Nethserver-cockpit error

robb · January 5, 2020, 4:45pm

NethServer Version: 7.7
Module: cockpit
I still use the ‘old’ servermanager but today I logged in to nethserver-cockpit to see what has changed after a (small) update. I use a subscription for this server so it is not the bleeding edge version of nethserver-cockpit.

Logging in is no problem, but as soon I click on a (sub) menu, I get an errormessage:
cockpiterror

the output of the command, as suggested by the errormessage:

[rob@domain.tld@ns7 ~] sudo /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-task/read | jq [sudo] password for rob@interlin.nl: { "steps": -1, "event": null, "message": "no running tasks" } [rob@domain.tld@ns7 ~]

Any suggestions or actions to take for further troubleshooting?

stephdl · January 5, 2020, 5:21pm

check first if it is not a sudo problem

visudo -c

robb · January 5, 2020, 7:18pm

Looks like this is the case. With root I don’t have this problem. Howver, in the old servermanager I set my account as administrator and is member of domain admins.
What extra permission do I need for a non root account?

transocean · January 5, 2020, 7:23pm

Hi rob,

happy new year.

May be you need permission for Remote Shell (SSH)?

Regards

Uwe

robb · January 5, 2020, 7:24pm

My account has SSH access…

transocean · January 5, 2020, 7:26pm

Ok.

No mor idea from my side.

stephdl · January 5, 2020, 8:36pm

Permissions between nethgui and cockpit are completely different, but if you are members of domains admins you should have the same right than administrator or admin

Can you reproduce with admin or administrator

robb · January 6, 2020, 12:30pm

both admin and administrator accounts can’t log in. After several seconds I get a:

Authentication failed: Timeout

only root has no problems after logging in.

On ‘old’ servermanager, both admin and administrator have no issues…

stephdl · January 6, 2020, 1:55pm

you must enable ssh for each account, it is not per default

robb · January 6, 2020, 2:24pm

added SSH access for admin and administrator. Also admin and administrator get the error message I get with my personal account.
Only root has no issues.

stephdl · January 7, 2020, 6:30am

What is the output

robb · January 7, 2020, 10:35am

So it is a permission problem:
root gets a “parsed ok” output
my own account gets a “unable to open /etc/sudoers: Permission denied” output.

When I look at visudo file I see the following entry:

##Allow Samba4 AD Domain Admins
%domain\ admins ALL=(ALL) ALL

Since my personal account is memeber of domain admins, I should have enough priviledges?

stephdl · January 8, 2020, 10:51am

So members of domain admins cannot use cockpit, admin included also.

It sounds like you got the former version of cockpit, what is the version of nethserver-cockpit

Do others can reproduce, use admin to login in cockpit

robb · January 8, 2020, 11:22am

When I do a yum update nethserver-cockpit the result is:

No packages marked for update

yum info nethserver-cockpit
Loaded plugins: changelog, fastestmirror, nethserver_events
Loading mirror speeds from cached hostfile

sb-base: u3.nethserver.com

sb-centos-sclo-rh: u3.nethserver.com

sb-centos-sclo-sclo: u3.nethserver.com

sb-epel: u3.nethserver.com

sb-extras: u3.nethserver.com

sb-nethserver-base: u3.nethserver.com

sb-nethserver-updates: u3.nethserver.com

sb-updates: u3.nethserver.com
Installed Packages
Name : nethserver-cockpit
Arch : noarch
Version : 1.3.13
Release : 1.ns7
Size : 2.5 M
Repo : installed
From repo : sb-nethserver-updates
Summary : NethServer Server Manager Web UI
URL : http://github.com/NethServer/nethserver-cockpit
License : GPLv3
Description : NethServer Server Manager Web UI based on Cockpit

flatspin · January 8, 2020, 11:24am

Can’t repoduce this.
I can login with admin user and access all submenus.
Can’t login with administrator, but that is ment to be so AFAICR.
I can login only with users that have ssh enabled and if the are not member of domain admins I can’t brows menus, except the dashboard and they password page.
Users which are member of domain admins can brows all menus and have all rights it seems.
But in no case I saw the error of @robb .

Server has also a subscription.

stephdl · January 8, 2020, 11:32am

The upgrade is not locked in software manager setting?

robb · January 8, 2020, 11:43am

Unless it is locked because of subscription repo’s, I don’t see how I could lock a package for update. Is there such an option?
In /etc/yum.conf there are no excludes either

stephdl · January 8, 2020, 1:04pm

this is what version you must run

[root@prometheus ~]# rpm -qa | grep nethserver-cockpit
nethserver-cockpit-lib-1.3.13-1.ns7.noarch
nethserver-cockpit-1.3.13-1.ns7.noarch

robb · January 8, 2020, 1:15pm

I get this:

[root@ns7 ~]# rpm -qa | grep nethserver-cockpit
nethserver-cockpit-1.3.13-1.ns7.noarch
nethserver-cockpit-lib-1.3.13-1.ns7.noarch

Looks the same to me…

stephdl · January 8, 2020, 1:35pm

sudo -U admin -ll

must gives back all permissions of your user

This is mine : https://gist.github.com/stephdl/664895b896cb2b33ac9466ffff0c4119

su admin -c '/usr/libexec/nethserver/api/system-authorization/read | jq'

it should gives back the route you are allowed for your user : https://gist.github.com/stephdl/6a8ae9c4f2b817d06502800e5e593af3