search

Syslifters / sysreptor

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
https://docs.sysreptor.com
Other
1.49k stars 142 forks source link

macOS: Permission denied: '/data/uploadedassets' #169

Closed well-it-wasnt-me closed 9 months ago

well-it-wasnt-me commented 11 months ago 
curl -s https://docs.sysreptor.com/install.sh | bash
Good to see you.
Get ready for the easiest pentest reporting tool.

Downloading SysReptor from https://github.com/syslifters/sysreptor/releases/latest/download/source-prebuilt.tar.gz ...
Checking download...
Unpacking sysreptor.tar.gz...
deploy/app.env exists. Will not create new secrets.
No license key found. Going with Community edition.
Creating docker volumes...
Volume: sysreptor-db-data
Volume: sysreptor-app-data
Build and launch SysReptor via docker compose...
We are downloading and installing all dependencies.
This may take a few minutes.
[+] Running 3/3
 ✔ Network sysreptor_default  Created                                                                                                                                                              0.1s 
 ✔ Container sysreptor-db     Healthy                                                                                                                                                              0.1s 
 ✔ Container sysreptor-app    Started                                                                                                                                                              0.1s 
Running migrations...
Great! Everything seems to be up now.

Setting up initial data...
Creating initial user...
Superuser created successfully.
Importing demo projects...
2023-12-12 22:13:46,730 [ERROR] reportcreator_api.archive.import_export.import_export: Error while importing archive. Rolling back import.
Traceback (most recent call last):
  File "/app/api/reportcreator_api/archive/import_export/import_export.py", line 168, in import_archive
    obj = serializer.perform_import()
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 20, in perform_import
    return self.create(self.validated_data.copy())
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 496, in create
    project_type = self.fields['project_type'].create(project_type_data | {
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 348, in create
    self.fields['assets'].create(assets)
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 143, in create
    bulk_create_with_history(child_model_class, objs)
  File "/usr/local/lib/python3.10/contextlib.py", line 79, in inner
    return func(*args, **kwds)
  File "/app/api/reportcreator_api/utils/history.py", line 102, in bulk_create_with_history
    out = model.objects.bulk_create(objs=objs)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/manager.py", line 87, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 786, in bulk_create
    returned_columns = self._batched_insert(
  File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 1831, in _batched_insert
    self._insert(
  File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 1805, in _insert
    return query.get_compiler(using=using).execute_sql(returning_fields)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1821, in execute_sql
    for sql, params in self.as_sql():
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1745, in as_sql
    value_rows = [
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1746, in <listcomp>
    [
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1747, in <listcomp>
    self.prepare_value(field, self.pre_save_val(field, obj))
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1695, in pre_save_val
    return field.pre_save(obj, add=True)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/fields/files.py", line 317, in pre_save
    file.save(file.name, file.file, save=False)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/fields/files.py", line 93, in save
    self.name = self.storage.save(name, content, max_length=self.field.max_length)
  File "/app/api/reportcreator_api/archive/crypto/storage.py", line 61, in save
    return super().save(name=name, content=EncryptedFileAdapter(file=File(content)), max_length=max_length)
  File "/usr/local/lib/python3.10/site-packages/django/core/files/storage/base.py", line 38, in save
    name = self._save(name, content)
  File "/usr/local/lib/python3.10/site-packages/django/core/files/storage/filesystem.py", line 87, in _save
    os.makedirs(directory, exist_ok=True)
  File "/usr/local/lib/python3.10/os.py", line 215, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/local/lib/python3.10/os.py", line 225, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/data/uploadedassets'
Traceback (most recent call last):
  File "/app/api/manage.py", line 22, in <module>
    main()
  File "/app/api/manage.py", line 18, in main
    execute_from_command_line(sys.argv)
  File "/usr/local/lib/python3.10/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python3.10/site-packages/django/core/management/__init__.py", line 436, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/local/lib/python3.10/site-packages/django/core/management/base.py", line 412, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/local/lib/python3.10/site-packages/django/core/management/base.py", line 458, in execute
    output = self.handle(*args, **options)
  File "/app/api/reportcreator_api/management/commands/importdemodata.py", line 55, in handle
    imported = import_func(f)
  File "/app/api/reportcreator_api/archive/import_export/import_export.py", line 220, in import_projects
    return import_archive(archive_file, serializer_classes=[PentestProjectExportImportSerializer])
  File "/usr/local/lib/python3.10/contextlib.py", line 79, in inner
    return func(*args, **kwds)
  File "/usr/local/lib/python3.10/contextlib.py", line 79, in inner
    return func(*args, **kwds)
  File "/app/api/reportcreator_api/archive/import_export/import_export.py", line 185, in import_archive
    raise ex
  File "/app/api/reportcreator_api/archive/import_export/import_export.py", line 168, in import_archive
    obj = serializer.perform_import()
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 20, in perform_import
    return self.create(self.validated_data.copy())
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 496, in create
    project_type = self.fields['project_type'].create(project_type_data | {
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 348, in create
    self.fields['assets'].create(assets)
  File "/app/api/reportcreator_api/archive/import_export/serializers.py", line 143, in create
    bulk_create_with_history(child_model_class, objs)
  File "/usr/local/lib/python3.10/contextlib.py", line 79, in inner
    return func(*args, **kwds)
  File "/app/api/reportcreator_api/utils/history.py", line 102, in bulk_create_with_history
    out = model.objects.bulk_create(objs=objs)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/manager.py", line 87, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 786, in bulk_create
    returned_columns = self._batched_insert(
  File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 1831, in _batched_insert
    self._insert(
  File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 1805, in _insert
    return query.get_compiler(using=using).execute_sql(returning_fields)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1821, in execute_sql
    for sql, params in self.as_sql():
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1745, in as_sql
    value_rows = [
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1746, in <listcomp>
    [
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1747, in <listcomp>
    self.prepare_value(field, self.pre_save_val(field, obj))
  File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1695, in pre_save_val
    return field.pre_save(obj, add=True)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/fields/files.py", line 317, in pre_save
    file.save(file.name, file.file, save=False)
  File "/usr/local/lib/python3.10/site-packages/django/db/models/fields/files.py", line 93, in save
    self.name = self.storage.save(name, content, max_length=self.field.max_length)
  File "/app/api/reportcreator_api/archive/crypto/storage.py", line 61, in save
    return super().save(name=name, content=EncryptedFileAdapter(file=File(content)), max_length=max_length)
  File "/usr/local/lib/python3.10/site-packages/django/core/files/storage/base.py", line 38, in save
    name = self._save(name, content)
  File "/usr/local/lib/python3.10/site-packages/django/core/files/storage/filesystem.py", line 87, in _save
    os.makedirs(directory, exist_ok=True)
  File "/usr/local/lib/python3.10/os.py", line 215, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/local/lib/python3.10/os.py", line 225, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/data/uploadedassets'
aronmolnar commented 11 months ago

There is obviously something messed up with the permissions of your named volume sysreptor-app-data.

You can check the permissions using:

# docker run --rm -it sysreptor-app ls -la /data
total 8
drwxrwxrwx 2 1000 1000 4096 Dec 11 08:21 .
drwxr-xr-x 1 root root 4096 Dec 13 07:00 ..

The first directory must be owned by UID 1000. You can change the ownership by...

docker run --rm -it sysreptor-app chown 1000:1000 /data

cd sysreptor/deploy
docker compose exec --user 0:0 app chown -R 1000:1000 /data

You should then be able to continue importing your demo projects manually (https://docs.sysreptor.com/setup/installation/#manual-installation).

And you will have to change the password of you superuser, as you won't know it:

username=reptor
docker compose exec app python3 manage.py changepassword "$username"