Failed to create file monero-wallet-rpc.28081.login

[gituser]

Hi.

On the newest master there seems to be an annoying issue:

src/wallet/wallet_rpc_server.cpp:148 Failed to create file monero-wallet-rpc.28081.login. Check permissions or remove file

monero-wallet-rpc tries to create this file in the current working directory (from which you're starting monero-wallet-rpc), so if you're trying to start simplewallet as a daemon with start-stop-daemon it won't work.

I like a lot the idea that you've added by default rpclogin:rpcpass which is autogenerated for user security.

But why not use some configuration file (e.g. ~/.monero/monero.conf for storing this)?

It's also very strange passing cleartext via cmdline --rpclogin it will be visible in the processlist, etc.

Either go with a proper configuration file or make it possible to specify full path to the .login file so it won't fail.

EDIT: found workaround for start-stop-daemon: start-stop-daemon -d /home/monero

Still would be nice to make central configuration or add an ability to specify fullpath.

Even better is to specify already existing config file :)

EDIT2: also it's not clear in which format I do specify the password. I've tried passing --rpc-login monero:123456 as well as base64 encoding it and none worked.

EDIT3: nvm, figured monero-wallet-rpc uses digest authentication instead of the usual based-auth :(

EDIT4: for those who don't want to use auth at all there is --disable-rpc-login :)

Thanks.

[moneromooo-monero]

Can you explain what you mean by "if you're trying to start simplewallet as a daemon with start-stop-daemon" ?

[gituser]

I'm using init script for starting simplewallet as well as monerod daemon.

First of course I'm starting monerod it works fine.

For simplewallet it's something like this:

#! /bin/sh

### BEGIN INIT INFO
# Provides: simplewallet_testnet_dev
# Required-Start: monero_testnet_dev
# Required-Stop: 
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts monero in daemon mode
# Description: starts monero in daemon mode
### END INIT INFO

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# - Start: `service simplewallet_testnet_dev start` or `/etc/init.d/simplewallet_testnet_dev start`
# - Stop: `service simplewallet_testnet_dev stop` or `/etc/init.d/simplewallet_testnet_dev stop`
PATH=/sbin:/bin:/usr/sbin:/usr/bin

NAME=simplewallet_testnet_dev
DESC="simplewallet testnet daemon"

USERNAME=monero
GROUPNAME=monero
BASEPATH=/home/monero
WALLET_NAME=testnet
WALLET_PATH=/home/monero/testnet_wallets/testnet
WALLET_PASSFILE=/home/monero/testnet_wallets/testnet.pass
DAEMON="$BASEPATH/current/monero-wallet-rpc"

DATADIR="$BASEPATH/.monero_testnet"

PIDFILE="/var/run/${NAME}.pid"

### Logs
LOGFILE="$BASEPATH/.monero_testnet/simplewallet_testnet_dev.log"
LOGLEVEL=0

RPCHOST=192.168.90.4 # make sure this is a correct IP!
RPCPORT=28081

MAX_PEERS=20

ADDITIONAL_OPTIONS="--testnet --disable-rpc-login --confirm-external-bind"

DAEMON_OPTS="--rpc-bind-ip $RPCHOST --rpc-bind-port $RPCPORT --wallet-file $WALLET_PATH --log-file $LOGFILE --log-level $LOGLEVEL --password-file $WALLET_PASSFILE ${ADDITIONAL_OPTIONS}"

#echo $DAEMON $DAEMON_OPTS
#exit 0

CHUID="$USERNAME:$GROUPNAME"

if [ ! `id -u` -eq 0 ]; then
   echo "you are not root";
   exit 1;
fi

if [ ! -e "$PIDFILE" ]; then
   touch $PIDFILE
   chown $CHUID $PIDFILE
else
   if [ ! -L "$PIDFILE" ]; then 
      chown $CHUID $PIDFILE
   fi
fi

if [ ! -d "$DATADIR" ]; then
     mkdir -p "$DATADIR"
     chown $CHUID "$DATADIR"
fi

if [ ! -e "$LOGFILE" ]; then
   touch $LOGFILE
   chown $CHUID $LOGFILE
else
   if [ ! -L "$LOGFILE" ]; then
      chown $CHUID $LOGFILE
   fi
fi

START_OPTS="--start -d ${BASEPATH} --background --make-pidfile --pidfile ${PIDFILE} --chuid ${CHUID} --exec ${DAEMON} -- ${DAEMON_OPTS}"
STOP_OPTS="--stop --pidfile ${PIDFILE}"

test -x $DAEMON || exit 0

set -e

case "$1" in
    start)
        echo -n "Starting ${DESC}: "
        # Close STDOUT file descriptor
        start-stop-daemon $START_OPTS >> $LOGFILE 2>>$LOGFILE
        echo "$NAME."
        ;;
    stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon $STOP_OPTS
        echo "$NAME."
        rm -f $PIDFILE
        ;;
    restart|force-reload)
        echo -n "Restarting $DESC: "
        start-stop-daemon $STOP_OPTS &
        sleep 5
        start-stop-daemon $START_OPTS >> $LOGFILE 2>>$LOGFILE
        echo "$NAME."
        ;;
    *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

and init script for monerod:

#! /bin/sh

### BEGIN INIT INFO
# Provides: monero_testnet_dev
# Required-Start: 
# Required-Stop: simplewallet_testnet_dev
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts monero in daemon mode
# Description: starts monero in daemon mode
### END INIT INFO

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# - Start: `service monero_testnet_dev start` or `/etc/init.d/monero_testnet_dev start`
# - Stop: `service monero_testnet_dev stop` or `/etc/init.d/monero_testnet_dev stop`
PATH=/sbin:/bin:/usr/sbin:/usr/bin

NAME=monero_testnet_dev
DESC="monero daemon"

USERNAME=monero
GROUPNAME=monero
BASEPATH=/home/monero
DAEMON="$BASEPATH/monerod"

DATADIR="$BASEPATH/.monero_testnet"

PIDFILE="/var/run/${NAME}.pid"

### Logs
LOGFILE="$BASEPATH/.monero_testnet/monero_testnet_dev.log"
LOGLEVEL=0

PORT=28080

RPCHOST=127.0.0.1 # make sure this is a correct IP!
RPCPORT=28081

MAX_PEERS=20

ADDITIONAL_OPTIONS="--no-igd --hide-my-port --testnet --detach"

DAEMON_OPTS="--out-peers $MAX_PEERS --data-dir $DATADIR --log-file $LOGFILE --log-level $LOGLEVEL --rpc-bind-ip $RPCHOST --rpc-bind-port $RPCPORT ${ADDITIONAL_OPTIONS}"

#echo $DAEMON $DAEMON_OPTS
#exit 0

CHUID="$USERNAME:$GROUPNAME"

if [ ! `id -u` -eq 0 ]; then
   echo "you are not root";
   exit 1;
fi

if [ ! -e "$PIDFILE" ]; then
   touch $PIDFILE
   chown $CHUID $PIDFILE
else
   if [ ! -L "$PIDFILE" ]; then 
      chown $CHUID $PIDFILE
   fi
fi

if [ ! -d "$DATADIR" ]; then
     mkdir -p "$DATADIR"
     chown $CHUID "$DATADIR"
fi

if [ ! -e "$LOGFILE" ]; then
   touch $LOGFILE
   chown $CHUID $LOGFILE
else
   if [ ! -L "$LOGFILE" ]; then
      chown $CHUID $LOGFILE
   fi
fi

START_OPTS="--start --background --make-pidfile --pidfile ${PIDFILE} --chuid ${CHUID} --exec ${DAEMON} -- ${DAEMON_OPTS}"
STOP_OPTS="--stop --name monerod"

test -x $DAEMON || exit 0

set -e

case "$1" in
    start)
        echo -n "Starting ${DESC}: "
        # Close STDOUT file descriptor
        start-stop-daemon $START_OPTS >> $LOGFILE 2>>$LOGFILE
        echo "$NAME."
        ;;
    stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon $STOP_OPTS
        echo "$NAME."
        rm -f $PIDFILE
        ;;
    restart|force-reload)
        echo -n "Restarting $DESC: "
        start-stop-daemon $STOP_OPTS &
        sleep 5
        start-stop-daemon $START_OPTS >> $LOGFILE 2>>$LOGFILE
        echo "$NAME."
        ;;
    *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

[vtnerd]

monero-wallet-rpc tries to create this file in the current working directory (from which you're starting monero-wallet-rpc), so if you're trying to start simplewallet as a daemon with start-stop-daemon it won't work.

The file is always created in the current working directory when authentication is enabled. There is no configuration to change this currently, so a script like this has to change to a writeable directory before starting monero-wallet-rpc. I attempted to keep options to a minimum, perhaps too aggressively. @moneromooo-monero thoughts?

It's also very strange passing cleartext via cmdline --rpclogin it will be visible in the processlist, etc.

Some better documentation might be needed for this option. If you specify the option without a : (i.e. --rpc-login my_user), the process will prompt for a password. This allows for custom passwords that do not end up the system readable process argument list. The only real indication is the help that specifies the field as username[:password] which was probably a poor attempt to indicate that the password does not have to be specified as a process argument.

EDIT3: nvm, figured monero-wallet-rpc uses digest authentication instead of the usual based-auth :(

There is another open issue against this. Admittedly digest authentication is still not the greatest - it would not be recommended unencrypted over the internet due to MitM issues - but does have some advantages over basic authentication. The primary push-back against it has been complaints about inconvenience (not the customary way, etc.), which is a bit frustration since the decision to omit basic was not accidental.

[gituser]

The file is always created in the current working directory when authentication is enabled. There is no configuration to change this currently, so a script like this has to change to a writeable directory before starting monero-wallet-rpc. I attempted to keep options to a minimum, perhaps too aggressively. @moneromooo-monero thoughts?

The problem with this approach is that: 1) file is deleted upon exit of monero-wallet-rpc daemon 2) if password was specified on the commandline via --rpclogin it is visible in the process list by any user 3) if password wasn't specified you need to get it from the file and specify it in external application which isn't convenient at all

Some better documentation might be needed for this option. If you specify the option without a : (i.e. >--rpc-login my_user), the process will prompt for a password. This allows for custom passwords that do >not end up the system readable process argument list. The only real indication is the help that specifies >the field as username[:password] which was probably a poor attempt to indicate that the password >does not have to be specified as a process argument. 4) you can specify password on the command line as you pointed out on the start, but it's also not convenient at all, because if daemon crashes or server reboots accidentally you'd need to log back on and restart the daemon and do all that maintenance to get working again

Imho, the best approach is to use a permanent config file and give the ability to specify path to the config file instead of just writing config file anywhere from daemon is run. If you look at any cryptocurrency practice or any linux utilities that's the right approach (e.g. most apps are using /etc or /home directory for their configurations? it would be a mess if every app would write into the current directory from which it was started..)

There is another open issue against this. Admittedly digest authentication is still not the greatest - it would not be recommended unencrypted over the internet due to MitM issues - but does have some advantages over basic authentication. The primary push-back against it has been complaints about inconvenience (not the customary way, etc.), which is a bit frustration since the decision to omit basic was not accidental.

I understand you've wanted to implement the best possible authentication, the most secure one.

However, from my point of view there are problems with this approach: 1) Digest auth is not widely used, most cryptocoins are using basic auth 2) For uneducated user/developer might be a problem to figure out that there is digest auth used instead of basic. 3) Also most rpcclient libraries are implemented for basic auth, not digest so it might be a problem to integrate monero into existing systems. 4) And most importantly I don't think it's the right protection against MITM attacks. If you plan to run monero over the internet you need to put it behind SSL first and foremost. 5) bitcoin for example got rid off SSL because they don't want to depend on openssl, you can put monero behind nginx or haproxy with SSL support it's not a big issue imo. And if you do so there is a little gain on using digest auth comparing to usual basic auth.

Another problem with new options I've noticed that monero introduces new options like --disable-rpc-login but if you run old version with them it's not starting. I think it would be better if unknown/new options would be ignored completely or there will be some sort of warning on the startup that this option is not supported.

[vtnerd]

1. file is deleted upon exit of monero-wallet-rpc daemon

I do not understand this issue. Randomly generated passwords with a script executing monero-wallet-rpc in the background might be an issue (a few ms race to password file creation), but what exactly don't you like about the deletion of the file? If the RPC server is not running, the password is of no use. And the file is always created by the process (it aborts if the file exists).

This does make me think that a --daemon mode for monero-wallet-rpc which handles the forking would be helpful - the password file would be created before the fork and therefore when control returns to the script the file is guaranteed to be created. Also the daemon mode is probably a common use case anyway.

2. if password was specified on the commandline via --rpclogin it is visible in the process list by any user

Are you suggesting to never accept the password as a process argument as a further security enhancement? In other words, force more secure behavior on users? I am not against this, I considered making --disable-rpc-login a hidden option entirely.

3. if password wasn't specified you need to get it from the file and specify it in external application which isn't convenient at all

It was not meant to be convenient, it was meant to provide good security by default. There was an existing security bulletin indicating that default monero wallet daemon behavior allowed any local user to connect to the wallet RPC and inject commands. This included remote code processed by browsers, so a randomly generated password was made the default to prevent against a common case where a RPC server was running on the same machine as a web browser. Since the file has limited permissions with randomly generated content, other processes can only connect to the RPC server if they can read the file. Even if the user runs the RPC server and web browser with the same user account, browser sandboxing forces user input for file reading.

4. you can specify password on the command line as you pointed out on the start, but it's also not convenient at all, because if daemon crashes or server reboots accidentally you'd need to log back on and restart the daemon and do all that maintenance to get working again

Imho, the best approach is to use a permanent config file and give the ability to specify path to the config file instead of just writing config file anywhere from daemon is run. If you look at any cryptocurrency practice or any linux utilities that's the right approach (e.g. most apps are using /etc or /home directory for their configurations? it would be a mess if every app would write into the current directory from which it was started..)

The password is read from stdin, so a password file can be piped into it. If multiple passwords are needed for the configuration, each can be entered on a separate line. The first is always the wallet password (unless --wallet-password is used), the second is always the daemon password (if --daemon-login username is used), and the last is always the password for the wallet RPC (unless --disable-rpc-login or password specified directly via --rpc-login).

Unfortunately, this capability is unlikely to be obvious to most people. And some tighter specifications on the expected behavior might be useful. I try to avoid command arguments where possible, perhaps this was too aggressive. I was hoping most applications would use the randomly generated file.

And FWIW, --wallet-password seems mostly useless to me. There is little purpose to storing the wallet and password on the same filesystem with the same owner. It is identical to storing the wallet with no password. Are people copying wallets for backup purposes, and using this as a quick encryption scheme? Unfortunately, the wallet is encrypted but not MACed so modifications are not well detected. GPG or openssl CLI might be a better way of handling this currently. Or are people having scripts manipulate the owner of the password file after the process launch? Seems unlikely, and there is always a time window for a process to read the file before its changed again. A possibly more secure method would be storing the password in a file with a different owner. Then sudo -u rpc_user monero-wallet-rpc .... < password_file as the owner of password_file. Even then, this technique probably only makes sense if multiple processes or multiple wallets are running as rpc_user.

However, from my point of view there are problems with this approach:

1. Digest auth is not widely used, most cryptocoins are using basic auth
2. For uneducated user/developer might be a problem to figure out that there is digest auth used instead of basic.

Neither of these arguments is persuasive. They are variations on the inconvenience argument. Client usage of digest authentication does not seem that difficult to me, but I may not be the best judge of this. I think the part most inconveniencing people is the requirement that the client read and react to the servers response. But without this feature, requests can be replayed.

3. Also most rpcclient libraries are implemented for basic auth, not digest so it might be a problem to integrate monero into existing systems.

This is unfortunate. Could you tell me the common rpc client libraries in use for various crypto-currencies? This feature could be added, obviously.

4. And most importantly I don't think it's the right protection against MITM attacks. If you plan to run monero over the internet you need to put it behind SSL first and foremost.
5. bitcoin for example got rid off SSL because they don't want to depend on openssl, you can put monero behind nginx or haproxy with SSL support it's not a big issue imo. And if you do so there is a little gain on using digest auth comparing to usual basic auth.

Digest authentication was not meant to be used as protection against MitM attacks. That is why I added --confirm-external-bind, because there is no option currently in monero that can provide MitM protection or privacy over a remote network. As I previously admitted, the advantages of digest authentication are not necessarily incredible, so I am not entirely against adding basic authentication. Although I do think there are benefits to digest authentication.

Another problem with new options I've noticed that monero introduces new options like --disable-rpc-login but if you run old version with them it's not starting. I think it would be better if unknown/new options would be ignored completely or there will be some sort of warning on the startup that this option is not supported.

The concern would be typos combined with users missing warning messages, so maybe yet another option for ignoring unknown options! I would want some feedback from a few other contributors before adding this option though as I am uncertain about it myself.

[moneromooo-monero]

Ignoring unknown options sounds like a bad idea. Why would you want that ? If you use an older wallet version, just don't use options meant for the new version ?

[gituser]

@moneromooo-monero the point is to make the upgrade as easy as it should be.

Maybe you don't want to ignore unknown options what I meant is: I have a working 0.10.1-release version now I'm trying the master with the exact same setup and I'm getting some unexplained errors. Usually, e.g. in bitcoin case if you don't specify correct options for authentication it won't allow you to run in the daemon mode at all, stating you should put something into your config file. In case of a Monero there is just an error that it can't create certain file. Maybe would be better to print the full path to that file in the log? And make an option to specify where you'd like to create that file.

So to get things working I had to read a bit on the google and learn that there is a new option to disable authentication completely --disable-rpc-login which wasn't of course before. I'm not saying that ignoring unknown options is a good idea, I'm just stating that from user experience introducing new features there should be some better indication on new features, especially if you're migrating from an older version. E.g. in new version the authentication is forced and it creates a file somewhere which I might be unaware of until I dig more into it.

I'll answer to @vtnerd bit later.

[moneromooo-monero]

I don't have anything against supplying more info fwiw :)

[vtnerd]

Maybe you don't want to ignore unknown options what I meant is: I have a working 0.10.1-release version now I'm trying the master with the exact same setup and I'm getting some unexplained errors. Usually, e.g. in bitcoin case if you don't specify correct options for authentication it won't allow you to run in the daemon mode at all, stating you should put something into your config file. In case of a Monero there is just an error that it can't create certain file. Maybe would be better to print the full path to that file in the log? And make an option to specify where you'd like to create that file.

I think what you are stumbling around is that the error message does not describe why it is trying to create a file where none was created before. The filename itself is a partial but not explicit indicator. This can be added to the message along with the full path.

I am wondering if instead of attempting a default behavior, monero-wallet-rpc forces 1 of 3 from: --disable-rpc-login, --rpc-login-file file_location or --rpc-login-random file_location. This will likely string more complaints in the issue tracker since specifying the user/pass in the arguments would be dropped completely, but should cover more cases. Although I would like a way to really steer people towards the random option (the original goal).

@moneromooo-monero any thoughts? Please tag anybody else that may have some input.

EDIT: An error message when none of the options is provided might help: "Specify one of --rpc-login-random (most secure), --rpc-login-file, or --disable-rpc-login (least secure, not recommended)".

[arnuschky]

We're experiencing the same issue. Also starting the wallet RPC daemon via supervisor, but I don't really see how this is relevant. The problem is that the wallet creates that login file on every start with read only permissions (0400) - at least on my system. Hence it fails overwriting that file on restart. This is clearly a bug.

Apart from this, I am a bit baffled by this mechanism of storing credentials. I get it that having randomly generated passwords is a nice feature, but the end result is a bit convoluted. It's against common (Linux?) practices to store something that's basically config data in the daemons directory, overwrite it every time, etc. It makes it harder to understand and integrate.

I'd favor a simple config file setting for the credentials. If none provided, RPC access should be disabled. That is actually what we're using since years. PR #1861 adds a config file to the wallet - dearly missing imho because of the said problems with exposed command line parameters etc.

[gituser]

+1 @arnuschky

[vtnerd]

We're experiencing the same issue. Also starting the wallet RPC daemon via supervisor, but I don't really see how this is relevant. The problem is that the wallet creates that login file on every start with read only permissions (0400) - at least on my system. Hence it fails overwriting that file on restart. This is clearly a bug.

The file permissions are irrelevant for the failure - it does not disable delete capabilities on the file. monero-wallet-rpc is written to fail on open if the file exists. The file should also be deleted on shutdown, so monero-wallet-rpc is not properly shutting down on this system for some reason. The intent was to prevent delete of a file created by another process.

Apart from this, I am a bit baffled by this mechanism of storing credentials. I get it that having randomly generated passwords is a nice feature, but the end result is a bit convoluted. It's against common (Linux?) practices to store something that's basically config data in the daemons directory, overwrite it every time, etc. It makes it harder to understand and integrate.

I think the randomly generated mode is similar to storing the PID for a daemon.

Apart from this, I am a bit baffled by this mechanism of storing credentials. I get it that having randomly generated passwords is a nice feature, but the end result is a bit convoluted. It's against common (Linux?) practices to store something that's basically config data in the daemons directory, overwrite it every time, etc. It makes it harder to understand and integrate.

I'd favor a simple config file setting for the credentials. If none provided, RPC access should be disabled. That is actually what we're using since years. PR #1861 adds a config file to the wallet - dearly missing imho because of the said problems with exposed command line parameters etc

A configuration file that mirrors the command line arguments are (mostly) pointless - the only advantage is hiding some of the parameters in the process argument list. Otherwise, the same thing can be achieved with a bash or bat script. A configuration file in JSON/XMLwhich has a tree hierarchy is a bit different since it adds functionality not easily done with process arguments.

The solution that I proposed which hasn't received any comment (positive or negative) was --disable-rpc-login, --rpc-login-file, or --rpc-login-random. The last two take file location arguments.

[vtnerd]

As mentioned in PR 1861, this mode does allow merging of command line arguments and configuration file which is the most interesting feature IMO. Anyway, any thoughts on requiring one of --disable-rpc-login, --rpc-login-random or --rpc-login-file to monero-wallet-rpc and monerod ? This would break existing configurations slightly (they would be required to choose), but would prevent the open-by-default behavior that monerod still currently has. My main objective is to get the monero GUI to use --rpc-login-random so the user is transparently protected from browser issues.

[moneromooo-monero]

You mean require also for local use ?

[danrmiller]

The solution that I proposed which hasn't received any comment (positive or negative) was --disable-rpc-login, --rpc-login-file, or --rpc-login-random. The last two take file location arguments.

This does seem helpful.

[arnuschky]

Indeed. Having the random login file functionality enabled on request makes a lot of sense. Most sensible is for me is:

• random login, if specified via --rpc-login-random <file> (random credentials stored in file)
• non-random login if --rpc-username and --rpc-password specified Else, rpc access is disabled.

[vtnerd]

... Missed these last comments ...

Indeed. Having the random login file functionality enabled on request makes a lot of sense. Most sensible is for me is:

random login, if specified via --rpc-login-random (random credentials stored in file) non-random login if --rpc-username and --rpc-password specified Else, rpc access is disabled.

Unfortunately there are two different RPC applications here. One of my primary objectives for the monero-wallet-rpc was to make it secure "by default" to handle the security bulletin. That's why the login file was randomly generated, it was an attempt to "do the right thing" by default. I never forced this onto monerod because it was tricky to work with the GUI. Even with monerod authentication should likely be used to prevent someone asking your machine to mine for them (and possible a few other weird things).

For monero-wallet-rpc I see no reason to make the default no authentication. Current users already have to use --disable-rpc-login or --rpc-login if they do not want the randomly generated file. And --rpc-login can be specified via file through the configuration option you added. I am tempted to leave the default behavior the same, but add --rpc-random-login AND mention the option in the error message when writing fails. No monero-wallet-rpc users would be required to change their current configurations.

For monerod authentication should be enabled for most users but enabling by default like monero-wallet-rpc will generated yet-more-feedback on this. So I will add --rpc-login-random to monerod with no change to default behavior - hopefully the GUI could use that option by default. Forcing 1 of 3 selection can always be done later if someone desirable.

[arnuschky]

Makes sense. I forgot that wallets are separated for monero. :)

[oliverw]

This has started to become a major problem for me. Because everytime the wallet RPC daemon restarts it stumbles over its own login file in /tmp and refuses to start. Causing endless restarts, effectively preventing startup of the entire mining pool that relies on it.

The wallet daemon runs in a docker container as non-root user orchestrated by docker-compose:

Docker Compose Service definition:

monerowalletd1:
  image: poolminingorg.azurecr.io/monerowalletd
  container_name: monerowalletd1
  user: "3003"  # monero
  restart: always
  cpu_quota: 100000 # 1.0 cores
  volumes:
    - /data/monerowalletd1:/data
  environment:
    - DAEMON_HOST=monerod1
  depends_on:
    - monerod1
  logging:
    driver: none

Dockerfile:

FROM ubuntu:xenial

ADD https://downloads.getmonero.org/linux64 /tmp/
RUN apt-get update && apt-get install -y --no-install-recommends bzip2 && \
    cd /tmp && tar xvf linux64 && cp -r /tmp/monero*/* /usr/bin && rm -rf /tmp/* && \
    apt-get remove -y bzip2 && rm -rf /usr/share/man/* /usr/share/groff/* /usr/share/info/* /var/cache/man/* /tmp/* /var/lib/apt/lists/*

ADD rootfs /
RUN chmod +x /start-daemon.sh

# diagnostic stuff
RUN apt-get -y update && apt-get install -y --no-install-recommends curl

EXPOSE 18082
WORKDIR /tmp
ENTRYPOINT /start-daemon.sh

/etc/monero-wallet-rpc.conf:

log-level=2
log-file=/data/debug.log
wallet-file=/data/wallet
rpc-bind-port=18082
rpc-bind-ip=0.0.0.0
confirm-external-bind=1
rpc-login=foo:bar

start-daemon.sh

#!/bin/sh

# remove junk in tmp
rm -f /tmp/

# start the daemon
monero-wallet-rpc --daemon-address $DAEMON_HOST:18081 --config-file /etc/monero-wallet-rpc.conf

I have no idea why monero-wallet-rpc even creates those login files in /tmp since RPC credentials are passed using the config file instead of the command line. Is there anything that can be done to make it restart reliably?

[moneromooo-monero]

That rm looks odd. It's not recursive, and /tmp is likely a directory or mount point.

[arnuschky]

That's exactly the problem I was encountering too (see above). The login file creation is quite inconvenient for deployment. An easy fix might be to overwrite this file on each startup, or disable this file if credentials are provided via the command line or config file.

[oliverw]

@moneromooo-monero That's true. I've actually discovered the rm problem while writing the ticket. Yet at least in my opinion it shouldn't be necessary to have a script cleanup before just to be able to reliably start monero-wallet-rpc.

[vtnerd]

@oliverw The file is created in the current working directory, which is /tmp in your instance. The file should be deleted when monero-wallet-rpc is shutdown - can you confirm that the process is not exited cleanly OR that the file permissions are changed after execution?

@arnuschky I am considering disabling the creation of the file when --rpc-login is used but hoping it does not ruin expectations by other users.

[oliverw]

@vtnerd I honestly can't tell. All I know is that monero-wallet-rpc would not restart reliably in a docker container unless my script cleans up beforehand.

[moneromooo-monero]

Is this resolved ? I see a patch was merged, but it's not clear whether it fully addresses the issue.

[skinderis]

Not solved, I get that error when running container using docker-compose up. When I run using docker run it's fine.

[arnuschky]

I haven't tested this recently (certainly not with 0.12, maybe not even with 0.11). I have encountered the problem occasionally though, but I am pretty certain that the offending file was created when manually opening the wallet using the cli.

@skinderis did you do anything like this in the meantime? I suspect that the .login file isn't created by the rpc wallet when you're specifying the rpc user/pass.

[skinderis]

I delete container and run the image with docker-compose up and it runs fine:

docker-compose up
Creating monerodocker_monero_1 ... 
Creating monerodocker_monero_1 ... done
Attaching to monerodocker_monero_1
monero_1  | Monero 'Helium Hydra' (v0.11.1.0-release)
monero_1  | Logging to ./monero-wallet-rpc.log
monero_1  | 2018-03-28 12:49:55.933     7f314b0b3740    WARN    wallet.rpc  src/wallet/wallet_rpc_server.cpp:212    RPC username/password is stored in file monero-wallet-rpc.18557.login
monero_1  | 2018-03-28 12:49:55.933     7f314b0b3740    INFO    global  contrib/epee/include/net/http_server_impl_base.h:70 Binding on 0.0.0.0:18557
monero_1  | 2018-03-28 12:49:55.933     7f314b0b3740    WARN    wallet.rpc  src/wallet/wallet_rpc_server.cpp:1898   Starting wallet rpc server
^CGracefully stopping... (press Ctrl+C again to force)
Stopping monerodocker_monero_1 ... done

Running docker compose again (without deleting the container) and it fails:

➜  monero-docker git:(master) ✗ docker-compose up
Starting monerodocker_monero_1 ... 
Starting monerodocker_monero_1 ... done
Attaching to monerodocker_monero_1
monero_1  | Monero 'Helium Hydra' (v0.11.1.0-release)
monero_1  | Logging to ./monero-wallet-rpc.log
monero_1  | 2018-03-28 12:51:21.963     7f47366a4740    ERROR   wallet.rpc  src/wallet/wallet_rpc_server.cpp:198    Failed to create file monero-wallet-rpc.18557.login. Check permissions or remove file
monero_1  | 2018-03-28 12:51:21.963     7f47366a4740    ERROR   wallet.rpc  src/wallet/wallet_rpc_server.cpp:1894   Failed to initialize wallet rpc server
monerodocker_monero_1 exited with code 1

[arnuschky]

@skinderis how does your docker file look like?

[skinderis]

RUN export DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && apt-get upgrade -y
RUN apt-get install -y libboost-all-dev
RUN apt-get install -y libzmq3-dev
RUN apt-get install -y libunbound-dev \
                libminiupnpc-dev

WORKDIR /root

RUN mkdir monero && \
    mkdir monero/data

ADD app/ monero/app/
ADD start.sh monero/app/start.sh
RUN chmod -R 700 monero/app/*

WORKDIR /root/monero/app

EXPOSE 18555 18556 18557

CMD ["/bin/bash"]

@arnuschky

[arnuschky]

What is the exact command that you use for starting the wallet? I think you might not specify the rpc username/password correctly. How do you store your persistent data in this container?

@moneromooo-monero from reading #2379 I think this should be fixed if the rpc username is specified.

[skinderis]

monero.conf file

data-dir=/root/monero/data
rpc-bind-ip=0.0.0.0
rpc-bind-port=18556 
p2p-bind-port=18555
p2p-bind-ip=0.0.0.0
rpc-login=user:password

monero-wallet.conf file

daemon-address=127.0.0.1:18556
rpc-bind-ip=0.0.0.0
rpc-bind-port=18557
rpc-login=user:password
wallet-dir=/root/monero/data/monero-wallets

start.sh file

#!/bin/bash 
./monerod --restricted-rpc --confirm-external-bind --non-interactive --config-file /root/monero/data/monero.conf --detach && \
./monero-wallet-rpc --config-file /root/monero/data/monero-wallet.conf --confirm-external-bind

docker-compose.yml file

version: '3'
services:
    monero:
      image: monero-docker
      ports:
       - 18555:18555
       - 18556:18556
       - 18557:18557
      volumes:
       - ${PWD}/monero_data:/root/monero/data/
      command: ./start.sh
      restart: always

I am running container with docker-compose up. For the first time (when it creates new container) runs smoothly, but when I stop it and run again it throws me error. @arnuschky

[arnuschky]

So it seems that it creates the file even though you specify the rpc user in the config file. Can you check in your /root/monero/data/monero-wallets dir to see if the .login file is present?

@moneromooo-monero I think the problem is that the wallet only refrains from creating the login file if the user's given on the command line and not if it's in the config.

[skinderis]

@arnuschky the file is present. I run docker container prune, it deletes container and after that I can run with docker-compose up. The thing is that when there is that .login file, it can't create another .login file.

[BeOleg]

Hi, any updates on this, same problem here.

[fullmetalScience]

EDIT: Nevermind. I realized $PWD was / in the chroot (obviously; too many screen-hours).

So this is solved here by calling chroot ... sh -c 'cd ~/.cache/monero && monero-wallet-rpc ...'.

---

This is from within chroot (with strace):

# foo is created successfully - no other files in this directory
$ cd ~/.cache/monero && touch foo
$ TERM=xterm-256color sudo HOME=/home/user strace \
    chroot --userspec=1000:1000 /path/to/chroot \
        monero-wallet-rpc --no-initial-sync --rpc-ssl disabled \
            --rpc-bind-port=38082 --daemon-host stagenet.community.rino.io \
            --daemon-port 38081 --untrusted-daemon --password '' \
            --wallet-file /home/user/.local/share/monero/stagenet \
            --log-file=/tmp/monero-wallet-rpc.stagenet.log \
            --log-level 0 --stagenet

Monero 'Fluorine Fermi' (v0.18.3.3-release)
Logging to /tmp/monero-wallet-rpc.stagenet.log
2024-05-09 18:20:19.633 W Loading wallet...
...

openat(AT_FDCWD, "monero-wallet-rpc.38082.login", O_RDONLY|O_CREAT, 0400) = -1 EACCES (Permission denied)
lstat("", 0x7ffe6ff58a90)               = -1 ENOENT (No such file or directory)
lseek(3, 0, SEEK_CUR)                   = 600113
write(3, "2024-05-09 18:12:53.616\t    7f6a"..., 181) = 181
lseek(3, 0, SEEK_CUR)                   = 600294
write(1, "\33[0;31m2024-05-09 18:12:53.616\tE"..., 1262024-05-09 18:12:53.616   E Failed to create file monero-wallet-rpc.38082.login. Check permissions or remo
ve file
) = 126
lseek(3, 0, SEEK_CUR)                   = 600294
write(3, "2024-05-09 18:12:53.617\t    7f6a"..., 135) = 135
lseek(3, 0, SEEK_CUR)                   = 600429
write(1, "\33[0;31m2024-05-09 18:12:53.617\tE"..., 792024-05-09 18:12:53.617    E Failed to initialize wallet RPC server
) = 79
write(1, "\33[0m", 4)                   = 4
close(16)                               = 0