Cockpit users see an error instead of values

I tried this solution on a freshly installed and updated NS7.8
With the proposed powerusers file in sudoers.d did not work when naming the file 90_powerusers
However, the order seems relevant. Changing the name to 10_powerusers did work.

Problem was with logging in to cockpit. With an LDAP user de values in cockpit did not load. After changing the name of the file, the values did load.

@giacomo @stephdl @davidep Is there anything why changing the name of the powerusers file should not start with 10? Would it be better if it is later in the list? Can you give some clarification why I encountered this behavior?

1 Like

why not to simply add a secondary group wheel to your user ?

I was troubleshooting this with Markus, but even adding wheel to the user gave an error with cockpit. The values just didn;t load and in the end it throws an error:

Error
The following command has failed:
system-task/read
Unfortunately we couldn’t catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.

I had to use the above mentioned trick, but this only worked when the ‘powerusers’ file was processed earlier than with name starting with 90

I think I don’t fully get your issue. Isn’t domain admins there for the job?

Please see

/etc/nethserver/cockpit.allow

Maybe your group name must be there (with a template-custom)

And also in cockpit the group has to be “nopasswd” in sudoers. It could be

%powerusers ALL=NOPASSWD: ALL

Maybe too much power :slight_smile: For this reason “domain admins” has a stricter expression.

Consider also to check the sudoers configuration with

visudo -c

For cockpit we surely need /etc/nethserver/cockpit.allow. We could grant this new permission for NS7.9, like we just did for SSH


Yes it would be there to do the job. But I encountered an issue with logging into cockpit. The only accounts that would load the values in cockpit (for example in the dashboard) were admin from LDAP and root.
Later created accounts can log into cockpit but values are not shown. After a time out, cockpit throws an error:

Error
The following command has failed:
system-task/read
Unfortunately we couldn’t catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.

Then pasting the command in terminal gives no clues what happened.

I encountered this on a freshly installed NS7.8 with all updates. @mrmarkuz experienced the same on his own server. IMO there is some bug in cockpit permissions that blocks users from getting output. Creating the ‘powerusers’ group and adding a file, that allows all for the powerusers, to the sudoers.d directory only works if it is not last in the list.
maybe @quality_team could try and confirm this?
To me, depending and relying on a order of execution of files seems a bit tricky and hacky. Is this how we want to grant users sudo rights?

If there is a bug, we’ve to find a way to reproduce it :wink:

Please check with visudo -c that your sudo configuration is working properly


Can you paste it anyway?