[X2Go-Dev] X2go crash on Fedora 37, port already in use?
Orion Poplawski
orion at nwra.com
Sat Jan 7 19:18:02 CET 2023
On 1/4/23 10:43, Ulrich Sibiller wrote:
> I agree that the error messages should be more helpful. On the other
> hand all this would not have occurred if the installer had checked for
> the group to exist before creating another one. Plus: Your systems
> should always return the same GID for a given groupname. From your
> description it looks like this is not ensured. So maybe check if you
> NIS setup (or rather your nscd, sssd, nsswitch.conf) is clean.
>
> Uli
The Fedora package does check before creating the group or user:
%pre common
getent group x2gouser >/dev/null || groupadd -r x2gouser
getent passwd x2gouser >/dev/null || \
useradd -r -g x2gouser -d /var/lib/x2go -s /sbin/nologin \
-c "x2go" x2gouser
exit 0
Of course this assumes the NIS is setup and running at the time of
package install, which may not be the case.
>
>
> On Wed, Jan 4, 2023 at 5:08 PM Robert Kudyba <rkudyba at fordham.edu> wrote:
>>
>> The chmod commands allowed X2Go to open. So perhaps not a bug per se but a suggestion to improve on some error checking.
>>
>> We still use NIS/yp (yes it's ok to groan). The NIS server included the x2gouser GID in /etc/group. This led to creation of the user when x2go was installed adopting that GID (461) in /etc/passwd instead of the one that the installation created (973) in /etc/group. (Thus /etc/passwd had x2gouser:x:977:461 while /etc/group had x2gouser:x:973.) The GID of the setgid program /usr/lib64/x2go/libx2go-server-db-sqlite3-wrapper was the one in /etc/group, namely 973, while the GID of /var/lib/x2go and /var/lib/x2go/x2go_sessions was the one in /etc/passwd, namely 461. Hence when the process adopted the GID 973 of the wrapper, it was not granted access to files with GID 461.
>>
>> This caused any of the x2go library scripts that access the database to fail when run as a normal user, In practice, the first one that is run as a session is starting is x2gogetports, which returned a "cannot open file" error message instead of a list of port numbers. This error message (or more precisely the first "word" of it) was fed to x2gocheckports at line 131, which tried to interpret it as a port number, and got a syntax error as a result.
>>
>> In fact, there are many ways that the x2go server process could fail to open the database file. All of them will generate the exact same error message. If I may suggest a change, it would be to catch these errors earlier (e.g. by a success code from x2gogetports and its kin) and report the file open failure with a message based on the errno, (e.g. no such file or access denied). This would narrow down the possible causes of the failure.
>>
>> Thanks for all of your suggestions in getting this to work.
>>
>> On Mon, Jan 2, 2023 at 3:52 AM <me at jcn50.com> wrote:
>>>
>>> It could be a bug: the version distributed with Fedora 37 is
>>> 4.1.0.3-19.fc37.x86_64.rpm whereas the one in CentOS 8 is
>>> x2goserver-4.1.0.3-17.el8.1.x86_64.rpm , with this showing in the change
>>> log:
>>>
>>> 2022-07-23 - Fedora Release Engineering <releng at fedoraproject.org> -
>>> 4.1.0.3-19
>>> - Rebuilt for https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Fedora-5F37-5FMass-5FRebuild&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=c4doz1suIijY2NueNOG6O9qnEmjwZUxxuWDG4ja3upV5tc8ZxcyS12WTuJJIWT3F&s=L9tIePHQQsnuZYnxUL9fh-gQnR4Rx0oKIVntrG7c-LE&e=
>>> 2022-05-30 - Jitka Plesnikova <jplesnik at redhat.com> - 4.1.0.3-18
>>> - Perl 5.36 rebuild
>>>
>>> Those are the permissions I have on my side (on Debian 11 but it should
>>> be the same):
>>> root at dev:~# ls -lah /var/lib/
>>> drwxrwx---+ 2 x2gouser x2gouser 4.0K Dec 29 01:37 x2go
>>>
>>> root at dev:~# ls -lah /var/lib/x2go/
>>> -rw-rw----+ 1 root x2gouser 40K Dec 29 01:37 x2go_sessions
>>>
>>> So try this:
>>> sudo chmod 0770 /var/lib/x2go && sudo chown x2gouser:x2gouser
>>> /var/lib/x2go && sudo chmod 0660 /var/lib/x2go/x2go_sessions && sudo
>>> chown root:x2gouser /var/lib/x2go/x2go_sessions && echo "PERMISSIONS
>>> FIXED"
>>>
>>> If it still doesn't work: maybe you can revert to version
>>> x2goserver-4.1.0.3-17 ? I tried to find the package for Fedora 37 but
>>> could only find the el8 ones... Maybe this command would work:
>>> sudo dnf install x2goserver-4.1.0.3-17.fc37
>>> Otherwise, the only last option to test out would be to use the EPEL8
>>> repo and install the x2goserver-4.1.0.3-17.el8 package...
>>>
>>>
>>> Regards,
>>> Chris,
>>> Quantum HostingĀ®.
>>>
>>> On 2023-01-02 02:26, Robert Kudyba wrote:
>>>> Well a hypothesis was tested with simply changing permissions as
>>>> follows X2Go launched:
>>>>
>>>> sudo chmod 777 /var/lib/x2go
>>>> pascal:~/$ sudo chmod 666 /var/lib/x2go/x2go_sessions
>>>>
>>>> Is x2go_sessions is needed after a session is up and running?
>>>>
>>>> This proves that it is a problem of permission to read and write the
>>>> db. Permission should be gotten via the sgid wrapper, but for some
>>>> reason it is not.
>>>>
>>>> Uninstalling and reinstalling did not work.
>>>> Is there a script to fix permissions correctly? Should we remove the
>>>> x2go user and group and re-add?
>>>>
>>>> On Sun, Jan 1, 2023, 2:33 PM <me at jcn50.com> wrote:
>>>>
>>>>> Hi again Robert,
>>>>>
>>>>> I have tried (and succeeded) on a server using AlmaLinux 8 (I don't
>>>>> have
>>>>> access to Fedora 37, sorry) and this is the command I used (you
>>>>> might
>>>>> skip the 2x "epel" commands?):
>>>>>
>>>>> dnf upgrade -y && dnf install
>>>>>
>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__dl.fedoraproject.org_pub_epel_epel-2Drelease-2Dlatest-2D8.noarch.rpm&d=DwIDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=7p_4VYLAUDElk8vMZgdq0Z9McN077vuO0VabguwetT409bSXJvY1JoGQ0Pc6wHog&s=zksEEUIvkzgtDnM8715wOsqYfM21ArqKZhRQdldhWWA&e=
>>>>>
>>>>> -y && dnf config-manager --enable epel && dnf config-manager
>>>>> --set-enabled powertools && dnf install -y xfdesktop gtk-doc xfce*
>>>>> --exclude=xfce4-sensors-plugin-devel lightdm firefox x2goserver
>>>>> x2goserver-xsession && systemctl isolate graphical.target &&
>>>>> systemctl
>>>>> set-default graphical.target && echo "PLEASE REBOOT NOW"
>>>>>
>>>>> Pausing and resuming the session didn't work though (probably bec my
>>>>> 1x
>>>>> CPU and 768 MB RAM are too small!).
>>>>>
>>>>> Again: I really prefer the LXQt or LXDE on Ubuntu/Debian as it is a
>>>>> lot
>>>>> faster than XFDE...(I can't imagine how slow MATE could be!).
>>>>>
>>>>> Regards,
>>>>> Chris,
>>>>> Quantum HostingĀ®.
>>
>> _______________________________________________
>> x2go-dev mailing list
>> x2go-dev at lists.x2go.org
>> https://lists.x2go.org/listinfo/x2go-dev
> _______________________________________________
> x2go-dev mailing list
> x2go-dev at lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-dev
--
Orion Poplawski
he/him/his - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3847 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.x2go.org/pipermail/x2go-dev/attachments/20230107/5e7e2f68/attachment.bin>
More information about the x2go-dev
mailing list