Bug#1063: CreateDB fails with error `DBI connect('dbname=/var/lib/x2go/x2go_sessions', '', ...) failed`
Package: x2goserver Version: 4.0.1.19-3.el6
Upon installing x2goserver, when "x2godbadmin" script is used with create DB option, a DBI connect error is thrown by the script. As a result, upon suspending/terminating the first session, the client refuses to reconnect to the server displaying the error message given below.
*Complete Error Message:*
% x2godbadmin --createdb
DBI connect('dbname=/var/lib/x2go/x2go_sessions','',...) failed: unable to open database file at /usr/sbin/x2godbadmin line 103
backend=sqlite at /usr/sbin/x2godbadmin line 103.
*System Details:*
Host type: EC2 Server
OS:
Amazon Linux Bare Metal Release 2012.03 Kernel Linux 3.2.45-0.6.acc.624.45.283.amzn1acc.x86_64 GNOME 2.28.2
*Installation History:*
% sudo yum install x2goserver
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
dev-dsk-main: dev-desktop-repos.amazon.com
dev-dsk-updates: dev-desktop-repos.amazon.com
epel: epel.mirrors.ovh.net
nux-dextop: mirror.li.nux.ro
Resolving Dependencies
--> Running transaction check
---> Package x2goserver.x86_64 0:4.0.1.19-3.el6 will be installed
--> Processing Dependency: x2goagent >= 3.5.0.25 for package: x2goserver-4.0.1.19-3.el6.x86_64
--> Running transaction check
---> Package x2goagent.x86_64 0:3.5.0.32-3.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================================================
Installing:
x2goserver x86_64 4.0.1.19-3.el6 epel 98 k
Installing for dependencies:
x2goagent x86_64 3.5.0.32-3.el6 epel 16 k
Transaction Summary
==================================================================================================================================================================================
Install 2 Package(s)
Total download size: 115 k
Installed size: 329 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): x2goagent-3.5.0.32-3.el6.x86_64.rpm
| 16 kB 00:00(2/2): x2goserver-4.0.1.19-3.el6.x86_64.rpm
| 98 kB 00:00Total 119 kB/s | 115 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : x2goserver-4.0.1.19-3.el6.x86_64
1/2Installing : x2goagent-3.5.0.32-3.el6.x86_64
2/2Verifying : x2goagent-3.5.0.32-3.el6.x86_64
1/2Verifying : x2goserver-4.0.1.19-3.el6.x86_64
2/2Installed:
x2goserver.x86_64 0:4.0.1.19-3.el6
Dependency Installed:
x2goagent.x86_64 0:3.5.0.32-3.el6
Complete!
% sudo ls -lhrt /var/lib/x2go
total 16K
-rw-rw---- 1 root x2gouser 13K Jul 26 11:09 x2go_sessions
% x2godbadmin --createdb
DBI connect('dbname=/var/lib/x2go/x2go_sessions','',...) failed: unable to open database file at /usr/sbin/x2godbadmin line 103
backend=sqlite at /usr/sbin/x2godbadmin line 103.
Control: tag -1 moreinfo
On 26.07.2016 08:03 AM, Sivachidambaram Somu wrote:
Package: x2goserver Version: 4.0.1.19-3.el6
Upon installing x2goserver, when "x2godbadmin" script is used with create DB option, a DBI connect error is thrown by the script. As a result, upon suspending/terminating the first session, the client refuses to reconnect to the server displaying the error message given below.
*_Complete Error Message:_*
%x2godbadmin --createdb
DBI connect('dbname=/var/lib/x2go/x2go_sessions','',...) failed: unable to open database file at /usr/sbin/x2godbadmin line 103
backend=sqlite at /usr/sbin/x2godbadmin line 103.
Not quite sure what you do here or what the bug is.
You're trying to create the DB as a user - which won't work.
sudo x2godbadmin --createdb
should work, instead, and judging from the DB's size (13 KB), it looks like it was created successfully by the RPM scriptlets.
So what's the *real* problem?
Mihai
When I run the command with elevated privileges, the created DB file is owned by root and it remains unaccessible when the client tries to establish a connection.
On Aug 14, 2016 2:41 AM, "Mihai Moldovan" <ionic@ionic.de> wrote:
Control: tag -1 moreinfo
On 26.07.2016 08:03 AM, Sivachidambaram Somu wrote:
Package: x2goserver Version: 4.0.1.19-3.el6
Upon installing x2goserver, when "x2godbadmin" script is used with create DB option, a DBI connect error is thrown by the script. As a result, upon suspending/terminating the first session, the client refuses to reconnect to the server displaying the error message given below.
*_Complete Error Message:_*
%x2godbadmin --createdb
DBI connect('dbname=/var/lib/x2go/x2go_sessions','',...) failed: unable to open database file at /usr/sbin/x2godbadmin line 103
backend=sqlite at /usr/sbin/x2godbadmin line 103.
Not quite sure what you do here or what the bug is.
You're trying to create the DB as a user - which won't work.
sudo x2godbadmin --createdb
should work, instead, and judging from the DB's size (13 KB), it looks like it was created successfully by the RPM scriptlets.
So what's the *real* problem?
Mihai
On 14.08.2016 03:12 AM, Sivachidambaram Somu wrote:
When I run the command with elevated privileges, the created DB file is owned by root and it remains unaccessible when the client tries to establish a connection.
That's both true and expected.
The x2goserver scripts (for instance x2golistsessions) call a setuid/setgid binary called libx2go-server-db-sqlite3-wrapper (nightlies) or x2gosqlitewrapper (release version.)
They should reside in /usr/lib/x2go/.
Due to that the session DB can be read even as a user.
Are these binaries not correctly installed on your system?
Mihai
Hi Mihai,
My apologies for the late reply. I had to undergo a minor surgery and was out of my machine for a couple of weeks.
Coming back to your question, I do find x2gosqlitewrapper under '/usr/lib64/x2go' folder (complete contents are listed below). I also find the 'x2go_sessions' file under '/var/lib/x2go' folder, which is owned by x2gouser in root domain. This happens automatically after I install x2goserver.
However, the client still gives out the error mentioned in my first email.
*Contents of '/var/lib/x2go' folder:*
% sudo ls -lhrt /var/lib/x2go
total 16K
-rw-rw---- 1 root x2gouser 13K Aug 24 11:43 x2go_sessions
*Contents of '/usr/lib64/x2go' folder:*
% ls -lhrt /usr/lib64/x2go
total 132K
-rw-r--r-- 1 root root 2.0K Apr 27 2015 x2goutils.pm
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gosyslog*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gosuspend-agent*
-rwxr-xr-x 1 root root 18K Apr 27 2015 *x2gosqlitewrapper.pl <http://x2gosqlitewrapper.pl>*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gormport*
-rwxr-xr-x 1 root root 1.6K Apr 27 2015 *x2gormforward*
-rwxr-xr-x 1 root root 1.4K Apr 27 2015 *x2goresume*
-rw-r--r-- 1 root root 1.8K Apr 27 2015 x2gologlevel.pm
-rwxr-xr-x 1 root root 1.1K Apr 27 2015 *x2gologlevel*
-rwxr-xr-x 1 root root 1.8K Apr 27 2015 *x2golistsessions_sql*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2goinsertsession*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2goinsertport*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gogetstatus*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gogetports*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gogetdisplays*
-rwxr-xr-x 1 root root 1.8K Apr 27 2015 *x2gogetagentstate*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gogetagent*
-rw-r--r-- 1 root root 22K Apr 27 2015 x2godbwrapper.pm
-rwxr-xr-x 1 root root 1.4K Apr 27 2015 *x2gocreatesession*
-rwxr-xr-x 1 root root 1.3K Apr 27 2015 *x2gochangestatus*
-rwxr-sr-x 1 root x2gouser 5.1K Apr 27 2015 x2gosqlitewrapper
drwxr-xr-x 14 root root 4.0K Aug 24 11:43 *extensions*
drwxr-xr-x 2 root root 4.0K Aug 24 11:43 *bin*
Regards, Siva Chidambaram Somu
On Sun, Aug 14, 2016 at 7:40 AM, Mihai Moldovan <ionic@ionic.de> wrote:
On 14.08.2016 03:12 AM, Sivachidambaram Somu wrote:
When I run the command with elevated privileges, the created DB file is owned by root and it remains unaccessible when the client tries to establish a connection.
That's both true and expected.
The x2goserver scripts (for instance x2golistsessions) call a setuid/setgid binary called libx2go-server-db-sqlite3-wrapper (nightlies) or x2gosqlitewrapper (release version.)
They should reside in /usr/lib/x2go/.
Due to that the session DB can be read even as a user.
Are these binaries not correctly installed on your system?
Mihai
On 24.08.2016 08:30 AM, Sivachidambaram Somu wrote:
Hi Mihai,
My apologies for the late reply. I had to undergo a minor surgery and was out of my machine for a couple of weeks.
Oh, that's definitely more important. I hope everything is fine again.
Coming back to your question, I do find x2gosqlitewrapper under '/usr/lib64/x2go' folder (complete contents are listed below). I also find the 'x2go_sessions' file under '/var/lib/x2go' folder, which is owned by x2gouser in root domain. This happens automatically after I install x2goserver.
However, the client still gives out the error mentioned in my first email.
_*Contents of '/var/lib/x2go' folder:*_
% sudo ls -lhrt /var/lib/x2go
total 16K
-rw-rw---- 1 root x2gouser 13K Aug 24 11:43 x2go_sessions
Okay.
*_Contents of '/usr/lib64/x2go' folder:_*
%ls -lhrt /usr/lib64/x2go
total 132K
[...] -rwxr-sr-x 1 root x2gouser 5.1K Apr 27 2015 x2gosqlitewrapper [...]
That's okay as well.
Hmm... did you somehow disable SUID support? Maybe via the "nosuid" mount option for /var?
So... just to make that clear, x2golistsessions_root works fine as root, but x2golistsessions fails as a normal user when ran via SSH?
Mihai
Health is better now. Thanks for asking :)
About the SUID, I have not disabled it myself. Let me check the OS defaults again and give an update on that.
Also, I'm able to open them file 'x2golistsessions' in Vim as root. As you have pointed out, the operation fails as a normal user.
On Aug 25, 2016 12:50 AM, "Mihai Moldovan" <ionic@ionic.de> wrote:
On 24.08.2016 08:30 AM, Sivachidambaram Somu wrote:
Hi Mihai,
My apologies for the late reply. I had to undergo a minor surgery and was out of my machine for a couple of weeks.
Oh, that's definitely more important. I hope everything is fine again.
Coming back to your question, I do find x2gosqlitewrapper under '/usr/lib64/x2go' folder (complete contents are listed below). I also find the 'x2go_sessions' file under '/var/lib/x2go' folder, which is owned by x2gouser in root domain. This happens automatically after I install x2goserver.
However, the client still gives out the error mentioned in my first email.
_*Contents of '/var/lib/x2go' folder:*_
% sudo ls -lhrt /var/lib/x2go
total 16K
-rw-rw---- 1 root x2gouser 13K Aug 24 11:43 x2go_sessions
Okay.
*_Contents of '/usr/lib64/x2go' folder:_*
%ls -lhrt /usr/lib64/x2go
total 132K
[...] -rwxr-sr-x 1 root x2gouser 5.1K Apr 27 2015 x2gosqlitewrapper [...]
That's okay as well.
Hmm... did you somehow disable SUID support? Maybe via the "nosuid" mount option for /var?
So... just to make that clear, x2golistsessions_root works fine as root, but x2golistsessions fails as a normal user when ran via SSH?
Mihai
On 27.08.2016 12:38 PM, Sivachidambaram Somu wrote:
About the SUID, I have not disabled it myself. Let me check the OS defaults again and give an update on that.
Looks like I haven't been explicit enough, sorry.
What's the output of "mount"?
Also, I'm able to open them file 'x2golistsessions' in Vim as root. As you have pointed out, the operation fails as a normal user.
Wait... do you *really* mean x2golistsessions, or rather the database file called x2go_sessions?
The script itself (x2golistsessions) should always be read- and executable by any user.
I've also been looking around if disabling SUID support directly in the kernel is possible, but haven't found anything related to this. Looks like the only way to achieve that is via a mount flag. If that's not the case, I'm running dry here.
Mihai
My bad. I have given below the output of the mount command on my machine.
% mount
/dev/xvda1 on / type auto (rw,noatime)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/mapper/ephemeralVG-ephemeral on /local type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
Also, I meant "x2go_sessions" file. The x2golistsessions script is executable by all users and present under /usr/bin as you said.
% ls -lhrt /usr/bin/x2golist*
-rwxr-xr-x 1 root root 3.3K Apr 27 2015 */usr/bin/x2golistsessions*
-rwxr-xr-x 1 root root 1.4K Apr 27 2015 */usr/bin/x2golistmounts*
-rwxr-xr-x 1 root root 3.0K Apr 27 2015 */usr/bin/x2golistdesktops*
Regards, Siva Chidambaram Somu
On Sat, Aug 27, 2016 at 10:03 PM, Mihai Moldovan <ionic@ionic.de> wrote:
On 27.08.2016 12:38 PM, Sivachidambaram Somu wrote:
About the SUID, I have not disabled it myself. Let me check the OS defaults again and give an update on that.
Looks like I haven't been explicit enough, sorry.
What's the output of "mount"?
Also, I'm able to open them file 'x2golistsessions' in Vim as root. As you have pointed out, the operation fails as a normal user.
Wait... do you *really* mean x2golistsessions, or rather the database file called x2go_sessions?
The script itself (x2golistsessions) should always be read- and executable by any user.
I've also been looking around if disabling SUID support directly in the kernel is possible, but haven't found anything related to this. Looks like the only way to achieve that is via a mount flag. If that's not the case, I'm running dry here.
Mihai
On 29.08.2016 11:33 AM, Sivachidambaram Somu wrote:
My bad. I have given below the output of the mount command on my machine.
%mount
/dev/xvda1 on / type auto (rw,noatime)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/mapper/ephemeralVG-ephemeral on /local type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
Okay, no "nosuid" option in there, so that's also ruled out.
As a test, set the setgid bit on the id binary like this:
sudo chmod g+s $(which id)
then, as a non-root user(!) run:
id -g
Make sure to disable the setgit bit again with:
sudo chmod g-s $(which id)
If the previous id -g call returned an effective group ID of 0, that means that setgid functionality should be working on your system. If it's not 0, the reason for your problems are likely that setgid on files is not working correctly on your system.
Mihai
I'm afraid the command was working as expected.
% sudo chmod g+s $(which id)
% id -g
0
% sudo chmod g-s $(which id)
% id -g
100
Regards, Siva Chidambaram Somu
On Tue, Aug 30, 2016 at 9:03 AM, Mihai Moldovan <ionic@ionic.de> wrote:
On 29.08.2016 11:33 AM, Sivachidambaram Somu wrote:
My bad. I have given below the output of the mount command on my machine.
%mount
/dev/xvda1 on / type auto (rw,noatime)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/mapper/ephemeralVG-ephemeral on /local type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
Okay, no "nosuid" option in there, so that's also ruled out.
As a test, set the setgid bit on the id binary like this:
sudo chmod g+s $(which id)
then, as a non-root user(!) run:
id -g
Make sure to disable the setgit bit again with:
sudo chmod g-s $(which id)
If the previous id -g call returned an effective group ID of 0, that means that setgid functionality should be working on your system. If it's not 0, the reason for your problems are likely that setgid on files is not working correctly on your system.
Mihai
On 30.08.2016 06:05 PM, Sivachidambaram Somu wrote:
I'm afraid the command was working as expected.
%sudo chmod g+s $(which id)
%id -g
0
%sudo chmod g-s $(which id)
%id -g
100
That doesn't make sense... the x2go_sessions file has the correct permissions set and the x2gosqlitewrapper binary is setgid with the correct group assigned - x2gouser. It doesn't look like your system is in any way special regarding this.
If you (re)create the DB via
sudo x2godbadmin --createdb
and then start a new session via X2Go Client and then try to reconnect to that, what error message comes up in X2Go Client?
Mihai
Processing control commands:
tag -1 moreinfo Bug #1063 [x2goserver] CreateDB fails with error
DBI connect('dbname=/var/lib/x2go/x2go_sessions','',...) failedAdded tag(s) moreinfo.
-- 1063: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1063 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems
-
Mihai Moldovan -
owner@bugs.x2go.org -
Sivachidambaram Somu