Open nahimov opened 10 months ago
so strange, i install perl-Perl4-CoreLibs, after start rpm -U fidogate-5.12-1.x86_64.rpm, after i see:
Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: Unit fidogate.service entered failed state. Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: fidogate.service failed. Nov 25 18:16:52 v6q2mre27tqvz5i sshd[8705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.237.131.141 user=root Nov 25 18:16:54 v6q2mre27tqvz5i sshd[8705]: Failed password for root from 121.237.131.141 port 49183 ssh2 Nov 25 18:16:54 v6q2mre27tqvz5i sshd[8705]: Connection closed by 121.237.131.141 port 49183 [preauth] Nov 25 18:16:56 v6q2mre27tqvz5i sshd[8713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.237.131.141 user=root Nov 25 18:16:59 v6q2mre27tqvz5i sshd[8713]: Failed password for root from 121.237.131.141 port 49726 ssh2 Nov 25 18:16:59 v6q2mre27tqvz5i sshd[8713]: Connection closed by 121.237.131.141 port 49726 [preauth]
I'm consufed
I basically abandoned the project since the war in Ukraine started. Historically I used only russian speaking part of fidonet and it mostly supports the war, so I'm not interested in it anymore.
Hello! What does Fido have to do with war? Fido has always been out of politics. For example, I come from Kyiv, I communicate with you in English, because I don’t know which country you are from and I do not want to violate the opinion of someone. Странно всё это, ну ладно...
The crucial part is that I'm not interested in and I do not use the project anymore. And I explained why. It happens in open source every now and then.
Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: Unit fidogate.service entered failed state. Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: fidogate.service failed.
Did you check fidogate logs? Also you can check: systemctl status fidogate.service and journactl -u fidogate.service
Fidogate itself is not a daemon. systemd unit file is used just to create a directory in /run for flags (it was non-volatile /var/run years ago and a part of the package, but then things changed). I did not check why it does not work anymore or in your case, but it should not be a showstopper, you should be able to create it manually at least.
Fidogate itself is not a daemon. systemd unit file is used just to create a directory in /run for flags (it was non-volatile /var/run years ago and a part of the package, but then things changes). I did not check why it does not work anymore or in your case, but it should not be a showstopper, you should be able to create it manually at least.
Yes, you are fully right, but systemd unit logs can help to understand the reason of this current issue. As far as I remember, Centos 7 has SELINUX enabled by default and also some debian-based OS have apparmor. Mandatory access control can affect to creating directories needed for Fidogate. Unfortunately, I never tested Fidogate in rmp or deb based OS.
If you know how to fix the unit file I'll apply the patch, no problem
If you know how to fix the unit file I'll apply the patch, no problem
Let me start my vm ware workstation... As far as I remember, I had Centos7 installed for tests.
As I wrote before, systemctl logs helped
fidogate.service - Fidogate runtime prepare
Loaded: loaded (/usr/lib/systemd/system/fidogate.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2024-01-30 17:34:56 EST; 24s ago
Process: 14208 ExecStart=/bin/chown ftn:news /run/fidogate (code=exited, status=1/FAILURE)
Process: 14206 ExecStart=/bin/mkdir -p /run/fidogate (code=exited, status=0/SUCCESS)
Main PID: 14208 (code=exited, status=1/FAILURE)
Jan 30 17:34:56 localhost.localdomain systemd[1]: Starting Fidogate runtime prepare...
Jan 30 17:34:56 localhost.localdomain chown[14208]: /bin/chown: invalid user: ‘ftn:news’
Jan 30 17:34:56 localhost.localdomain systemd[1]: fidogate.service: main process exited, code=exited, status=1/FAILURE
Jan 30 17:34:56 localhost.localdomain systemd[1]: Failed to start Fidogate runtime prepare.
Jan 30 17:34:56 localhost.localdomain systemd[1]: Unit fidogate.service entered failed state.
Jan 30 17:34:56 localhost.localdomain systemd[1]: fidogate.service failed.
Jan 30 17:30:35 localhost.localdomain sshd[13601]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 17:31:15 localhost.localdomain polkitd[640]: Registered Authentication Agent for unix-process:14094:25675 (system bus name :1.23
Jan 30 17:31:15 localhost.localdomain systemd[1]: Reloading.
Jan 30 17:31:16 localhost.localdomain polkitd[640]: Unregistered Authentication Agent for unix-process:14094:25675 (system bus name :1.
Jan 30 17:34:50 localhost.localdomain yum[14172]: Installed: perl-Perl4-CoreLibs-0.003-7.el7.noarch
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/gshadow: name=news
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: new group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain useradd[14198]: new user: name=news, UID=996, GID=13, home=/etc/fidogate, shell=/bin/bash
Jan 30 17:34:56 localhost.localdomain systemd[1]: Starting Fidogate runtime prepare...
-- Subject: Unit fidogate.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fidogate.service has begun starting up.
Jan 30 17:34:56 localhost.localdomain chown[14208]: /bin/chown: invalid user: ‘ftn:news’
Jan 30 17:34:56 localhost.localdomain systemd[1]: fidogate.service: main process exited, code=exited, status=1/FAILURE
Jan 30 17:34:56 localhost.localdomain systemd[1]: Failed to start Fidogate runtime prepare.
-- Subject: Unit fidogate.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Looks like issue around: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.service#L6-L8 but seems it's for debian.
Into spec file: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L18
I think it should be news:news, but I don't understand where rpm get ftn:new
If you know how to fix the unit file I'll apply the patch, no problem
Yes, I create user ftn in debian postinst and probably forgot it in %postin
Yes, I create user ftn in debian postinst and probably forgot it in %postin
The issue is a simple, but need to think how it should be most correctly: there we have ftn:ftn https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.postinst#L37-L38 there we have ftn:news https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.service#L7 there ftn:news https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.postinst#L41 and etc: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.postinst#L43-L44
Yes, it's on purpose. To marry news and ftn. And there are SUID binaries for that.
Perhaps, we should create additional user around here:
but I dont know if it's a good solution: something like:
useradd -r -g news -d /home/ftn -c "Fidogate user" ftn
However, it looks like a bad hardcode
Also we can just try to change news to ftn:
While, I'm not understanding how it should be by desing
Perhaps, we should create additional user around here:
but I dont know if it's a good solution: something like:
useradd -r -g news -d /home/ftn -c "Fidogate user" ftn
However, it looks like a bad hardcode
Hmm, and %{user} is news there in rpm. I'm wondering how I supposed it to work on rpm-based and how tested :) It was long time ago
I suspect that we need both users and groups: ftn:ftn (for Fidogate) and news:news for Innd service, but not sure on 100%
Also, Fidogate can work without Innd service. I think in this case news:news will absent in the system. Btw, does innd use news:news by default in Linux?
IIRC on debian there is binkd under ftn, so I wanted to integrate it there. Probably for rpm-based it is not valid and working under news:news is ok. But then the unit file should be fixed for that.
IIRC on debian there is binkd under ftn, so I wanted to integrate it there. Probably for rpm-based it is not valid and working under news:news is ok. But then the unit file should be fixed for that.
Souds good. We can put dedicated unit file something here: https://github.com/ykaliuta/fidogate/tree/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm
Just to change ftn to news:
[Unit]
Description=Fidogate runtime prepare
[Service]
Type=oneshot
ExecStart=/bin/mkdir -p /run/fidogate
ExecStart=/bin/chown news:news /run/fidogate
ExecStart=/bin/chmod 770 /run/fidogate
[Install]
WantedBy=multi-user.target
and change path here: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L56
to
install -D -m 0644 %{name}.service
Also, Fidogate can work without Innd service. I think in this case news:news will absent in the system. Btw, does innd use news:news by default in Linux?
It is Suggested for debian but I do not remember if news user is included into base passwd. May be bug here as well for sure.
It is Suggested for debian but I do not remember if news user is included into base passwd. May be bug here as well for sure.
As far as I see, Centos 7 didn't have news:news before Fidogate rmp installation: pay attention to uid:
[root@localhost tmp]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
s.anohin:x:1000:1000::/home/s.anohin:/bin/bash
dockerroot:x:997:994:Docker User:/var/lib/docker:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
news:x:996:13:Fidonet user:/etc/fidogate:/bin/bash
and gid
[root@localhost tmp]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
input:x:999:
systemd-journal:x:190:
systemd-network:x:192:
dbus:x:81:
polkitd:x:998:
ssh_keys:x:997:
sshd:x:74:
postdrop:x:90:
postfix:x:89:
chrony:x:996:
s.anohin:x:1000:
cgred:x:995:
dockerroot:x:994:
apache:x:48:
mysql:x:27:
jackuser:x:993:
tss:x:59:
news:x:13:
IIRC on debian there is binkd under ftn, so I wanted to integrate it there. Probably for rpm-based it is not valid and working under news:news is ok. But then the unit file should be fixed for that.
Souds good. We can put dedicated unit file something here: https://github.com/ykaliuta/fidogate/tree/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm
Just to change ftn to news:
[Unit] Description=Fidogate runtime prepare [Service] Type=oneshot ExecStart=/bin/mkdir -p /run/fidogate ExecStart=/bin/chown news:news /run/fidogate ExecStart=/bin/chmod 770 /run/fidogate [Install] WantedBy=multi-user.target
and change path here:
to
install -D -m 0644 %{name}.service
In theory it would be better to generate both from some common template but probably it does not make sense for such a simple case (keeping in mind that make dist generated tarball should be buildable for rpm). So, I will take it
It is Suggested for debian but I do not remember if news user is included into base passwd. May be bug here as well for sure.
As far as I see, Centos 7 didn't have news:news before Fidogate rmp installation: pay attention to uid:
[root@localhost tmp]# cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin s.anohin:x:1000:1000::/home/s.anohin:/bin/bash dockerroot:x:997:994:Docker User:/var/lib/docker:/sbin/nologin apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin news:x:996:13:Fidonet user:/etc/fidogate:/bin/bash
and gid
[root@localhost tmp]# cat /etc/group root:x:0: bin:x:1: daemon:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mem:x:8: kmem:x:9: wheel:x:10: cdrom:x:11: mail:x:12:postfix man:x:15: dialout:x:18: floppy:x:19: games:x:20: tape:x:33: video:x:39: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: utmp:x:22: utempter:x:35: input:x:999: systemd-journal:x:190: systemd-network:x:192: dbus:x:81: polkitd:x:998: ssh_keys:x:997: sshd:x:74: postdrop:x:90: postfix:x:89: chrony:x:996: s.anohin:x:1000: cgred:x:995: dockerroot:x:994: apache:x:48: mysql:x:27: jackuser:x:993: tss:x:59: news:x:13:
news 13 is predefined.
Also we see in logs:
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/gshadow: name=news
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: new group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain useradd[14198]: new user: name=news, UID=996, GID=13, home=/etc/fidogate, shell=/bin/bash
I've checked another VPS on Centos 7, so there is no have news:news by default
Anyway, the assumption is wrong for whatever reason, the user(s) should be checked and properly created
Anyway, the assumption is wrong for whatever reason, the user(s) should be checked and properly created
From inn rpm:
getent group news >/dev/null || groupadd -g 13 -r news
getent passwd news >/dev/null || \
useradd -r -u 9 -g news -d /etc/news \
-c "News server user" news
exit 0
So, we have already checking news user into the system by OR operator:
I see similar code
So, we have already checking news user into the system by OR operator:
So, I was not so stupid after all :)
So, we have already checking news user into the system by OR operator: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L60-L62
So, I was not so stupid after all :)
Sorry, I get wrong rpm :)
So, I was not so stupid after all :)
Post was edited: https://github.com/ykaliuta/fidogate/issues/25#issuecomment-1918135900
The main difference gid/uid:
news:x:9:13:News server user:/etc/news:/bin/bash
Also, there is have a little interference with home directories: /etc/news VS /etc/fidogate. In this case, may be reasonable to use in rpm spec define user ftn instead of news
So, finally, maybe change news to ftn will be enough here: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L18
in this case user ftn will be included to news group also: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L60-L62
and seems, we won't get interference news and ftp users
Sorry, I get wrong rpm :)
I remebered that UNIX-like community use user fido:fido. In this case, it's possible to use the same for rpm/deb based system: fido:fido for all FTN software. news:news for innd and other This will be a cool unification
There is no unification. https://salsa.debian.org/md/binkd/-/blob/master/debian/binkd.postinst?ref_type=heads
There is no unification. https://salsa.debian.org/md/binkd/-/blob/master/debian/binkd.postinst?ref_type=heads
Yes, you are right. In this case, ftn user for Fidogate in rpm-based OS will be more natively
There is no unification. https://salsa.debian.org/md/binkd/-/blob/master/debian/binkd.postinst?ref_type=heads
I'll try to rebuild rpm to change user news in spec file to ftn and try to install new rpm on my VPS. I'll send you git patch if won't see errors during install
Hello! Is it possible to install this package fidogate to centos 7 ? I'll try to: rpm -i fidogate-5.12-1.x86_64.rpm but have a problem with perl: error: Failed dependencies: perl(getopts.pl) is needed by fidogate-5.12-1.x86_64 I have installed perl, but no idea what they want....