I want to create a cloud9 automated setup script for an application, which uses couchdb for database. Part of the script, is the setup of the application database, which needs couchdb running, in order to function properly.
The problem is that the only available solution about couchdb on cloud9 helps you instantiate couchdb as a foreground procedure. So if you want to test the correctness of the instantiation, or execute any other command you need to open a second terminal tab as documented in the above solution, but this is not functional in my case.
So how do I make couchdb run in the background?
Ok CouchDB can be executed in the background on Cloud9, if you pass the parameter -b to the executable, or by reconfiguring the executable to run in the background by default. But if you try to run couchdb like this, you will run into unexisting log files and permission errors when couchdb tries to create them.
So following the bellow steps will get couchdb up and running smoothly.
1. Create log files (and give proper permissions to couchdb user)
sudo su couchdb -c 'touch /var/log/couchdb/couchdb.stdout'
sudo su couchdb -c 'touch /var/log/couchdb/couchdb.stderr'
sudo chown couchdb: /var/log/couchdb
sudo chmod u+w /var/log/couchdb
2. Create CouchDB pid storage dir
sudo mkdir -p /var/run/couchdb
sudo chown couchdb:couchdb /var/run/couchdb
3.Reconfigure Executable
sudo nano /usr/bin/couchdb
Change STDERR_FILE:couchdb.stderr with STDERR_FILE:/var/log/couchdb/couchdb.stderr
And STDERR_FILE:couchdb.stdout with STDERR_FILE:/var/log/couchdb/couchdb.stdout
4.Run in background
sudo su couchdb -c '/usr/bin/couchdb -b'
5.Test
curl http://127.0.0.1:5984
+Bonus1
If you want to run CouchDB on the background, without the -b parameter, like this: sudo su couchdb -c /usr/bin/couchdb then in step 3, when reconfiguring the couchdb executable, you should also change BACKGROUND=false with BACKGROUND=true
+Bonus2
bash script version: Create a .sh file, add the following commands and run it on cloud9 workspace to properly set up couchdb for background execution. After executing the script start CouchDB with sudo su couchdb -c /usr/bin/couchdb.
sudo su couchdb -c 'touch /var/log/couchdb/couchdb.stdout'
sudo su couchdb -c 'touch /var/log/couchdb/couchdb.stderr'
sudo chown couchdb: /var/log/couchdb
sudo chmod u+w /var/log/couchdb
sudo mkdir -p /var/run/couchdb
sudo chown couchdb:couchdb /var/run/couchdb
sudo sed -i 's_couchdb.stderr_/var/log/couchdb/couchdb.stderr_g' /usr/bin/couchdb
sudo sed -i 's_couchdb.stdout_/var/log/couchdb/couchdb.stdout_g' /usr/bin/couchdb
sudo sed -i 's_BACKGROUND=false_BACKGROUND=true_g' /usr/bin/couchdb
Related
There are a few posts on how to use Docker + SSH. There are also posts on how to edit files mounted in a docker container, such that editing them won't cause the permissions to become root.
I'm trying to combine the 2 things, so I can SSH into a docker container and edit files without messing up their permissions.
For, using the correct file permissions, I use:
- /etc/passwd:/etc/passwd:ro
- /etc/group:/etc/group:ro
in my docker-compose.yml and
docker compose -f commands/dev/docker-compose.yml run \
--service-ports \
--user $(id -u) \
develop \
bash
so that when I start the docker container, my user is the same user as my local computer.
However, this breaks up my SSH setup inside the Docker container:
useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo ubuntu
echo 'ubuntu:ubuntu' | chpasswd
# passwd -d ubuntu
apt install -y --no-install-recommends openssh-server vim-tiny sudo
# See: https://stackoverflow.com/questions/22886470/start-sshd-automatically-with-docker-container
sed 's#session\s*required\s*pam_loginuid.so#session optional pam_loginuid.so#g' -i /etc/pam.d/sshd
mkdir /var/run/sshd
bash -c 'install -m755 <(printf "#!/bin/sh\nexit 0") /usr/sbin/policy-rc.d'
ex +'%s/^#\zeListenAddress/\1/g' -scwq /etc/ssh/sshd_config
ex +'%s/^#\zeHostKey .*ssh_host_.*_key/\1/g' -scwq /etc/ssh/sshd_config
RUNLEVEL=1 dpkg-reconfigure openssh-server
ssh-keygen -A -v
update-rc.d ssh defaults
# Configure sudo
ex +"%s/^%sudo.*$/%sudo ALL=(ALL:ALL) NOPASSWD:ALL/g" -scwq! /etc/sudoers
Here I'm creating a user called ubuntu with password ubuntu for SSH-ing. This lets me SSH in ubuntu#localhost using the password ubuntu.
The issue is that by mounting the /etc/passwd file into my container, I erase the ubuntu user inside the container. This means when I try to ssh in with ssh -p 9002 ubuntu#localhost, the authentication fails (9002 is what I bind port 22 in the container to on the host).
Does anyone have a solution?
Here's a first pass answer.
I can use:
useradd -rm -d /home/yourusername -s /bin/bash -g root -G sudo yourusername
instead of
useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo ubuntu
echo 'ubuntu:ubuntu' | chpasswd
then, I:
Run the ssh server in the container with:
su root
/usr/sbin/sshd -D -o ListenAddress=0.0.0.0 -o PermitRootLogin=yes
I can ssh into the container as root (using the root password "root", which I set with RUN echo 'root:root' | chpasswd in the Dockerfile).
Then, I can do su yourusername, to switch my user.
While this works, it is pretty annoying since I need to bake the user name into the Docker container.
When attempting to execute sudo in a docker container using alpine 3.8 I get the following output.
I am logged into the container using docker exec -i -t MYIMAGE /bin/bash
bash-4.4$ whoami
payara
bash-4.4$ sudo -s
bash-4.4$ whoami
payara
bash-4.4$ su root
su: incorrect password
bash-4.4$
My docker file contains the following user related commands to try and setup a user specifically for payara. I want sudo to work correctly though, if possible.
DockerFile
FROM "alpine:latest"
ENV LANG C.UTF-8
ENV http_proxy 'http://u:p#160.48.234.129:80'
ENV https_proxy 'http://u:p#160.48.234.129:80'
RUN apk add --no-cache bash gawk sed grep bc coreutils git openssh-client libarchive libarchive-tools busybox-suid sudo
RUN addgroup -S payara && adduser -S -G payara payara
RUN echo "payara ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
# CHANGE TO PAYARA USER
USER payara
... rest of setup.
From man sudo:
-s, --shell
Run the shell specified by the SHELL environment variable if it is set or the shell specified by the invoking user's password database entry.
You have neither SHELL variable set, nor correct (interactive) default shell set in /etc/passwd for user payara. This is because you are creating a system user (-S) - this user has a default shell /bin/false (which just exits with exit code 1 - you may check with echo $? after unsuccessfull sudo -s).
You may overcome this in different ways:
a) specify the SHELL variable:
bash-4.4$ SHELL=/bin/bash sudo -s
bed662af470d:~#
b) use su, which will use the default root's shell:
bash-4.4$ sudo su -
bed662af470d:~#
c) just run the required privileged commands with sudo directly, without spawning an interactive shell.
I am trying to follow this documentation and install docker machine on my EC2 instance. However, the curl command:
curl -L https://github.com/docker/machine/releases/download/v0.8.2/docker-machine-`uname -s`-`uname -m` >/usr/local/bin/docker-machine
quits with the error:
-bash: /usr/local/bin/docker-machine: Permission denied
I tried to curl into the home directory, hoping that it would change the permissions on the directory and then copy it to destination, but it didn't work.
How can I by-pass this? Clearly, the ec2-user is lacking the root privileges on some directories.
-v When given the -v (validate) option, sudo will update the user's cached credentials, authenticating the user's password if necessary.
For the sudoers plugin, this extends the sudo timeout for another 5
minutes (or whatever the timeout is set to by the security policy) but
does not run a command. Not all security policies support cached
credentials.
ec2-user is in sudoers list by default.
[ec2-user ~]$ sudo -v
[ec2-user ~]$
Try this:
sudo bash -c "curl -L https://github.com/docker/machine/releases/download/v0.8.2/docker-machine-`uname -s`-`uname -m` >/usr/local/bin/docker-machine"
If you want to make the saved file an executable for all:
sudo chmod a+x /usr/local/bin/docker-machine
After following this tutroial I get the following error when trying to run the commands as user or even sudo:
sudo: no tty present and no askpass program specified
The comments from Lurdan in this article state that you need to run
sudo -S <YOUR_COMMAND>
chmod 0666 /dev/tty
chmod doesn't work but sudo -S does, but surely there's another fix?
So silly, after looking further down I see a solution from Beorat:
To avoid the sudo tty issue and others, run these commands just before running do-release-upgrade:
sudo -S apt-mark hold sudo
sudo -S apt-mark hold procps
sudo -S apt-mark hold strace
If you've already upgraded, run the above commands, then manually downgrade to the Trusty packages:
sudo -S wget http://mirrors.kernel.org/ubuntu/pool/main/s/sudo/sudo_1.8.9p5-1ubuntu1.1_amd64.deb
sudo -S wget http://mirrors.kernel.org/ubuntu/pool/main/p/procps/procps_3.3.9-1ubuntu2_amd64.deb
sudo -S wget http://mirrors.kernel.org/ubuntu/pool/main/s/strace/strace_4.8-1ubuntu5_amd64.deb
sudo -S dpkg -i sudo_1.8.9p5-1ubuntu1.1_amd64.deb
sudo -S dpkg -i procps_3.3.9-1ubuntu2_amd64.deb
sudo -S dpkg -i strace_4.8-1ubuntu5_amd64.deb
More info here: https://github.com/Microsoft/BashOnWindows/issues/482
WSL uses the lxrun executable for management from Windows:
lxrun -h
Usage:
/install - Installs the subsystem
Optional arguments:
/y - Do not prompt user to accept
/uninstall - Uninstalls the subsystem
Optional arguments:
/full - Perform a full uninstall
/y - Do not prompt user to accept
/setdefaultuser - Configures the subsystem user that bash will be launched as. If the user does not exist it will be created.
Optional arguments:
username - Supply the username
/y - If username is supplied, do not prompt to create a password
/update - Updates the subsystem's package index
Given that, you can use lxrun /setdefaultuser root. Just thought I'd point out this side of it since it was required when I ran into the same issue as you after trying to upgrade to Xenial. I can confirm that running this command, then the wget / dpkg commands my issues were resolved.
The commands I used:
wget http://mirrors.kernel.org/ubuntu/pool/main/s/sudo/sudo_1.8.9p5-1ubuntu1.4_amd64.deb
wget http://mirrors.kernel.org/ubuntu/pool/main/p/procps/procps_3.3.9-1ubuntu2_amd64.deb
wget http://mirrors.kernel.org/ubuntu/pool/main/s/strace/strace_4.8-1ubuntu5_amd64.deb
dpkg -i sudo_1.8.9p5-1ubuntu1.4_amd64.deb
dpkg -i procps_3.3.9-1ubuntu2_amd64.deb
dpkg -i strace_4.8-1ubuntu5_amd64.deb
Finally, you might need to run sudo apt-get install -f in case you get The following packages have unmet dependencies [xxx] but it is not going to be installed
I got rid of the error by moving /etc/hosts to /etc/hosts.bu. After closing the shell en opening again, /etc/hosts is recreated and your computer name is added. The error is gone (for me.)
I want to make a script that runs some commands with sudo permission & some commmands with sudo -u username permission.
Currently,
I run script using sudo permission, which executes each command in the script with sudo permission. But what I want to do is run some commands with normal user permissions. For example: If I create a directory then I don't want to be created by super-user. Otherwise it becomes difficult to delete it from file manager until I open file manager in root mode.
#!/bin/bash
# this declares that current user is a sudoer
sudo tee /etc/sudoers.d/$USER <<END
END
# write the content of your script here
sudo npm install hexo-cli -g
mkdir Untitled
sudo apt-get install python
# then to remove the sudo access from the current user
sudo /bin/rm /etc/sudoers.d/$USER
sudo -k
You either run a script as a user, and put some sudo command in it, or you run the script with sudo, and use su to run specific commands within the script as a certain user.