I write systemd services that launch with root privileges and de-privilege themselves to a system account (called mxdaemon). These services require access to the physical serial port (/dev/ttyS0) on the PC. Serial port ls -l:
Serial port: crw-rw---- 1 root dialout 4, 64 Jun 13 22:00 /dev/ttyS0
When run as root, the service has no problem communicating via the serial port.
When the service is configured to de-privilege to mxdaemon, I get a permission denied error when attempting to access /dev/ttyS0.
mxdaemon is a member of both the dialout & tty groups:
mxdaemon : mxdaemon dialout tty
Even after logging out and/or rebooting the PC, I still get permission denied for ANY user besides root.
Hours of scouring the Internet suggest that everything is configured correctly.
Any help would be appreciated!
-Rob
#sawdust: Thanks for the reply! Here's the info...
/etc/group : dialout:x:20:mxdaemon,mxadmin
/etc/gshadow : dialout:*::mxdaemon,mxadmin
Thanks for the pointer #sawdust - here's what the command yielded...
ps -o user= -o group= -p 15150
mxdaemon root
So, the user is mxdaemon but it shows being part of the root group?
Related
I'm trying to access an ESP32 microcontroller connected via USB to /dev/ttyUSB0 on my Kubuntu 18.04 machine, but I'm getting a permission denied error:
SerialException: [Errno 13] could not open port /dev/ttyUSB0: [Errno 13] Permission denied: '/dev/ttyUSB0'
My username is in the dialout group in both /etc/group and /etc/gshadow and I have rebooted since adding the dialout group membership.
$ sudo grep dialout /etc/group /etc/gshadow
/etc/group:dialout:x:20:steve
/etc/gshadow:dialout:*::steve
$ id -Gn steve
steve adm dialout cdrom sudo dip plugdev lpadmin sambashare vboxusers libvirt libvirt-qemu libvirt-dnsmasq
$ groups steve
steve : steve adm dialout cdrom sudo dip plugdev lpadmin sambashare vboxusers libvirt libvirt-qemu libvirt-dnsmasq
The ownership and permissions of the /dev/ttyUSB0 file are:
crw-rw---- 1 root dialout 188, 0 Nov 17 22:34 /dev/ttyUSB0
So I would expect the dialout group membership to work.
When I change the permissions on /dev/ttyUSB0 to '666', giving world read/write access, I can access the serial port:
crw-rw-rw- 1 root dialout 188, 0 Nov 17 22:34 /dev/ttyUSB0
Although usable as a solution, access should work for dialout group members, but, based on my experiments above, it seems that the dialout group membership is somehow ineffective.
This question is related to Serial port permission denied for non-root user with dialout group privileges even after reboot Ubuntu 18.04, but with some extra points.
This is what I did, and it seems to work even after unplugging and reconnecting an Arduino.
Thinking maybe the tty device I needed was a link to another device, I gathered which tty's were added to the dev directory after plugging in the Arduino.
In my case, two of them: /dev/ttyprintk and /dev/ttyACM0, the second of which was root/dialout ownership we expect. I changed the first one which was root/root to also be root/dialout and things worked for me.
I've installed Dokku on a VPS running CentOS7. When I 'git push dokku master' I'm getting...
git remote set-url dokku dokku#mydomain.com:trial
git push dokku master
cat: /home/dokku/.sshcommand: No such file or directory
fatal: ''trial'' does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
When I try and ssh in I also get the same error...
ssh dokku#mydomain.com
cat: /home/dokku/.sshcommand: No such file or directory
Connection to mydomain.com closed.
cat /var/log/secure ...
Nov 7 10:06:29 Callisto sshd[19912]: Accepted publickey for dokku from xxx.xxx.xxx.xxx port 50002 ssh2: RSA SHA256:Y0ueDcZEJWQd9H3FsetReYTDPwJPob6zm9p4Dpt4fOE
Nov 7 10:06:29 Callisto sshd[19912]: pam_unix(sshd:session): session opened for user dokku by (uid=0)
Nov 7 10:06:29 Callisto sshd[19914]: Received disconnect from xxx.xxx.xxx.xxx port 50002:11: disconnected by user
Nov 7 10:06:29 Callisto sshd[19914]: Disconnected from xxx.xxx.xxx.xxx port 50002
Nov 7 10:06:29 Callisto sshd[19912]: pam_unix(sshd:session): session closed for user dokku
Prior to pushing I'm creating the app on the server...
dokku apps:create trial
To add my public ssh key to server I used dokku ssh-keys:add dokku id_rsa.pub
Looking at another answer here it seems that I am in fact missing .sshcommand in /home/dokku/ . Any ideas on how to fix this or what could have gone wrong? This has been driving me crazy the last couple of days.
You must have deleted it at some point. Run the following commands to set everything up again:
echo '/usr/bin/dokku' > /home/dokku/.sshcommand
chmod 0644 /home/dokku/.sshcommand
chown dokku:root /home/dokku/.sshcommand
I am new to salt-ssh and I have gotten it to work successfully for setting up a remote system. However, I have a login issue that I don't know how to address. What is happening is that when I try to run the salt-ssh commands I have to fight with then initial login process before eventually it just works. I am looking to see if I can narrow down what is causing me to have to fight with login process.
I am using OS X to run my salt-ssh commands against an ubuntu vagrant vm.
I have added my root user's ssh key to the root user authorized_keys on the vagrant vm. I have verified that I can log into the system using ssh without any issues
sudo ssh root#192.168.33.10
Here are what my config files look like:
roster
managed:
host: 192.168.33.10
user: root
sudo: true
Saltfile
salt-ssh:
config_dir: /users/vmcilwain/projects/salt-ssh-rails
roster_file: /users/vmcilwain/projects/salt-ssh-rails/roster
log_file: /users/vmcilwain/projects/salt-ssh-rails/saltlog.txt
master
file_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/states
pillar_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/pillars
I run this command:
sudo salt-ssh -i '*' test.ping
I enter my local user's password and I get this output
Permission denied for host 192.168.33.10, do you want to deploy the salt-ssh key? (password required):
[Y/n]
This is where my fight is. If the vagrant vm has the ssh key for the user I am executing salt-ssh as, why am I being told that permission is denied? Especially when I verified I could ssh into the system without using salt-ssh.
Clicking yes prompts me for the remote root user's password, which I didn't set and don't necessarily want to since an ssh key should have worked.
I'm hoping someone can tell me the best way to setup connections between both systems so that I don't have to have this fight every time.
I needed to set the priv in my roster to the rsa key that I am using to connect to the remote host:
priv: /Users/vmcilwain/.ssh/id_rsa
Using unix, I'm able to ssh successfully into my instance using the following:
ssh -i ~/.ssh/seis_v3.pem root#52.5.233.876
However, when I try to login as ec2-user instead of root, I get denied. Is there a way once in root#52.5.233.876 to change directory or permissions to get onto ec2-user? Thank you.
ami-728ace1a corresponds to the this AMI : suse-sles-11-sp3-sapcal-v20150127-hvm-mag-x86_64. It's an image for SUSE Linux Enterprise Server 11. I just launched an instance using this AMI and when I tried to ssh in as root:
$ ssh -i id_rsa root#54.158.122.xxx
Please login as the user "ec2-user" rather than the user "root".
So I tried to log in as the ec2-user:
$ ssh -i id_rsa ec2-user#54.158.122.xxx
Last login: Mon Apr 13 01:35:47 2015 from xxx.xxx.xxx.xxx
SUSE Linux Enterprise Server 11 SP3 x86_64 (64-bit)
You mentioned being able to successfully log in as root. Do you get the message that I got above? If not then are you sure you provided the correct AMI ID for this instance? Did you make any changes to the root account and/or any other accounts on this system after launching it? Do you see an ec2-user listed in /etc/passwd?
I want to make a backup for my remote server folders(ubunto server)to another remote sever (Linux server). but once I run this command from the the first server it dispalys me an error message:
rsync -raz --progress firstdirectoy root#serverIP:/home
The displayed messahe is:
ssh: connect to host <serverIP> port 22: Connection timed out
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(601) [sender=3.0.7]
But the same command from the server 2 to the server 1 works fine and the folder is nicely copyed into the server1.
How can I escape the connexion error in order to copy my folder from server 1 to server 2 throw rsync?
Seems like server2 has no active ssh daemon while server1 has.
Try to run ssh daemon or use raw rsync protocol and rsync daemon.
If it's a connection timeout because your SSH server is slow to respond, you can tweak the timeout in rsync:
rsync -e 'ssh -o ConnectTimeout=120'
Else it may be a missing SSH daemon (sshd) on server 2 as stated by #geov, or a closed port on your firewall. You may start by testing an SSH login:
ssh user#serverIP
And see if it's working or not. Probably nmap serverIP will help you too, stating if SSH is running or not.
And please do NOT use root user for your rsync copy!
if you wait for a long time, the prompt appears
I think that your server2's IP is wrong
For me, this error appeared when attempting to rsync between two AWS EC2 instances where the two instances were not a part of the same security group.
Overview of how to create security groups
How to change the security groups of the instances
Allow instances within the same security group to communicate