Limited user access

[Rubonnek]

Describe the bug

After logging into the cockpit UI, a user will be of limited access if the are not in the sudo group.

Context

• Hardware: virtualized through QEMU

• YunoHost version:

  yunohost: 
  repo: stable
  version: 11.0.9.15
  yunohost-admin: 
  repo: stable
  version: 11.0.10
  moulinette: 
  repo: stable
  version: 11.0.9
  ssowat: 
  repo: stable
  version: 11.0.9

• I have access to my server: Through SSH | through the webadmin | direct access via keyboard / screen

• Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no

  Steps to reproduce

• If you performed a command from the CLI, the command itself is enough. For example:

  sudo yunohost app install cockpit

• Apply the workaround on #16 to be able to access the web ui:

  sudo chmod +r /etc/cockpit/cockpit.conf

• Access Cockpit's web UI through the URL it was installed in.

• Note the "Limited Access" entry in the top right bar. When an user has administrator access, it should read "Administrative access".*

Expected behavior

I expected to be able to somehow let users escalate privileges through the yunohost UI (i.e. to be able to add them to the sudo group through the UI)

There's no documentation either so I'm providing a workaround below.

Logs

N/A

Workaround

Open a terminal in yunohost and add the user to the sudo group:

sudo gpasswd -a myuser sudo

[Rubonnek]

I just noticed there's a failed User Manager for my user id.

Here's what I'm seeing through systemctl --failed:

  UNIT              LOAD   ACTIVE SUB    DESCRIPTION
● user@5137.service loaded failed failed User Manager for UID 5137

Could that be related?

[danielo515]

your workaround worked for me, thanks

[jcn50]

More than a year later I have the same issue: (and adding the $user to the sudo group does not fix)

[jcn50]

I just noticed there's a failed User Manager for my user id.

Here's what I'm seeing through systemctl --failed:

  UNIT              LOAD   ACTIVE SUB    DESCRIPTION
● user@5137.service loaded failed failed User Manager for UID 5137

Could that be related?

I have the same issue, I do not know how to fix....

[jcn50]

OK I think I found the fix for this~ it is missing the cockpit-askpass file:

root@private:~# ls -lah /usr/lib/cockpit/cockpit-askpass
ls: cannot access '/usr/lib/cockpit/cockpit-askpass': No such file or directory

if you are missing this file too, the fix is this command:

apt reinstall cockpit-bridge cockpit-pcp && systemctl restart cockpit

I have no idea why that file is missing, my only assumption is that it is affecting OLD Yunohost instances (even though my old instance is up-to-date and completely upgraded), because I do not have this problem on a NEW one.

I am still getting the User Manager for UID 5137 failed service from above https://github.com/YunoHost-Apps/cockpit_ynh/issues/17#issuecomment-2193972541

[jcn50]

@orhtej2 can you accept my change on the testing branch?.. I will revert if the fix worked!

[jcn50]

Update: I found that failed service fix too~~ it took me a while to figure out where the problem was~ there is something to learn every day!