I have a freeradius server setup with google authenticator to provide a basic working multi-factor setup.
Everything works when I run radiusd in debug mode as root. If I start it as a service, logons fail and this messages is recorded when processing messages:
radiusd(pam_google_authenticator)[1115]: Failed to read "/home/user#domain.com/.google_authenticator" for "user#domain.com"
I think this must be a permissions issue since it works fine when run as root.
I don't really want to edit the permissions on each secret file for every user.
I have tried specifying root in
/etc/raddb/radiusd.conf
user = root group = root
but still the service fails unless run from the command line as root. Does anyone have a nice elegant solution to this conundrum?
I think you should check out your systemd service file for radiusd. It might look something like:
https://github.com/ipfire/ipfire-3.x/blob/master/freeradius/systemd/freeradius.service
You can add User= and Group= in the [Service] section of the .service file if needed. See
https://unix.stackexchange.com/questions/347358/how-to-change-service-user-in-centos-7
and
https://serverfault.com/questions/806617/configuring-systemd-service-to-run-with-root-access
It would be a good idea to put the contents of the .service file for radiusd in your post.
Related
We are facing a peculiar problem on one of our 2 environments. A PutFile processor throws the following error
PutFile[id=xxx] Penalizing StandardFlowFileRecord[uuid=xxx,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=xxx, container=default, section=1012], offset=94495, length=9778],offset=0,name=xxxxxxxxxxxxxxxx_PROD_20200513020001.json.gz,size=9778] and routing to 'failure' because the output directory /data/home/datadelivery/OUT/Test does not exist and Processor is configured not to create missing directories
After enabling the creation of missing directories, the error changes to:
Could not set create directory with permissions 664 because /data/home/datadelivery/OUT/Test: java.nio.file.AccessDeniedException: /data/home/datadelivery/OUT/TestPutFile[id=xxx...
Based on the error message one would think that it is an issue with file and folder permissions, however, the path /data/home/datadelivery/OUT/Test exists, and the nifi user can access and create files and folders in there as well (verified from the command line). The same folder permissions and ownership rights are configured on our DEV environment, where the PutFile processor works as expected. We could change the configuration to use a different location, but I'd rather find the root cause instead.
Where should I start debugging?
Thank you for your help in advance!
Kind regards, Julius
Strange issue, I would try to set full permission on the folder/file you want to write (ie chmod 777 + chown nifi:nifi + recursively), and see if the error is still there. If not it's kind of a start ...
Restarting the NiFi service solved the problem. The issue was that the Unix user (nifi) was modified months after starting the NiFi service. Most probably this was the reason the PutFile processor wasn't able to access a folder which the nifi unix user could.
i have written a bash script. If I run this script manually on same server then its output is
CRITICAL:Something really bad is happening on server.CPU load of Process id: 11109
for user: root with command: java is 76.5
Then I configured its alert on nagios, and nagios is reading its output like
CRITICAL:Something really bad is happening on server.CPU load of Process id:
for user: with command: is
Means values are missing driven from file.
That's most likely happening because generally Nagios uses a user "nagios" or "nrpe" to execute the script plugins and that user is not able to view all processes like root does or does not have the permission to read the file you are asking it to read. You should give the nrpe user permission to read via "sudo" to solve your issue. Please note that in order to run sudo with a user that does not log in(as the Nagios user), you also nees to commebt out the Require tty parameter from /etc/sudoers file.
I have a dedicated server running Linux/Apache with cPanel. On one of my website's users are able to register and upload images.
However, over the last few days, i have received complaints that users cannot upload any media. When I check the /images/ directory I see that the /temp/ folder is missing.
So I re-created it and set the permissions to 0777.
Once that is completed all works fine. But I cannot understand why the directory is being removed. No one else has access to the site and I do not see anything in my error logs that show anything unusual.
Any ideas why this may happen?
Thank you
You need to check your PHP Script has code to unlink(dir) or Something
and Check cron list whether you have added any CRON to remove the TMP folder.
for Write permission 755 is enough If you are using Fcgi php handler, cgi, dso. Have a try 755 permission with one of the listed Handlers.
I am new to Jenkins, starting now.
I see the following errors here.
Building in workspace /var/lib/jenkins/workspace/GIF_DECODER
[GIF_DECODER] $ /bin/bash /tmp/hudson3370393570271110742.sh
/tmp/hudson3370393570271110742.sh: line 2: cd: /home/joshis1/Data/E-Drive/Blog/Ready_to_post/Ubuntu/GIF_Decoder_LINUX: Permission denied
/var/lib/jenkins/workspace/GIF_DECODER
I have given the build commands as the following. This is under execute shell.
#!/bin/bash
cd /home/joshis1/Data/E-Drive/Blog/Ready_to_post/Ubuntu/GIF_Decoder_LINUX
pwd
make clean
make everything
I am not understanding what is the issue here? Looks to be a permission year. I have jenkins in sudoers list. I don't why it looks for /var/lib/jenkins/workspace/GIF_Decoder.
I see the jenkins page under - http://:8080/job/GIF_DECODER/configure
How can I setup the hostname so that instead of localhost I have some meaningful name? Please help. Also, what is the best document/video to start with Jenkins for linux users? How to debug Jenkins issue seen? How can I instantiate a build by sending an email?
I am not understanding what is the issue here?
It's a permission error. It looks like your jenkins user does not have permissions for /home/joshis1/Data/E-Drive/Blog/Ready_to_post/Ubuntu/GIF_Decoder_LINUX
How can I setup the hostname so that instead of localhost I have some meaningful name?
Try the hostname of your server in the URL. e.g. http://myserver:8080/job/GIF_DECODER/configure
Also, what is the best document/video to start with Jenkins for linux users?
I expect that you have a basic understanding of how linux works. This is important on how to configure your jenkins and write the necessary build steps. The most basic information you will find on http://jenkins-ci.org and basic installation https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins
How to debug Jenkins issue seen?
That depends ...
... on the issue. If you have build problems check the console output of the job first. In addition, Jenkins writes its logfiles into the jenkins home directory.
How can I instantiate a build by sending an email?
Check out the mail commander plugin
I have installed successfully the roar-penguin pppoe-server and trying to use it without success, what I don't understand is that, when I put in my /etc/ppp/pppoe-server-options
debug
logfile /var/log/pppoe-server-log
But that file is not created and I don't understand what happens. It is really hard for me find a solution. Do you know how can I enable the debugging ?
My problem is that I catch every time (Wireshark sniffing) the
RP-PPPoE: Child pppd process terminated
In the PADT message, any help ?
Thanks in advance.
From your question not being formatted, verify that debug and logfile in /var/log/pppoe-server-log are on separate lines in your configuration file. Also, ensure that you've restarted the service to utilize the new configuration. If the service is not running as root, be sure that the user it runs as has ownership over the logfile to write to it. If it is running as root, ensure the file exists and that it's writable.
If it doesn't exist, just run:
# touch /var/log/pppoe-server-log
# chmod 0774 /var/log/pppoe-server-log
I would think this should be done automatically, but you may as well do so just to ensure it's created properly and you can verify ownership/permissions as needed.