Since tailescale 1.24: no group permission for administrators .qpkg/Tailscale/var/run/tailscale

[scheini1972]

I did upgrade tailscale from 1.22 to 1.24 for my TS-120 and int4end to upgrade it as well on my TS-453, but tailscaled does not start due to missing writing group permission for the group administrators.

As suggested by Qnap my local administrator is deactivated, but I do have one in the group. Here the permissions on my TS-120

[<***> Tailscale]$ ls -alh var/run/tailscale/
drwxr-xr-x 2 admin administ 4.0k Apr 24 07:24 ./ drwxr-xr-x 3 admin administ 4.0k Apr 23 10:06 ../ -rw-r--r-- 1 admin administ 6 Apr 24 07:24 tailscale.pid srw-rw-rw- 1 admin administ 0 Apr 24 07:24 tailscaled.sock=

Here the actual permisions on TS-453

[<***> Tailscale]$ ls -alh var/run/tailscale/ total 12K drwxr-xr-x 2 admin administrators 4.0K 2022-04-05 11:35 ./ drwxr-xr-x 3 admin administrators 4.0K 2022-03-25 11:02 ../ srw-rw-rw- 1 admin administrators 0 2022-04-05 11:35 tailscaled.sock= -rw-rw-rw- 1 admin administrators 6 2022-04-05 11:35 tailscale.pid

Anything changed? thanks for support

[scheini1972]

Additional info: Even as workaround, activating the administrator account and starting Tailscale via ssh seems not to work.

[ivokub]

Hi @scheini1972, thanks for the report.

Nothing has changed on this package side (new packages are built automatically from the upstream). Does Tailscale return an error or the operating system? If you have any textual logs then could you please provide them?

Do I understand your current situation correctly:

• on TS-120 you run Tailscale as administrator and the upgrade from 1.22 to 1.24 succeeded?
• on TS-453 you have disabled the administrator user. Previously running Tailscale as non-administrator user (who is in the administrator group) worked. On update to package version 1.24 this setup does not work anymore.

I think this issue may take a bit to understand and debug. I personally do not have such configuration (I am running everything as administrator due to some other package incompatibility), but it looks like it should work.

[scheini1972]

Hi @ivokub , I will try to upgrade to 1.24.1 and check again. Until 1.22.2. this procedure worked fine, even with deactivated admin:

1. Creating the packages on a laptop.
2. Manually installed the created packages (either Tailscale_v1.24.0_arm-x19.qpkg or Tailscale_v1.24.0_x86_64.qpkg) via app Center on the NAS.
3. Restarted the NAS. As the package was installed already once, I didn't have to follow your documentation to register tailscale again.

I would love to continue with deactivated administrator accounts. On the TS-120 - as a workaround - I activated it again to test.

I will let you know my results after the new upgrade to 1.24.1 Cheers scheini1972

[scheini1972]

Upgrade done, without success

thjis is the log, when I try to satart tailsacled (as administrator) manuallyl wgengine.NewUserspaceEngine(tun "tailscale0") ... Linux kernel version: 3.4.6 is CONFIG_TUN enabled in your kernel? modprobe tun failed with: modprobe: could not parse modules.dep

wgengine.NewUserspaceEngine(tun "tailscale0") error: tstun.New("tailscale0"): no such device flushing log. logger closing down createEngine: tstun.New("tailscale0"): no such device [/share/HDA_DATA/.qpkg/Tailscale] #

[scheini1972]

Resolved the issue, with following procedure

1. Uninstalled tailscale
2. uninstalled OpenVPN
3. Reinstalled OpenVPN service
4. Reinstalled tailscale
5. Authenticated again

now after restart, works again