search

zabbly / incus

Incus package repository
176 stars 14 forks source link

permission denied #1

Closed mmrezaie closed 10 months ago

mmrezaie commented 10 months ago

I am getting this error after the installation of incus:

running command incus list --debug

DEBUG [2023-09-15T07:21:25Z] Connecting to a local Incus over a Unix socket DEBUG [2023-09-15T07:21:25Z] Sending request to Incus etag= method=GET url="http://unix.socket/1.0" Error: Get "http://unix.socket/1.0": dial unix /var/lib/incus/unix.socket: connect: permission denied

stgraber commented 10 months ago

The current version of the package requires you to run the commands as the root user.

The upcoming build (being tested now) will introduce an incus group, similar to the lxd group, allowing for select users to directly interact with incus.

mmrezaie commented 10 months ago

Oh, I see. Thanks. I will follow the development to see if I can contribute further down the line.

stgraber commented 10 months ago

This has been resolved, the current version of the package will create an incus group and any member of that group can directly talk to incus without needing root privileges.

soda-pop-ice-cream commented 9 months ago

I still have this issue with 0.1 release:

user@desktop ~ $ incus list --debug
DEBUG  [2023-10-09T07:16:36+02:00] Connecting to a local Incus over a Unix socket 
DEBUG  [2023-10-09T07:16:36+02:00] Sending request to Incus                      etag= method=GET url="http://unix.socket/1.0?project=user-1000"
Error: Get "http://unix.socket/1.0?project=user-1000": read unix @->/var/lib/incus/unix.socket.user: read: connection reset by peer

Yes, incus group exist, but it seems something still wrong:

user@desktop ~ $ id
uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),136(sambashare),138(incus),999(lxd)

And socket is using incus group:

user@desktop ~ $ ls -lAh /var/lib/incus/unix.socket.user
srw-rw---- 1 root incus 0 oct  9 01:46 /var/lib/incus/unix.socket.user
user@desktop ~ $ ls -lAhn /var/lib/incus/unix.socket.user
srw-rw---- 1 0 138 0 oct  9 01:46 /var/lib/incus/unix.socket.user

I had rebooted after adding myself to incus group.

Everything works as expected as root:

user@desktop ~ $ sudo incus list --debug                   
DEBUG  [2023-10-09T07:18:47+02:00] Connecting to a local Incus over a Unix socket 
DEBUG  [2023-10-09T07:18:47+02:00] Sending request to Incus                      etag= method=GET url="http://unix.socket/1.0"
DEBUG  [2023-10-09T07:18:47+02:00] Got response struct from Incus               
DEBUG  [2023-10-09T07:18:47+02:00] 
    {
        "config": {
            "images.auto_update_interval": "0"
        },
...

More precise version: 0.1-202310070833-ubuntu22.04

stgraber commented 9 months ago

Can you show sudo journalctl -n 300 ?

Note that the incus group is for restricted access to Incus, if you intended for your user to have access to Incus similar to what you get as root, it's the incus-admin group that you want instead.

soda-pop-ice-cream commented 9 months ago

@stgraber sure:

Oh, there are certificate error.

oct 09 10:10:41 desktop incus-user[11416]: time="2023-10-09T10:10:41+07:00" level=info msg="Starting up the server"
oct 09 10:10:41 desktop incus-user[11416]: time="2023-10-09T10:10:41+07:00" level=error msg="Failed to load TLS connection settings: Unable to open client certificate: open /var/lib/incus/users/1000/client.crt:>
окт 09 10:11:16 desktop systemd[1]: incus-user.service: Deactivated successfully.

And this directory is empty:

sudo ls -lAh /var/lib/incus/users/1000/
total 0

But there are certificate and key here:

sudo ls -lAh /var/lib/incus/users/var/lib/incus/users/1000/
total 8,0K
-rw-r--r-- 1 root root 696 oct  9 06:46 client.crt
-rw------- 1 root root 288 oct  9 06:46 client.key
stgraber commented 9 months ago

Ah, thanks, that should be an easy fix.

stgraber commented 9 months ago

https://github.com/lxc/incus/pull/140 will take care of that one