Passing-in of devices into rootless containers that switch users during deployment fails #16605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

<!— —>

By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.

Already on GitHub?
Sign in
to your account

mttcnnff opened this issue

Mar 26, 2020

· 12 comments

Something isn’t working

So I thought I would comment since I have a way to do this:

(Change NameOfAuthenticator to the name of your authentication plugin)

..  [
    ,
    ,
    ,
]

You can change it to something like this:

..  [
    ,
    ,
]
username=

 Only except names with 0-9 a-z A-Z and a -
  [[   ^[0-9a-zA-Z-]+$ ]] 
    
   1


home=

 Check if home exists and error if it does
 [   ] 
     1


options=(
  
  
  
  
  
)

useradd 
chown root:root /useradder.sh
chmod 700 /useradder.sh
Cmnd_Alias JUPYTER_USERADD = /useradder.sh *
TheUserHubRunsAs ALL=(root) NOPASSWD:JUPYTER_USERADD

Which should get it working for you

** You agree by using the information contained herein that any negative impact or results to any system, data or network are entirely your responsibility.

Create additional root-level accounts by running these commands from a terminal session:

sudo su

useradd -G root <newusername>

passwd <newusername>

id <newusername>
usermod -o -u 0 -g 0 <username>
id <username>

You should now see something similar to: uid=0(root) gid=0(root) groups=0(root).

shutdown -r now

These commands work well in most main stream *nix and BSD distributions. Use them wisely.

Я подключен к серверу LTS Ubuntu 12.04.3 через SSH; когда я пытаюсь добавить группу, я получаю следующее сообщение:

groupadd: не может заблокировать/etc/group; попробуйте еще раз позже.

В исследовании этой проблемы я нашел, что некоторые предложения искали и удалили a .pwd.lock файл в том же каталоге. Я нашел такой файл, созданный более чем год назад; я удалил его, но это не изменило поведение groupadd.

Я читал, не Может заблокировать ‘/etc/group’ в режиме восстановления, но я не загружаюсь в режим восстановления, и все разделы являются смонтированным чтением-записью. Я не зарегистрирован как пользователь root.

задан
13 April 2017 в 15:24

groupadd: cannot lock /etc/group; try again later.

In researching this problem, I found some suggestions to look for and remove a .pwd.lock file in the same directory. I found such a file, created over a year ago; I removed it but this did not change the behavior of groupadd.

Community's user avatar

asked Jan 12, 2015 at 20:16

Air's user avatar

nonroot@host:/$ adduser existinguser newgroup
adduser: Only root may add a user or group to the system.
nonroot@host:/$ sudo groupadd newgroup
[sudo] password for host:
nonroot@host:/$ grep 'newgroup' /etc/group
newgroup:x:1013:
nonroot@host:/$

answered Jan 12, 2015 at 20:16

Air's user avatar

1 gold badge1 silver badge10 bronze badges

I just found myself getting this message during a Docker build.

I solved it very easily by adding this directive before the privileged commands in the Dockerfile:

USER root

answered Feb 6, 2020 at 19:45

Mike Robinson's user avatar

The trend in Unix security has been to have system files with ownership root:wheel with the presumption that this ownership makes the files harder to corrupt (or leak). As such, the trend has been to move away from using wheel for anything else and to create special groups such as sudo to replace wheel, and further separate and dilute any possible extra permissions of wheel.

For example, at one time, log files were only readable to root or wheel. The current trends, in trying to further separate that privilege, have changed the group of most log files to adm (or similar spelling), although there may still be some vestiges of log files in group wheel. Similar shifts have occurred in other areas to further dilute the permissions formerly covered by wheel.

Why would you need wheel (or adm) permissions if you have sudo anyway?

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

У меня в компьютере даже видеокарточки нет((

Я вот что вспомнил ещё.. он пре предлогал ввести новый пораль для root, а я просто закрыл консоль..

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

anonymous

(20.03.11 19:34:54 MSK)

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

anonymous

(20.03.11 19:35:48 MSK)

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

если у тебя debian-based, загляни в /var/backups
грузись в single mode:

  • держи shift при загрузке
  • в меню grub выбирай рабочее ядро
  • нажимай e для редактирования строки
  • убирай splash quiet
  • добавляй init=/bin/bash,
  • затем делай mout -o rw -o remount /,
  • далее mv /var/backups/group.bak /etc/group

у меня всё

ryk

(20.03.11 19:40:17 MSK)

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Стоит Ubuntu server 64

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

>Пока пытаюсь загрузиться с флэшки, зависает на заставке, пишет:

Стоит Ubuntu server 64

что поделать — вон из профессии

ryk

(20.03.11 19:48:00 MSK)

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

это он таки с диска пытаеся загрузиться

id 0 это рут!

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Всё сделал как сказал ‘ryk’
Спасибо за помощь! Аккуратнее надо быть)

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

так ливсд не пойдёт, моника нет, впс же

GreyDoom

(20.03.11 20:10:29 MSK)

This is my /etc/sudoers file:

# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification
Cmnd_Alias USER_COMMANDS = /usr/sbin/adduser, /usr/sbin/chpasswd

# User privilege specification
root    ALL=(ALL:ALL) ALL
sano    ALL=(ALL) NOPASSWD: USER_COMMANDS

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

Does anyone know why this is? It asks me for a password anyway or I get:

Run5k's user avatar

24 gold badges49 silver badges63 bronze badges

asked Jan 8, 2019 at 14:10

sanof's user avatar

%sudo   ALL=(ALL:ALL) ALL

Cf. this tip from the ArchLinux Wiki:

answered Jan 8, 2019 at 15:58

stefan0xC's user avatar

1 silver badge5 bronze badges

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

John on July 29, 2020

Passing-in of devices into rootless containers that switch users during deployment fails
 #16605

Create a New User


adduser: Only root may add a user or group to the system.


Adding user `ben' ...
Adding new group `ben' (1002) ...
Adding new user `ben' (1002) with group `ben' ...
Creating home directory `/home/ben' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for ben
Enter the new value, or press ENTER for the default
Full Name []: Ben Smith
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y

Adding a User to the sudo Group


Check if a User has sudo Access

su - ben


You should see the output from this command is root:

[sudo] password for ben:
root

How to Run Commands in Sudo Mode

To run a command in sudo mode you just have to add sudo to the beginning of any command.

Дополнительно:  Желательно выйти с этой страницы и не продолжать, если у вас есть avast webmail root


You will be asked to provide the password for the account and for a while after you will not be prompted to supply a password when running commands in sudo mode.

Warning — since you will only be prompted to supply a password when running in sudo for the first time, you could cause massive damage to your system by running commands such as sudo rm carelessly.

Conclusion

The both commands in the while loop need to be run as root, so either add sudos or save this as a bash script and run that with sudo (probably preferable).

awk -F ':| ' '{print $1, $2, $3}' users.txt |
while read user password homedir; do
    adduser --home "$homedir" "$user"
    echo "$password" | passwd "$user" --stdin
done

Alternatively, as you’ve pointed out, you can do more inside awk. We can have it print the entire command:

$ awk -F ':| ' '{ print("adduser --home", $3, $1"; echo", $2 " | passwd", $1) }' users.txt
adduser --home /home/almacen1 Jperez; echo 1234 | passwd Jperez
adduser --home /home/contabilidad1 Lgomez; echo 1234 | passwd Lgomez
adduser --home /home/almacen2 Pfernandez; echo 1234 | passwd Pfernandez
adduser --home /home/direccion1 Mramos; echo 1234 | passwd Mramos

And then just have it pipe all that into a shell (while running):

$ awk -F ':| ' '{ print("adduser --home", $3, $1"; echo", $2 " | passwd", $1) | "/bin/bash" }' users.txt
adduser: Only root may add a user or group to the system.
passwd: user 'Jperez' does not exist
adduser: Only root may add a user or group to the system.
passwd: user 'Lgomez' does not exist
adduser: Only root may add a user or group to the system.
passwd: user 'Pfernandez' does not exist
adduser: Only root may add a user or group to the system.
passwd: user 'Mramos' does not exist

Obviously you would need to run the above with sudo (or as root) in order for it to run (that’s why it’s vomiting errors). You could use awk‘s system() command but then you have to spend more time concatenating the strings. print() makes this really simple so I went with that.

I see two paths forward, at least. Either create a new instance (and copy files over) or attempt to recover the broken one:

  • First, after trying this in a test instance, I can still access the instance under Windows using the \\wsl$\Ubuntu path. That won’t let you fix /etc/passwd, but it will at least let you copy out any files you need to recover from the instance.

    You can install a second instance of the exact same Ubuntu distribution you installed from the Store:

    1.  Get-ChildItem -Recurse 'C:\Program Files\WindowsApps\' | Where-Object {$_.Name -eq 'install.tar.gz' }
      
    2. The output will have the location of the install.tar.gz that was used to create the original instance.

    3. wsl --import NewUbuntu ".\path\to\WSL\NewUbuntu" "<path_with_tarball>\intall.tar.gz" --version 2`
      
    4. Start the new instance using wsl -d NewUbuntu. You’ll be root by default.

    5. adduser <username>
      usermod -aG adm,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev <username>
      

    You should now be able to copy over files from your old instance (\\wsl$\Ubuntu) to the new one (\\wsl$\NewUbuntu).

    Ultimately, to delete the old copy, when you are sure you have all your critical files out, wsl --unregister <distroname>.

There are possible options that I can think of that might allow you to repair/recover the existing instance. I have not tested these step-by-step, but most everything here is something I’ve done at one time or another:

  • This one I don’t recommend, as it has the potential to leave the instance in an unstable state ultimately:

    • Convert the instance to WSL1 using wsl --set-version Ubuntu 1
    • In Windows, navigate to the location of the WSL1 overlay file system in %userprofile%\AppData\Local\Packages\Canonical...\LocalState\rootfs\etc\passwd.
    • Fix your /etc/passwd using a Windows app that handles Linux line-endings. Again, this can be problematic, as it can ultimately cause filesystem corruption in WSL. It might be easiest and safest to just delete the passwd file, since we believe that doing so will let you log in as UID 0 again and then re-create the root user.
    • Convert it back to WSL2, if desired.
  • Or, use another instance to fix the first:

    • Create a tarball of your broken instance with wsl --export Ubuntu fixme.tar.

    • Go back to the first option above where we created a new instance and do those steps. But call the instance something like «UbuntuTemp».

    • Inside that new (temporary) instance:

      mkdir ~/fixme
      cd ~/fixme
      sudo tar --xattrs-include="security.capability" -xvf /mnt/c/path/to/fixme.tar
      sudo cp /etc/passwd ~/fixme/etc/passwd
      sudo tar --xattrs -cvf /mnt/c/path/to/fixed.tar .
      
    • Exit the temporary Ubuntu instance.

    • In PowerShell, create a directory for your fixed Ubuntu instance, then:

      wsl --import Ubuntu20_04 "path/you/just/created" "path/to/fixed.tar" --version 2
      
    • Start the fixed (hopefully) instance with wsl -d Ubuntu20_04.

    • Assuming that it is working correctly, set the instance as the default using:

      wsl --set-default Ubuntu20_04
      

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

Steps to reproduce the issue:

  1. Check permissions on device /dev/ttyEnOcean/
$ ls -la /dev/ttyEnOcean
lrwxrwxrwx 1 root root 7 Nov 22 15:40 /dev/ttyEnOcean -> ttyUSB0

$ ls -la /dev/ttyUSB0
crw-rw---- 1 root usb-dongles 188, 0 Nov 22 15:44 /dev/ttyUSB0

$ id
uid=1000(foobar-user) gid=1002(ssh_users) groups=1002(ssh_users),1000(usb-dongles),1004(gpio-users)
  1. Run fhem image as rootless container without —user flag by running
    $ podman run -it --volume fhem:/opt/fhem --device /dev/ttyEnOcean:/dev/ttyEnOcean --rm --tz Europe/Berlin --group-add keep-groups --name fhem --pull always -p 8100:8083 fhem-minimal-docker:bullseye
    Output of $ podman exec -l -u=fhem ls -la /dev/ttyEnOcean
crw-rw---- 1 nobody nogroup 188, 0 Nov 23 22:28 /dev/ttyEnOcean

Describe the results you received:

touch: cannot touch '/image_info.EMPTY': Permission denied
/entry.sh: line 46: /docker.privileged: Permission denied
/entry.sh: line 56: /docker.hostnetwork: Permission denied
/entry.sh: line 59: /docker.container.id: Permission denied
/entry.sh: line 60: /docker.container.cap.e: Permission denied
/entry.sh: line 61: /docker.container.cap.p: Permission denied
/entry.sh: line 62: /docker.container.cap.i: Permission denied
Preparing initial start:
1. Installing FHEM to /opt/fhem
mv: cannot create regular file '/opt/fhem/.proverc': Permission denied
mv: cannot create regular file '/opt/fhem/CHANGED': Permission denied
mv: cannot create regular file '/opt/fhem/COPYING': Permission denied
mv: cannot create directory '/opt/fhem/FHEM': Permission denied
mv: cannot create regular file '/opt/fhem/GPL_V2.txt': Permission denied
mv: cannot create regular file '/opt/fhem/HISTORY': Permission denied
mv: cannot create regular file '/opt/fhem/MAINTAINER.txt': Permission denied
mv: cannot create regular file '/opt/fhem/Makefile': Permission denied
mv: cannot create regular file '/opt/fhem/README.SVN': Permission denied
mv: cannot create regular file '/opt/fhem/README_DEMO.txt': Permission denied
mv: cannot create regular file '/opt/fhem/UPGRADE': Permission denied
mv: cannot create regular file '/opt/fhem/configDB.pm': Permission denied
mv: cannot create directory '/opt/fhem/contrib': Permission denied
mv: cannot create regular file '/opt/fhem/controls_fhem.txt': Permission denied
mv: cannot create directory '/opt/fhem/demolog': Permission denied
mv: cannot create directory '/opt/fhem/docs': Permission denied
mv: cannot create regular file '/opt/fhem/fhem.cfg': Permission denied
mv: cannot create regular file '/opt/fhem/fhem.cfg.demo': Permission denied
mv: cannot create regular file '/opt/fhem/fhem.pl': Permission denied
mv: cannot create directory '/opt/fhem/lib': Permission denied
mv: cannot create directory '/opt/fhem/log': Permission denied
mv: cannot create directory '/opt/fhem/t': Permission denied
mv: cannot create directory '/opt/fhem/thirdparty': Permission denied
mv: cannot create directory '/opt/fhem/webfrontend': Permission denied
mv: cannot create directory '/opt/fhem/www': Permission denied
/entry.sh: line 165: ./FHEM/controls.txt: No such file or directory
mv: cannot stat './controls_fhem.txt': No such file or directory
Can't open perl script "./contrib/commandref_modular.pl": No such file or directory
cp: cannot stat './fhem.cfg': No such file or directory
2. Patching fhem.cfg default configuration
cat: /opt/fhem/fhem.cfg: No such file or directory
/entry.sh: line 172: /opt/fhem/fhem.cfg: Permission denied
cat: /opt/fhem/fhem.cfg: No such file or directory
/entry.sh: line 173: /opt/fhem/fhem.cfg: Permission denied
cat: /opt/fhem/fhem.cfg: No such file or directory
/entry.sh: line 174: /opt/fhem/fhem.cfg: Permission denied
3. Adding pre-defined devices to fhem.cfg
/entry.sh: line 179: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 180: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 181: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 182: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 183: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 184: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 185: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 186: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 187: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 188: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 189: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 190: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 202: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 203: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 204: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 205: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 206: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 207: /opt/fhem/fhem.cfg: Permission denied
...
Preparing user environment ...
cp: cannot create regular file '/etc/passwd.orig': Permission denied
cp: cannot open '/etc/shadow' for reading: Permission denied
cp: cannot create regular file '/etc/group.orig': Permission denied
cp: cannot stat '/etc/passwd.orig': No such file or directory
cp: cannot stat '/etc/shadow.orig': No such file or directory
cp: cannot stat '/etc/group.orig': No such file or directory
1. Creating group 'fhem' with GID 6061 ...
groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.
2. Enforcing GID for group 'bluetooth' to 6001 ...
sed: couldn't open temporary file /etc/sedJIQTnM: Permission denied
3. Creating user 'fhem' with UID 6061 ...
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.
usermod: user 'fhem' does not exist
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
4. Creating log directory /opt/fhem/./log ...
mkdir: cannot create directory ‘/opt/fhem/./log’: Permission denied
5. Enforcing user and group ownership for /opt/fhem to fhem:fhem ...
6. Enforcing file and directory permissions for /opt/fhem ...
7. Correcting group ownership for /dev/tty* ...
8. Found GPIO: Correcting group permissions in /dev and /sys to 'gpio' with GID 6002 ...
groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.
adduser: Only root may add a user or group to the system.
chown: invalid user: ‘.gpio’
9. Found I2C: Correcting group permissions in /dev to 'i2c' with GID 6003 ...
sed: couldn't open temporary file /etc/sed4AkWlT: Permission denied
adduser: Only root may add a user or group to the system.
10. Updating /etc/sudoers.d/fhem-docker ...
/entry.sh: line 356: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 359: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 362: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 363: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 364: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 365: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 366: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 369: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 370: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 371: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 372: /etc/sudoers.d/fhem-docker: Permission denied
chmod: missing operand after ‘440’
Try 'chmod --help' for more information.
chown: missing operand after ‘root:6061’
Try 'chown --help' for more information.
mkdir: cannot create directory ‘/opt/fhem/.ssh’: Permission denied
chmod: cannot access '/opt/fhem/.ssh': No such file or directory
11. Generating SSH Ed25519 client certificate for user 'fhem' ...
Could not create directory '/opt/fhem/.ssh' (Permission denied).
Saving key "/opt/fhem/.ssh/id_ed25519" failed: No such file or directory
sed: can't read /opt/fhem/.ssh/id_ed25519.pub: No such file or directory
12. Generating SSH RSA client certificate for user 'fhem' ...
Could not create directory '/opt/fhem/.ssh' (Permission denied).
Saving key "/opt/fhem/.ssh/id_rsa" failed: No such file or directory
sed: can't read /opt/fhem/.ssh/id_rsa.pub: No such file or directory
13. Generating SSH client configuration for user 'fhem' ...
/entry.sh: line 409: /opt/fhem/.ssh/config: No such file or directory
14. Adding gateway.docker.internal to /etc/hosts ...
/entry.sh: line 417: /etc/hosts: Permission denied
15. Adding host.docker.internal to /etc/hosts ...
/entry.sh: line 424: /etc/hosts: Permission denied
16. Pre-authorizing SSH to Docker host for user 'fhem' ...
touch: cannot touch '/opt/fhem/.ssh/known_hosts': No such file or directory
/entry.sh: line 434: /opt/fhem/.ssh/known_hosts.tmp: No such file or directory
grep: /opt/fhem/.ssh/known_hosts: No such file or directory
mv: cannot stat '/opt/fhem/.ssh/known_hosts.tmp': No such file or directory
17. Updating SSH key pinning and SSH client permissions for user 'fhem' ...
/entry.sh: line 442: /opt/fhem/.ssh/known_hosts.tmp: No such file or directory
cat: /opt/fhem/.ssh/known_hosts: No such file or directory
mv: cannot stat '/opt/fhem/.ssh/known_hosts.tmp': No such file or directory
chown: invalid user: ‘fhem.fhem’
chmod: cannot access '/opt/fhem/.ssh/known_hosts': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_ed25519': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_rsa': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_ed25519.pub': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_rsa.pub': No such file or directory



Preparing configuration ... done

Starting FHEM ...
su: user fhem does not exist or the user entry does not contain all the required fields

Additional information you deem important (e.g. issue happens only occasionally):
From the entry.sh script inside the container that handles most of the permission assignment during startup (shortened, full version can be found here. The correct group of devices in the container’s /dev/tty* should be dialout and not nogroup.

FHEM_UID="${FHEM_UID:-6061}"
FHEM_GID="${FHEM_GID:-6061}"

echo "$i. Creating user 'fhem' with UID ${FHEM_UID} ..."
useradd --home ${FHEM_DIR} --shell /bin/bash --uid ${FHEM_UID} --no-create-home --no-user-group --non-unique fhem 2>&1>/dev/null
usermod --append --gid ${FHEM_GID} --groups ${FHEM_GID} fhem 2>&1>/dev/null
adduser --quiet fhem audio 2>&1>/dev/null
adduser --quiet fhem bluetooth 2>&1>/dev/null
adduser --quiet fhem dialout 2>&1>/dev/null
adduser --quiet fhem mail 2>&1>/dev/null
adduser --quiet fhem tty 2>&1>/dev/null
adduser --quiet fhem video 2>&1>/dev/null
(( i++ ))

echo "$i. Enforcing file and directory permissions for ${FHEM_DIR} ..."
find ${FHEM_DIR}/ -type d -exec chmod --quiet ${FHEM_PERM_DIR} {} \;
chmod --quiet go-w ${FHEM_DIR}
find ${FHEM_DIR}/ -type f -exec chmod --quiet ${FHEM_PERM_FILE} {} \;
find ${FHEM_DIR}/ -type f -name '*.pl' -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -type f -name '*.py' -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -type f -name '*.sh' -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -path '*/bin/*' -type f -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -path '*/sbin/*' -type f -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -path '*/*script*/*' -type f -exec chmod --quiet u+x {} \;
(( i++ ))

echo "$i. Correcting group ownership for /dev/tty* ..."
find /dev/ -regextype sed -regex ".*/tty[0-9]*" -exec chown --recursive --quiet --no-dereference .tty {} \; 2>/dev/null
find /dev/ -name "ttyS*" -exec chown --recursive --quiet --no-dereference .dialout {} \; 2>/dev/null
find /dev/ -name "ttyACM*" -exec chown --recursive --quiet --no-dereference .dialout {} \; 2>/dev/null
find /dev/ -name "ttyUSB*" -exec chown --recursive --quiet --no-dereference .dialout {} \; 2>/dev/null
find /dev/ -regextype sed -regex ".*/tty[0-9]*" -exec chmod --recursive --quiet g+w {} \; 2>/dev/null
find /dev/ -name "ttyS*" -exec chmod --recursive --quiet g+rw {} \; 2>/dev/null
find /dev/ -name "ttyACM*" -exec chmod --recursive --quiet g+rw {} \; 2>/dev/null
find /dev/ -name "ttyUSB*" -exec chmod --recursive --quiet g+rw {} \; 2>/dev/null
(( i++ ))

Output of podman version:

podman version 4.3.1

Output of podman info:

host:
  arch: arm64
  buildahVersion: 1.28.0
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon_2:2.1.5-0ubuntu22.04+obs14.5_arm64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.5, commit: '
  cpuUtilization:
    idlePercent: 97.35
    systemPercent: 1.37
    userPercent: 1.28
  cpus: 4
  distribution:
    codename: jammy
    distribution: ubuntu
    version: "22.04"
  eventLogger: journald
  hostname: foobar
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1002
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.15.0-1018-raspi
  linkmode: dynamic
  logDriver: journald
  memFree: 1502580736
  memTotal: 3972960256
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun_1.7-0ubuntu22.04+obs47.3_arm64
    path: /usr/bin/crun
    version: |-
      crun version 1.7
      commit: 40d996ea8a827981895ce22886a9bac367f87264
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns_1.0.1-2_arm64
    version: |-
      slirp4netns version 1.0.1
      commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
      libslirp: 4.6.1
  swapFree: 0
  swapTotal: 0
  uptime: 50h 10m 46.00s (Approximately 2.08 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/foobar-user/.config/containers/storage.conf
  containerStore:
    number: 4
    paused: 0
    running: 4
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/foobar-user/.local/share/containers/storage
  graphRootAllocated: 251762089984
  graphRootUsed: 14049038336
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 6
  runRoot: /run/user/1000/containers
  volumePath: /home/foobar-user/.local/share/containers/storage/volumes
version:
  APIVersion: 4.3.1
  Built: 0
  BuiltTime: Thu Jan  1 01:00:00 1970
  GitCommit: ""
  GoVersion: go1.18.1
  Os: linux
  OsArch: linux/arm64
  Version: 4.3.1

Package info (e.g. output of rpm -q podman or apt list podman or brew info podman):

nil (installation from source with GNU Make )

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Дополнительно:  Как скачать baidu root на android

Additional environment details (AWS, VirtualBox, physical, etc.):
Physical on AArch64 (Raspberry Pi 4 B

Comments

@mttcnnff

My use case:

  • I’m running jupyterhub in a containerized production environment as a service in amazon ECS
  • I’m using an NFS to persist user’s home directories, which is great
  • I’d like to persist which users exist and their password hashes between new builds of the container so I don’t have to recreate users everytime I redeploy my service
  • I’d like to use NativeAuthenticator as my persisted user/user_info store to solve that 👆problem

The problem:

  • When a user is created they are only created in the db and not on the host machine itself
  • This means that when the process spawner tries to spawn a process it cannot because it can’t find the user to spawn the process under

Error Message:

Error in Authenticator.pre_spawn_start: KeyError "getpwnam(): name not found

@leportella

I’m sorry it is not clear to me what you are trying to do.

If you are trying to keep the info, couldn’t you keep the passwords.dbm (or passwords.dbm.db depending on the system) and set it as the default path on the authenticator?

@mttcnnff

Is that clearer? Let me know what I’m glossing over please! 🙏😊

@valvesss

P.S.: I’m proud to see Brazilians projects! Como brasileiro fico feliz de verdade, continue o bom trabalho 🙂

@minrk

See jupyterhub/jupyterhub#2948 for some discussion. I think we want a LocalNativeAuthenticator variant:

 .  

 (, ):
    

@minrk

We should also cover in the docs that NativeAuthenticator cannot be used with the default Spawner, and make sure to get the quickstart docs to result in running servers, which they do not currently due to the implicit use of default Spawner.

Дополнительно:  Extract root в составе

@stefaneidelloth

The above mentioned custom class can be directly entered in the config file:

..  {}
..  
..  
 .  
   
 (, ):
  
..  
..  

@ibayer

Due to the limitations mentioned here, is the nativeauthenticator expected to work with the little jupyter hub?

I’m was using the great features provided by NativeAuthenticator for months till suddenly the login page started to cause
issues. The only option I found to resolve this was to disable NativeAuthenticator.

Details are here: jupyterhub/the-littlest-jupyterhub#631

@shreeishitagupta

..  {}
..  
..  
 .  
   
 (, ):
  
..  
..  

@lambdaTotoro

@shreeishitagupta

@lambdaTotoro

But that is not a question that concerns nativeAuthenticator, so I’d try the jupyterhub repository (where similar problems have been discussed in the past, for example in jupyterhub/jupyterhub#1527) or their discourse page.

@lambdaTotoro

Something isn’t working

Ответа

nonroot@host:/$ adduser existinguser newgroup
adduser: Only root may add a user or group to the system.

Для добавления новой группы, когда зарегистрированный как некорневого пользователя необходимо использовать sudo:

nonroot@host:/$ sudo groupadd newgroup
[sudo] password for host:
nonroot@host:/$ grep 'newgroup' /etc/group
newgroup:x:1013:
nonroot@host:/$

Я только что обнаружил, что получаю это сообщение во время сборки Docker.

Я очень легко решил эту проблему, добавив эту директиву перед привилегированными командами в Dockerfile:

USER root

Другие вопросы по тегам:

Похожие вопросы:

Оцените статью
Master Hi-technology
Добавить комментарий