SFTP stopped working once I upgraded RSSH to rssh-2.3.4-16.el7
I did all necessary setup for sftp, and it was working fine with rssh-2.3.3-2.el7.
I have a perl script which get invoked once user try to connect sftp, The script changes user to valid sftp user using setuid and setguid, below is the part of that code:
POSIX::setgid($sftp_gid);
POSIX::setuid($sftp_uid);
Post that script executes rssh:
/usr/bin/rssh -c /usr/libexec/openssh/sftp-server
This was working before I upgrade rssh, and stopped working after upgrade, it started giving error:
Can't exec "/usr/bin/rssh": Permission denied
It might be due to security fix of CVE-2012-3478 but not sure.
It works if I remove setuid and setgid code.
Can anyone help into this?
Related
I am trying to run jupyterhub on an Ubuntu 20.04 LTS server. My idea is to run python/jupyterhub in a conda virtual environment as a system service. As I want to be able to limit the resources available to individual users I installed the systemdspawner.
After installing everything and starting the jupyterhub service I can login through my web browser. However, when trying to start the server the spawner stucks and after a while I get an error message saying "Spawn failed: Timeout"
in journalctl I can see the following messages:
User logged in: me 302 POST /hub/login?next= -> /hub/spawn (me#::ffff:[my IP address]) 59.42ms
Adding role server to token: <APIToken('93c8...', user='me', client_id='jupyterhub')
Creating oauth client jupyterhub-user-me
pam_loginuid(login:session): Error writing /proc/self/loginuid: Operation not permitted
pam_loginuid(login:session): set_loginuid failed
pam_unix(login:session): session opened for user me by (uid=0)
Failed to open PAM session for me: [PAM Error 14] Cannot make/remove an entry for the specified session
Disabling PAM sessions from now on. user:me
Unit jupyter-me-singleuser in a failed state. Resetting state.
Disclaimer: My Jupyter/Python installation is replacing an former installation that was setup by someone else and got messed up a bit during time. I tried to remove everything related and start with a clean installation from scratch. However, as I had very little documentation about the old setup there is a certain risk that there might be some left-overs of the previous installation that may cause trouble.
Any ideas?
Solved it out myself. In the end the PAM related messages seem to be non-critical and were not related to the timeout at all. Instead I found a mistake in /etc/systemd/system/jupyterhub.service, where the PATH variable was not including the bin directory of my miniconda installation.
I'm unable to login to my RStudio Server installed on a ubuntu container. I've created the accounts and changed the user ids.
Screenshot of error:
Looking at /var/log/syslog there are Operation not Permitted errors on temporary files under /tmp/rstudio-rsessions - I just had to change the ownership or delete the files user-d and user-d.pid.
I am getting started with Ethereum and building a Dapp (what the hell does this mean by the way?). On the basic installation of the application (https://github.com/ethereum/wiki/wiki/Dapp-using-Meteor#connect-your-%C3%90app), I get this error upon attempting to connect.
geth --rpc --rpccorsdomain "http://localhost:3000"
I0804 23:48:24.987448 ethdb/database.go:82] Alloted 128MB cache and 1024 file handles to /Users/( . )Y( . )/Library/Ethereum/chaindata
Fatal: Could not open database: resource temporarily unavailable
I literally just got started, I set up ethereum through homebrew and made an account with geth. Can't get past right here.
Thank you!
Your geth client is already running in the background. You can attach to it by typing:
$ geth attach
in your command line. This will allow you to run commands on the geth client console.
I'm trying to create a database using DBCA on Oracle 11g installation on Ubuntu Linux 12.04 64 bit.
I followed the instructions here, but I get
ORA-12547: TNS Lost Contact when running DBCA.
Below are the details. Can someone assist with the solution?
Instead of using /opt/oracle as the "oracle" user home, I used /home/oracle
I did not install the libstdc++5 in 32 bit version
I did everything else the same as the posting
Installation resulted in "missing packages". I tried to do an apt-get install for these packages from ubuntu, but ubuntu says that they don't exist.
Then I saw in the instructions:
Once you will reach the "pre-reqs" screen, check "Ignore all" to continue the installation.
When running ./dbca from $ORACLE_HOME/bin, it fails with ORA-12547.
I checked $ORACLE_HOME/network/admin and listener.ora , sqlnet.ora , and tnsnames.ora all look OK.
However, I think that tnsnames.ora is not being read properly, because ./tnsping fails and the error message states that "EZ Connect" was used.
But in my sqlnet.ora , I have
names.directory_lookup = (TNSNAMES,EZCONNECT)
It should use EZ Connect only after tnsnames is tried.
Also, I sometimes get ORA-12541: No listener. I tried running ./netca. Everything is OK until I perform a test on the listener, and it fails.
I can't run ./lsnrctl. Absolutely nothing happens for this, as well as lsnrctl start, stop, status.
I can't go through sqlplus. If I run ./sqlplus , it asks me for username/password directly.
If I do ./sqlplus / as sysdba, then this results in "ORA-12547: TNS lost contact".
All environment variables are set correctly in .bashrc.
I tried re-running root.sh , but the problem is not fixed.
/etc/oratab is OK
/etc/hosts is OK, but I can't always ping the "localhost" or "127.0.0.1", or "ubuntu" or "127.0.1.1"
The same TNS or Listener errors display.
When I login in oracle (sqlplus system/pass as sysdba), I got this:
ERROR:
ORA-12547: TNS :lost contact when try to connect to Oracle.
First, I think the server is down, but I check it, it is OK. And so many body say 'chmod 6751 oracle', I did it, but I got another error:
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
finally, I switch the system user from root to oracle. And I login success.
Ensure the DB is up and running and you can connect locally AS SYSDBA to the database
using Oracle binaries owner (usually oracle:oinstall Unix / Linux user). If it does not
work, probably you encounter a different problem.
1. Check privileges of an Oracle file on Unix / Linux host where database is running:
cd $ORACLE_HOME/bin
ls -ltr oracle
2. Change permissions as below:
chmod 6751 oracle
ls -ltr oracle
This code may help you lot.
I am trying to run a build script and I keep getting errors during a specific svn task. When I try to build the target from the command line, I get an authentication error. When I run the build from flex builder I get an error saying "please get a newer Subversion client". From what I can tell there is a root issue that can be seen here when doing an ant -verbose:
svn_update:
[echo] Updating the project source...
[svn] Using javahl
[svn] <Update> started ...
[svn] update /Users/dave/Documents/Flex Builder 3/AssetLibrary -r HEAD --force
[svn] At revision 373.
[svn] <Update> finished.
[ant] Exiting /Users/dave/Documents/Flex Builder 3/Simulation/build-template/commonbuild.xml.
[ant] Exiting /Users/dave/Documents/Flex Builder 3/AssetLibrary/build.xml.
[echo] Updating DataService Source
...
svn_update:
[echo] Updating the project source...
[svn] Using command line
[svn] <Update> started ...
[svn] up -r HEAD /Users/dave/Documents/Flex Builder 3/DataService --non-interactive
[svn] svn: OPTIONS of 'https://svn.example.com/{redacted}': authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (https://svn.example.com)
[svn] <Update> failed !
[ant] Exiting /Users/dave/Documents/Flex Builder 3/Simulation/build-template/commonbuild.xml.
[ant] Exiting /Users/dave/Documents/Flex Builder 3/DataService/build.xml.
[ant] Exiting /Users/dave/Documents/Flex Builder 3/Simulation/build.xml.
As you can see, the second (failing) svn_update target is using command line, and the first (working) update is using javahl. I am using the default attributes for svn, so javahl should default to be used.
I updated my svnant jars to 1.3.0.
Would love some help with this one!
Dave
First thing that's catching my eye is that the javahl one isn't calling the update on the same directory as the last one:
/Users/david.marr/Documents/Flex Builder 3/AssetLibrary
vs.
/Users/david.marr/Documents/Flex Builder 3/DataService
It could be that there is some other SVN problem underlying and you're just getting a misleading error message. Also, are you sure url https://svn.frogdesign.com/{redacted} is being parsed correct whatnot? "{redacted}" doesn't look like ANT syntax to me, and neither a regular url.
Maybe your command line client is too old, and the server has a versioning constraint on clients allowed to connect? What does svn --version say?
I usually get the Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge error I use svn update in non interactive mode (example: svn update --non-interactive > output.txt) and when my NT or Active Directory password has changed. The way to fix this would be to first run svn update > output.txt which will then prompt you for your password. Once provided, you will get the following
Authentication realm: <http://svnserver:80> SVN Server
Password for 'siacca':
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<http://svnserver:80> SVN Server
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/cygdrive/u/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes
Once this is done (I'm with you, I don't like storing my password unencrypted either, but this is the only way I can run automated nightly svn updates), you should be able to run svn update in non-interactive mode.