIvkzgtDnM8715wOsqYfM21ArqKZhRQdldhWWA&e=-y && dnf config-manager --enable epel && dnf config-manager --set-enabled powertools && dnf install -y xfdesktop gtk-doc xfce* --exclude=xfce4-sensors-plugin-devel lightdm firefox x2goserver x2goserver-xsession && systemctl isolate graphical.target && systemctl set-default graphical.target && echo "PLEASE REBOOT NOW" Pausing and resuming the session didn't work though (probably bec my 1x CPU and 768 MB RAM are too small!). Again: I really prefer the LXQt or LXDE on Ubuntu/Debian as it is a lot faster than XFDE...(I can't imagine how slow MATE could be!). Regards, Chris, Quantum HostingĀ®._______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev_______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
-- Orion Poplawski he/him/his - surely the least important thing about me IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
