I'm trying to "su" in the container deployed in IBM Containers/Bluemix.
But it fails like this.
root#ubuntu142:/tmp# cf ic exec -it mysshd bash
[root#instance-001652d1 /]# adduser ubuntu
[root#instance-001652d1 /]# su - ubuntu
su: cannot create child process: Resource temporarily unavailable
This works fine in my local docker environment.
I also tried to "su" in the startup script( user is already defined ), but it also failed with the same message( from the log ).
( Actually, I'm trying to deploy DB2-Express-C using "su db2inst1".. )
Is there any restriction that "su" is prohibited in IBM container?
Thanks in advance.
I've seen this problem in Centos 7 container instances only (it works fine for Ubuntu).
Here is the solution to fix it:
$ cf ic exec -it ads-centos bash
[root#instance-00173f1f /]# adduser ubuntu
[root#instance-00173f1f /]# su - ubuntu
su: cannot create child process: Resource temporarily unavailable
[root#instance-00173f1f /]# cd etc
[root#instance-00173f1f etc]# cd pam.d
[root#instance-00173f1f pam.d]# vi su
** change all session variables to 'optional' and save changes **
** see how file should be below **
[root#instance-00173f1f pam.d]# su - ubuntu
[ubuntu#instance-00173f1f ~]$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu)
[ubuntu#instance-00173f1f ~]$
Here is how the su file should be
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session optional system-auth
session optional postlogin
session optional pam_xauth.so
Related
I would like to finish my installation with Docker/ArangoDB, but I find somes errors in Arangosh :
I install Docker CE;
I use this code to simplify installation and avoid manager installation :
sudo docker volume create arangodb3
sudo docker stop arangodb-instance
sudo docker run -d \ -e ARANGO_NO_AUTH=1 \ -p 8529:8529 \-v arangodb3:/var/lib/arangodb3 \ --name arangodb-instance \ arangodb/arangodb:3.4.9
sudo docker exec -it arangodb-instance arangosh
3)ARANGOSH this my errors for :
Command-line history will be persisted when the shell is exited.
Connected to ArangoDB 'http+tcp://127.0.0.1:8529' version: 3.4.9 [SINGLE, server], database: '_system', username: 'root'
Type 'tutorial' for a tutorial or 'help' to see common examples
127.0.0.1:8529#_system> db._createDatabase("testdb");
true
MY ERRORS :
127.0.0.1:8529#_system> users.save("testuser#localhost", "dbuserpassword");
JavaScript exception: ReferenceError: users is not defined
!users.save("testuser#localhost", "dbuserpassword");
!^
stacktrace: ReferenceError: users is not defined
at :1:1
127.0.0.1:8529#_system>
127.0.0.1:8529#_system> users.grantDatabase("testuser#example", "testdb");
JavaScript exception: ReferenceError: users is not defined
!users.grantDatabase("testuser#example", "testdb");
!^
stacktrace: ReferenceError: users is not defined
at :1:1
127.0.0.1:8529#_system>
I just to use the command-lines:
db._dropDatabase("testdb");
sudo vim /etc/arangodb3/arangod.conf
#endpoint = tcp://127.0.0.1:8529
endpoint = tcp://192.168.10.11:8529
sudo systemctl restart arangodb3
sudo ufw allow proto tcp from any to any port 8529
To have access in WEB dashboard of ArangoDB.
Thank you for your response.
In order to have access to the users object, you first need to import it a la:
users = require('#arangodb/users');
users.save('JohnSmith', 'mypassword');
Source: Managing Users in the ArangoDB Shell
I am using Docker 1.13 community edition on a CentOS 7 x64 machine. When I was following a Docker Compose sample from Docker official tutorial, all things were OK until I added these lines to the docker-compose.yml file:
volumes:
- .:/code
After adding it, I faced the following error:
can't open file 'app.py': [Errno 13] Permission denied. It seems that the problem is due to a SELinux limit. Using this post I ran the following command:
su -c "setenforce 0"
to solve the problem temporarily, but running this command:
chcon -Rt svirt_sandbox_file_t /path/to/volume
couldn't help me.
Finally I found the correct rule to add to SELinux:
# ausearch -c 'python' --raw | audit2allow -M my-python
# semodule -i my-python.pp
I found it when I opened the SELinux Alert Browser and clicked on 'Details' button on the row related to this error. The more detailed information from SELinux:
SELinux is preventing /usr/local/bin/python3.4 from read access on the
file app.py.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python3.4 should be allowed read access on the
app.py file by default. Then you should report this as a bug. You can
generate a local policy module to allow this access. Do allow this
access for now by executing:
ausearch -c 'python' --raw | audit2allow -M my-python
semodule -i my-python.pp
I have a Jenkins pod running in OpenShift.
I have enabled anyuid for my project as per http://appagile.io/2017/03/29/how-to-run-a-pod-as-root/.
However, I'm unable to get the initial admin password due to the following issue
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F' /><script>window.location.replace('/login?from=%2F');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
As per the solution mentioned in this - https://stackoverflow.com/a/41055670
I tried adding jenkins user as part of root.
sudo usermod -a -G root jenkins
But sudo package was not installed in the Jenkins pod.
I tried su -i but it's asking for root password which I don't know.
In Docker, I use docker exec -u root option to log in as root.
But I don't see any such option in oc. Are there any other option we can try to resolve this issue?
I'm in the process of trying to find out or reset my PostgreSQL password, which is unknown to me, but which I need in order to migrate my database from SQLite3 to PostgreSQL.
I was trying to locate the hba_conf file so in the terminal I entered:
ps aux | grep postgres
and I found that the directory I needed to find was:
/Library/PostgreSQL/9.6/bin/postmaster -D/Library/PostgreSQL/9.6/data
My problem now is that it is not possible to locate this file because it apparently doesn't exist! When I cd to Library I'm unable to go any further because there is no PostgreSQL folder listed.
This is a bit of a dead end for me as I have no idea why PostgreSQL is not there. PSQL came with my version of Rails, and I updated it. When I type: 'psql -V' in the terminal, the answer is 'psql (PostgreSQL) 9.6.3'.
Help would be much appreciated, thanks :-)
From the library folder, if I run 'sudo su' then enter ls, I get the following:
.localized Calendars Dictionaries Internet Plug-Ins
Maps Saved Application State WebKit
Accounts CallServices Favorites Keyboard
Messages Screen Savers com.apple.nsurlsessiond
Address Book Plug-Ins ColorPickers FontCollections
Keyboard Layouts Metadata Services iMovie
Application Scripts Colors Fonts KeyboardServices
Passes Sharing
Application Support Compositions GameKit Keychains
PreferencePanes Sounds
Assistant Containers Google LanguageModeling
Preferences Spelling
Assistants Cookies Group Containers LaunchAgents
Printers Suggestions
Audio CoreData IdentityServices Logs
PubSub SyncedPreferences
Caches CoreFollowUp Input Methods Mail
Safari Voices
and if I enter ps I get this:
PID TTY TIME CMD
359 ttys000 0:00.02 login -pfl robertosullivan /bin/bash -c exec -
la bash /bin/bash
3267 ttys000 0:00.02 sudo su
3269 ttys000 0:00.01 su
3270 ttys000 0:00.00 sh
3271 ttys000 0:00.00 ps
If I try 'sudo find / -name psql' - I get:
find: /dev/fd/Library: No such file or directory
find: /dev/fd/Library: No such file or directory
/Library/PostgreSQL/9.6/bin/psql
/usr/local/bin/psql
/usr/local/Cellar/postgresql/9.6.3/bin/psql
When I try 'sudo find /Library/PostgreSQL/9.6/data -name *.conf' I get:
/Library/PostgreSQL/9.6/data/pg_hba.conf
/Library/PostgreSQL/9.6/data/pg_ident.conf
/Library/PostgreSQL/9.6/data/postgresql.auto.conf
/Library/PostgreSQL/9.6/data/postgresql.conf
The installation procedure creates a user account called postgres that is associated with the default Postgres role. In order to use Postgres, we can log into that account.
You can run the command you'd like with the postgres account directly with sudo
sudo -u postgres psql
This will prompt for the password for the postgres user.
If you don't have the password for this postgres user, follow the below steps:
sudo vim /etc/postgresql/9.3/main/pg_hba.conf
Around the line number 84,85 change that to
# Database administrative login by Unix domain socket
local all all trust
then Restart the PostgreSQL service via SUDO command
sudo /etc/init.d/postgresql restart
Now You can run the command to log in to the postgres account directly with sudo
sudo -u postgres psql
You will be now entered and will See the Postgresql terminal.Once you have successfully logged into postgres, you can change the password by the command
\password
and enter the NEW Password for Postgres default user, After Successfully changing the Password again go to the pg_hba.conf and revert the change to "md5"
Around the line number 84,85 change that now to
# Database administrative login by Unix domain socket
local all all md5
then Restart the PostgreSQL service via SUDO command
sudo /etc/init.d/postgresql restart
now you will be logged in as
psql -U postgres
with your new Password.
Please let me know if you have any Issues.
as we identified your data_dir as /Library/PostgreSQL/9.6/data/ and found configuration files in it, as we identified your postgres cluster is running with pg_ctl: server is running (PID: 88) /Library/PostgreSQL/9.6/bin/postgres "-D/Library/PostgreSQL/9.6/data, in order to reset your password do:
become a postgres user: sudo su - postgres
login locally with psql
reset the password with alter user USERNAME password 'NEW_PASSWORD'
after that you can connect as that user with psql -U USERNAME -h localhost using your new password
Im trying to get a docker-machine up and running on a Ubuntu 14.04TSL server in our network. I have installed docker+docker-machine on the server and im able to create the docker-machine on the server with this command from my computer:
docker-machine create --driver generic --generic-ip-address 10.10.3.76 --generic-ssh-key "/Users/username/Documents/keys/mysshkey.pem" --generic-ssh-user ubuntuuser dockermachinename
The command above creates the docker-machine and im able to list it with
docker-machine ls
Im able to SSH to it by running
docker-machine ssh dockermachinename
but when i try to connect the server with (-D for debug information)
docker-machine -D env dockermachinename
I get the following message
Docker Machine Version: 0.5.2 ( 0456b9f )
Found binary path at /usr/local/bin/docker-machine-driver-generic
Launching plugin server for driver generic
Plugin server listening at address 127.0.0.1:54213
() Calling .GetVersion
Using API Version 1
() Calling .SetConfigRaw
() Calling .GetMachineName
(dockermachinename) Calling .GetState
(dockermachinename) Calling .GetURL
Reading CA certificate from /Users/username/.docker/machine/certs/ca.pem
Reading server certificate from /Users/username/.docker/machine/machines/dockermachinename/server.pem
Reading server key from /Users/username/.docker/machine/machines/dockermachinename/server-key.pem
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "10.10.3.76:2376": dial tcp 10.10.3.76:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
I really need to solve this so all help is appreciated!
On Ubuntu you will need to do following steps:
1. Create user which don't require password
sudo visudo
at the end of file add following line (make sure to specify your username):
username ALL=(ALL:ALL) NOPASSWD: ALL
and then save and exit. And after that add your username to docker group like this (change username with your actual username):
usermod -aG docker username
2. Edit docker config to open 2375 and 2376 ports
sudo systemctl edit docker.service
add following snippet to that file:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376 -H tcp://0.0.0.0:2375
then save and exit. After that reload config and restart docker deamon with:
sudo systemctl daemon-reload
sudo systemctl restart docker.service
3. Create docker-machine
Remove existing machine which is failing with:
docker-machine rm machine1
and try to create it one more time like this:
docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1
please change ip, key, username and machine1 with you actual values.
If this produce error like this:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.0.26:2376": tls: oversized record received with length 20527
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
then SSH to your machine and cd into following directory:
cd /etc/systemd/system/docker.service.d/
list all files in it with:
ls -l
you will probably have something like this:
-rw-r--r-- 1 root root 274 Jul 2 17:47 10-machine.conf
-rw-r--r-- 1 root root 101 Jul 2 17:46 override.conf
you will need to delete all files except 10-machine.conf with sudo rm.
After that remove machine you created and create it again. It should now work. I hope this helps. Maybe you already steps 1 and 2 if so then skip them and just try to remove override.conf file or any file in that dir which is not 10-machine.conf.