I'm attempting to install postgresql 10 for the first time and need to run the initdb setup. Unfortunately, this fails and returns an error from the nologin shell.
server# /usr/pgsql-10/bin/postgresql-10-setup initdb
Initializing database ...
failed, see /var/lib/pgsql/10/initdb.log
server# cat /var/lib/pgsql/10/initdb.log
This account is currently not available.
I strace'd the command and verified the su commands are probably what's causing this and it seems the default setting for the postgres user is /sbin/nologin. In various examples I've seen, there is no mention of this being a possible issue. How would this work on any other system by default? I feel that temporarily modifying the login shell would work but I want to understand this issue better more specifically from the application's end.
centos 7.8
selinux mode: permissive
postgresql 10
Related
I have my community 4.1.1 neo4j service installed on the ubuntu commandline running on my windows machine. I have been using neo4j steadily for a month or two now, just recently it has prevented me from accessing the neo4j database, it will say this in neo4j browser:
Database 'neo4j' is unavailable. Run :sysinfo for more info.
I have tried uninstalling neo4j and reinstalling but that has not worked either. I tried playing around with the default listen address previously, but now with the reinstall all config data is back to normal. Running ./neo4j-community-4.1.1/bin/cypher-shell under bin does not work. It says:
Unable to establish connection in 3000ms
If I run ./neo4j-community-4.1.1/bin/cypher-shell -a 192.168.0.19 it says:
Database 'neo4j' is unavailable
When I run ./neo4j-community-4.1.1/bin/neo4j-admin check-consistency --database=neo4j it also states:
.2020-08-18 22:12:16.868+0000 WARN [o.n.c.ConsistencyCheckService] Index was dirty on startup which means it was not shutdown correctly and need to be cleaned up with a successful recovery. Index file: /home/thomp105/neo4j-community-4.1.1/data/databases/neo4j/neostore.relationshipgroupstore.db.id.
I would love to reset everything from scratch but I am unsure how
At this point I cannot even access the browser at localhost:7474. It hangs indefinitely trying to load.
I am truly stumped. Anyone have any advice on how I navigate this issue?
It's not easy to guess the issue without seeing your system, but may I ask if you can try to delete your default database, i.e. neo4j physically from the disk (e.g. rm -rf /home/thomp105/neo4j-community-4.1.1/data/databases/neo4j/), and then try to create another database with different name instead (open neo4j.conf, search for dbms.active_database, which point out on default database, and change it to some other name)?
I had this problem running on a linux server. The server was up but got this error on any query: Database 'neo4j' is unavailable. To troubleshoot I ran sudo neo4j console and the problem went away. When I ran the console as user ne04j the problem came back.
$ /usr/share/neo4j/bin/neo4j console
Directories in use:
home: /var/lib/neo4j
config: /etc/neo4j
logs: /var/log/neo4j
plugins: /var/lib/neo4j/plugins
import: /var/lib/neo4j/import
data: /var/lib/neo4j/data
certificates: /var/lib/neo4j/certificates
run: /var/run/neo4j
So I tried: sudo chown -R neo4j:neo4j /var/lib/neo4j/data and the problem went away. Apparently when I'd done a restore of the database I'd run the neo4j server as root and when the system runs neo4j it does it as the user neo4j so couldn't read any of its data. It seems that an error like this would warrant an easy to parse error message but verbosity is not the neo4j way.
I accidentally removed the super user privilege from user: postgres. I don't know how to get another super user. I stopped the postgres service and tried logging in with single-user mode:
/usr/pgsql-10/bin/postgres --single -D /var/lib/pgsql/10/data
I get this error:
"root" execution of the PostgreSQL server is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise. See the documentation for
more information on how to properly start the server.
In Linux, how can I start Postgres in single-user mode so I can fix the super user privilege?
Edit: I used this link for reference, but I'm getting the error mentioned above.
Accidently removed postgres default superuser privileges - can I get it back?
I combined solutions from these three links:
Accidently removed postgres default superuser privileges - can I get it back?
Restoring the superuser account on the postgres server
“root” execution of the PostgreSQL server is not permitted
After stopping the postgresql service, I ran this command:
sudo -u postgres /usr/pgsql-10/bin/postgres --single -D /var/lib/pgsql/10/data
/usr/pgsql-10/bin/postgres is the location of my postgres binary
/var/lib/pgsql/10/data is the location of my postgresql conf
This allowed me to access single user mode, where I just typed this command:
ALTER USER postgres SUPERUSER;
So if anyone is experiencing the same scenario as me, please give the posted command a try.
just adding this for postgresql 12 (Ubuntu) and possibly up
sudo -su postgres /usr/lib/postgresql/12/bin/postgres --single -D /etc/postgresql/12/main
I'm using Centos 6.9. I have installed Redis using yum:
sudo yum update
sudo yum install redis
No errors were given during the installation.
I can start Redis using redis-cli. It gives me the prompt as expected:
127.0.0.1:6379>
However whenever I issue commands (e.g. PING or SET foo bar) it's giving the following error message:
(error) MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled. Please check Redis logs for details about the error.
I've found MISCONF Redis is configured to save RDB snapshots. and gone through it but none of the advice in there works.
The Accepted Answer on the above was to use CONFIG SET to change the directory where Redis was storing data. I tried this in a non-root directory, CONFIG SET dir /home/andy, but it still gives me the same error message.
If I execute BGSAVE it says "Background saving started" but then attempting SET foo bar goes back to giving me the error above.
Other answers have discussed this being a permissions issue. However I don't see how these apply because I've tried starting Redis as both root and my own account (andy) and the same occurs.
I'm not sure if it's the same problem as described on the link or something else.
How can I further diagnose this? I am a PHP developer by trade so this is not my area of expertise, however I am trying to install Redis so I can use it with a PHP application which has it's own interface to Redis.
It seems that the yum installation creates a redis user, and your Redis instance is running by this user. So even if you set dir to /home/andy, this redis user still doesn't have permission to write to andy's home directory.
Use ps aux |grep redis to get the user who's running redis, and config dir to a directory that this user has write permission.
Quick fix for this error is, goto redis-cli and set following
127.0.0.1:6379> config set stop-writes-on-bgsave-error no
Above like just ignore it
I solved the problem by executing following commands:
$ redis-cli
> config set stop-writes-on-bgsave-error no
Background
My question seems simple, but it gets more complex really fast.
Basically, I got really tired of maintaining my servers manually (screams in background) and I decided it was time to find a way to make being a server admin much more liveable. That's when I found Ansible. Great huh? Sure beats making bash scripts (louder scream) for everything I wanted to automate.
What's the problem?
I'm having a lot of trouble figuring out what user my Ansible playbook will run certain things as. I also need the ability to specify what user certain tasks will run as. Here are some specific use cases:
Cloning a repo as another user:
My purpose with this is it run my node.js webapp from another user, who we'll call bill (that can only use sudo to run a script that I made that starts the node server, as opposed to root or my user that can use sudo for all commands). To do this, I need the ability to have Ansible's git module clone my git repo as bill. How would I do that?
Knowing how Ansible will gain root:
As far as I understand, you can set what user Ansible will connect to the server you're maintaining by defining 'user' and the beginning of the playbook file. Here's what I don't understand: if I tell it to connect via my username, joe, and ask it to update a package via the apt module, how will it gain root? Sudo usually prompts me for my password, and I'd prefer keeping it that way (for security).
Final request
I've scoured the Ansible docs, done some (what I thought was thorough) Googling, and generally just tried to figure it out on my own, but this information continues to elude me.
I am very new to Ansible, and while it's mostly straight-forwards, I would benefit greatly if I could understand exactly how Ansible runs, on which users it runs, and how/where I can specify what user to use at different times.
Thank you tons in advance
You may find it useful to read the Hosts and Users section on Ansible's documentation site:
http://docs.ansible.com/playbooks_intro.html#hosts-and-users
In summary, ansible will run all commands in a playbook as the user specified in the remote_user variable (assuming you're using ansible >= 1.4, user before that). You can specify this variable on a per-task basis as well, in case a task needs to run as a certain user.
Use sudo: true in any playbook/task to use sudo to run it. Use the sudo_user variable to specify a user to sudo to if you don't want to use root.
In practice, I've found it easiest to run my playbook as a deploy user that has sudo privileges. I set up my SSH keys so I can SSH into any host as deploy without using a password. This means that I can run my playbook without using a password and even use sudo if I need to.
I use this same user to do things like cloning git repos and starting/stopping services. If a service needs to run as a lower-privileged user, I let the init script take care of that. A quick Google search for a node.js init.d script revealed this one for CentOS:
https://gist.github.com/nariyu/1211413
Doing things this way helps to keep it simple, which I like.
Hope that helps.
My 2 cents:
Ansible uses your local user (eg Mike) to ssh to the remote machine. (That required Mike to be able to ssh to the machine)
From there it can change to a remote user if needed
It can also sudo if needed and if Mike is allowed. If no user is specified then root will be selected via your ~/.ansible.cfg on your local machine.
If you supply a remote_user with the sudo param then like no.3 it will not use root but that user.
You can specify different situations and different users or sudo via the playbooks.
Playbook's define which roles will be run into each machine that belongs to the inventory selected.
I suggest you read Ansible best practices for some explanation on how to setup your infrastructure.
Oh and btw since you are not referring to a specific module that ansible uses and your question is not related to python, then I don't find any use your question having the python tag.
Just a note that Ansible>=1.9 uses privilege escalation commands so you can execute tasks and create resources as that secondary user if need be:
- name: Install software
shell: "curl -s get.dangerous_software.install | sudo bash"
become_user: root
https://ansible-docs.readthedocs.io/zh/stable-2.0/rst/become.html
I notice current answers are a bit old and suffering from link rot.
Ansible will SSH as your current user, by default:
https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html#connecting-to-remote-nodes
Ansible communicates with remote machines over the SSH protocol. By default, Ansible uses native OpenSSH and connects to remote machines using your current user name, just as SSH does.
This can be overridden using:
passing the -u parameter at the command line
setting user information in your inventory file
setting user information in your configuration file
setting environment variables
But then you must ensure a route exists to SSH as that user. An approach to maintaining user-level ownership I see more often is become (root) and then to chown -R jdoe:jdoe /the/file/path.
In my 2.12 release of ansible I found the only way I could change the user was by specifying become: yes as an option at the play level. That way I am SSHing as the unprivileged, default, user. This user must have passwordless sudo enabled on the remote and is about the safest I could make my VPS. From this I could then switch to another user, with become_user, from an arbitrary command task.
Like this:
- name: Getting Started
gather_facts: false
hosts: all
become: yes # All tasks that follow will become root.
tasks:
- name: get the username running the deploy
command: echo $USER
become_user: trubuntu # From root we can switch to trubuntu.
If the user permitted SSH access to your remote is, say, victor, and not your current user, then remote_user: victor has a place at the play level, adjacent to become: yes.
I use Postgesql and PgAdmin on Windows without any problems but am struggling to get it working on Linux (I'm a Linux N00b). I have installed the 64bit version on my Fedora box following these instructions (except substituting version 9.3 for 9.2). Everything works well until I get to launching pgsql with:
sudo -u postgres psql template1
Here I get an error "Permission denied" as is attempts to change to my home directory.
I can change the password for 'postgres' as per the instructions and I presume this is just so I can use 'md5' rather than 'trust' in pg_hba.conf (if not, then I don't understand why I need this step).
When I fire up PgAdmin3, initially I have no connections. Attempting to connect to the server gives me an authentication error for user 'postgres'. I have tried resetting pg_hba.conf to 'trust' but that doesn't work either.
I would appreciate an explanation of the 'postgres' user in Linux as it appears to be a separate actual user on the Linux system (unlike Windows where it is just a 'disembodied' user relevant only to Postgress). Secondly, help in getting PgAdmin speaking to Postgresql would be gratefully received.
psql -U postgres template1
It will prompt for password if you set md5 in pg_hba.conf
After much digging about I found that most of the documentation is incomplete. I needed a combination of connecting via Cefull Lo's solution (+1) and NOT (as in most of the documentation):
sudo -U postgres psql
Then to change the password I need a more explicit SQL command as follows
template1=# ALTER USER postgres with encrypted password ‘yourpassword’;
I presume that I need to explicitly state 'with encrypted password' because I am using md5, though again, 90% of the documentation fails to point this out and advises a basic change of password together with md5. Maybe this is specific to Fedora, who knows, but now I can connect via PgAdmin3.