Nethserver-cockpit error

NethServer Version: 7.7
Module: cockpit
I still use the ‘old’ servermanager but today I logged in to nethserver-cockpit to see what has changed after a (small) update. I use a subscription for this server so it is not the bleeding edge version of nethserver-cockpit.

Logging in is no problem, but as soon I click on a (sub) menu, I get an errormessage:
cockpiterror

the output of the command, as suggested by the errormessage:

[rob@domain.tld@ns7 ~] sudo /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-task/read | jq [sudo] password for rob@interlin.nl: { "steps": -1, "event": null, "message": "no running tasks" } [rob@domain.tld@ns7 ~]

Any suggestions or actions to take for further troubleshooting?

check first if it is not a sudo problem

visudo -c

Looks like this is the case. With root I don’t have this problem. Howver, in the old servermanager I set my account as administrator and is member of domain admins.
What extra permission do I need for a non root account?

Hi rob,

happy new year.

May be you need permission for Remote Shell (SSH)?

Regards

Uwe

My account has SSH access…

Ok.

No mor idea from my side.

Permissions between nethgui and cockpit are completely different, but if you are members of domains admins you should have the same right than administrator or admin

Can you reproduce with admin or administrator

both admin and administrator accounts can’t log in. After several seconds I get a:

Authentication failed: Timeout

only root has no problems after logging in.

On ‘old’ servermanager, both admin and administrator have no issues…

you must enable ssh for each account, it is not per default

added SSH access for admin and administrator. Also admin and administrator get the error message I get with my personal account.
Only root has no issues.

What is the output

So it is a permission problem:
root gets a “parsed ok” output
my own account gets a “unable to open /etc/sudoers: Permission denied” output.

When I look at visudo file I see the following entry:

##Allow Samba4 AD Domain Admins
%domain\ admins ALL=(ALL) ALL

Since my personal account is memeber of domain admins, I should have enough priviledges?

So members of domain admins cannot use cockpit, admin included also.

It sounds like you got the former version of cockpit, what is the version of nethserver-cockpit

Do others can reproduce, use admin to login in cockpit

When I do a yum update nethserver-cockpit the result is:

No packages marked for update

yum info nethserver-cockpit
Loaded plugins: changelog, fastestmirror, nethserver_events
Loading mirror speeds from cached hostfile

Can’t repoduce this.
I can login with admin user and access all submenus.
Can’t login with administrator, but that is ment to be so AFAICR.
I can login only with users that have ssh enabled and if the are not member of domain admins I can’t brows menus, except the dashboard and they password page.
Users which are member of domain admins can brows all menus and have all rights it seems.
But in no case I saw the error of @robb .

Server has also a subscription.

1 Like

The upgrade is not locked in software manager setting?

Unless it is locked because of subscription repo’s, I don’t see how I could lock a package for update. Is there such an option?
In /etc/yum.conf there are no excludes either

this is what version you must run

[root@prometheus ~]# rpm -qa | grep nethserver-cockpit
nethserver-cockpit-lib-1.3.13-1.ns7.noarch
nethserver-cockpit-1.3.13-1.ns7.noarch

I get this:

[root@ns7 ~]# rpm -qa | grep nethserver-cockpit
nethserver-cockpit-1.3.13-1.ns7.noarch
nethserver-cockpit-lib-1.3.13-1.ns7.noarch

Looks the same to me…

1 Like

sudo -U admin -ll

must gives back all permissions of your user

This is mine : https://gist.github.com/stephdl/664895b896cb2b33ac9466ffff0c4119

su admin -c '/usr/libexec/nethserver/api/system-authorization/read | jq'

it should gives back the route you are allowed for your user : https://gist.github.com/stephdl/6a8ae9c4f2b817d06502800e5e593af3