Comments (15)
[root@cygnus shells]# cat /etc/fedora-release
Fedora release 37 (Thirty Seven)
from borgwarehouse.
Hi Ravinou,
Can confirm that it works now, thks a lot !
By the way : git pull made :
- lost of -H 127.0.0.1 -p specific_port in package.json
- lost of changed admin password
Maybe it would be good to gitignore or place these credentials/configs somewhere else ?
Thks for your reactivity.
Regards,
lolo
from borgwarehouse.
Hi @lolomin !
If you have follow the documentation on debian and create a systemd service, you will find logs for application with :
journalctl -u borgwarehouse
But, from what I see you have a problem with a shell script, so the answer should be in /var/log/syslog
You can tail -f /var/log/syslog
when you create a repo, or try to grep error with something like cat /var/log/syslog | grep npm
.
Commonly, people forget to set the execution rights on the scripts. You can check this.
from borgwarehouse.
Hi Ravinou,
Thanks for your quick answer :)
Nothing there, already checked :
[root@cygnus ~]# journalctl -u borgwarehouse
-- No entries --
[root@cygnus ~]# grep -i borgwarehouse /var/log/messages
[root@cygnus ~]# grep -i npm /var/log/messages | grep -iv zigbee
[root@cygnus ~]#
The only logs that I have for npm are for my other service running npm with Zigbee2MQTT.
The shell scripts are already executable :
[root@cygnus shells]# pwd
/home/borgwarehouse/borgwarehouse/helpers/shells
[root@cygnus shells]# ll
total 28
drwxr-xr-x 2 borgwarehouse borgwarehouse 4096 Dec 18 22:58 .
drwxr-xr-x 4 borgwarehouse borgwarehouse 4096 Dec 18 22:58 ..
-rwx------ 1 borgwarehouse borgwarehouse 2960 Dec 18 22:58 createRepo.sh
-rwx------ 1 borgwarehouse borgwarehouse 802 Dec 18 22:58 deleteRepo.sh
-rwx------ 1 borgwarehouse borgwarehouse 544 Dec 18 22:58 getLastSave.sh
-rwx------ 1 borgwarehouse borgwarehouse 470 Dec 18 22:58 getStorageUsed.sh
-rwx------ 1 borgwarehouse borgwarehouse 1565 Dec 18 22:58 updateRepo.sh
The distrib is a Fedora 37, not a Debian or Ubuntu like
lolo
from borgwarehouse.
I never test the app on Fedora.
Please, stop the service borgwarehouse.
And launch the app manually please :
su borgwarehouse
cd /home/borgwarehouse/borgwarehouse
npm run start
You will have the direct log now in your terminal. Try to create a repo and you can give me the error.
Thanks
from borgwarehouse.
[borgwarehouse@cygnus borgwarehouse]$ npm run start
[email protected] start
next start -H 127.0.0.1 -p 7689
ready - started server on 127.0.0.1:7689, url: http://127.0.0.1:7689
info - Loaded env from /home/borgwarehouse/borgwarehouse/.env.local
Error: Command failed: /home/borgwarehouse/borgwarehouse/helpers/shells/createRepo.sh repo0 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkwpHLpLPShK6Z0qmG8Op8VZ6Zki04eB1b0vOWYQG5U borgwarehouse@cygnus" 50
at ChildProcess.exithandler (node:child_process:412:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:513:28)
at Pipe.<anonymous> (node:net:313:12) {
code: 3,
killed: false,
signal: null,
cmd: '/home/borgwarehouse/borgwarehouse/helpers/shells/createRepo.sh repo0 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkwpHLpLPShK6Z0qmG8Op8VZ6Zki04eB1b0vOWYQG5U borgwarehouse@cygnus" 50',
stdout: 'You must install borgbackup package.\n',
stderr: ''
}
[root@cygnus borgwarehouse]# rpm -qa | grep -i borgbackup
borgbackup-1.2.2-1.fc37.x86_64
[root@cygnus borgwarehouse]# which borg
/usr/bin/borg
[root@cygnus borgwarehouse]#
So the project is not deployable on a distrib other than Debian/Ubuntu ?
lolo
from borgwarehouse.
So the project is not deployable on a distrib other than Debian/Ubuntu ?
It's just not test with every distro, but I can adapt with contrib like yours ;)
Can you please replace createRepo.sh with :
#!/bin/bash
# Shell created by Raven for BorgWarehouse.
# This shell takes 3 arguments : [reponame] X [SSH pub key] X [quota]
# Main steps are :
# - check if args are present
# - check the ssh pub key format
# - check if borgbackup package is install
# - generate a random username, check if it exists in /etc/passwd
# - add the user (with random name), group, shell and home
# - create a pool which is the folder where all the repositories for a user are located (only one by user for borgwarehouse usage)
# - create the authorized_keys
# - add the SSH public key in the authorized_keys with borg restriction for repository and storage quota.
# This simple method prevents the user from connecting to the server with a shell in SSH.
# He can only use the borg command. Moreover, he will not be able to leave his repository or create a new one.
# It is similar to a jail and that is the goal.
# Exit when any command fails
set -e
# Check args
if [ "$1" == "" ] || [ "$2" == "" ] || [ "$3" == "" ];then
echo "This shell takes 3 argument : Reponame, SSH Public Key, Quota in Go [e.g. : 10] "
exit 1
fi
# Check if the SSH public key is a valid format
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|[email protected] AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
if [[ ! "$2" =~ $pattern ]]
then
echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
exit 2
fi
# Check if borgbackup is installed
if ! [ -x "$(command -v borg)" ]; then
echo "You must install borgbackup package."
exit 3
fi
# Generation of a random for username
randUsername () {
openssl rand -hex 4
}
user=$(randUsername)
# Check if the random is already a username.
while grep -q $user /etc/passwd
do
user=$(randUsername)
done
# Some variables
group="${user}"
home="/var/borgwarehouse/${user}"
pool="${home}/repos"
## add user and create homedirectory ${user} - [shell=/bin/bash home=${home} group=${group}]
sudo useradd -d ${home} -s "/bin/bash" -m ${user}
## Create directory ${home}/.ssh
sudo mkdir -p ${home}/.ssh
## Create autorized_keys file
sudo touch ${home}/.ssh/authorized_keys
## Create ${pool}
sudo mkdir -p ${pool}
## Create the repo
sudo mkdir -p "${pool}/$1"
## Check if authorized_keys exists
authorized_keys="${home}/.ssh/authorized_keys"
if [ ! -f "${authorized_keys}" ];then
echo "${authorized_keys} must be present"
exit 4
fi
## Change permissions
sudo chmod -R 700 ${home}
sudo chmod 600 ${authorized_keys}
sudo chown -R ${user}:${user} ${home}
## Add ssh public key in authorized_keys with borg restriction for only 1 repository (:$1) and storage quota
sudo -u ${user} bash -c "echo 'command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2' >> ${authorized_keys}"
## Return the unix user
echo ${user}
And let me know if it works.
from borgwarehouse.
Got another error now π
Error: Command failed: /home/borgwarehouse/borgwarehouse/helpers/shells/createRepo.sh repo0 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkwpHLpLPShK6Z0qmG8Op8VZ6Zki04eB1b0vOWYQG5U borgwarehouse@cygnus" 50
at ChildProcess.exithandler (node:child_process:412:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:513:28)
at Pipe.<anonymous> (node:net:313:12) {
code: 4,
killed: false,
signal: null,
cmd: '/home/borgwarehouse/borgwarehouse/helpers/shells/createRepo.sh repo0 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkwpHLpLPShK6Z0qmG8Op8VZ6Zki04eB1b0vOWYQG5U borgwarehouse@cygnus" 50',
stdout: '/var/borgwarehouse/78e0ccf7/.ssh/authorized_keys must be present\n',
stderr: ''
}
Some infos :
[root@cygnus shells]# ll /var/borgwarehouse/78e0ccf7/
total 44
drwx------ 5 78e0ccf7 78e0ccf7 4096 Dec 19 11:58 .
drwxr-xr-x 3 root root 4096 Dec 19 11:58 ..
-rw-r--r-- 1 78e0ccf7 78e0ccf7 18 Nov 18 15:24 .bash_logout
-rw-r--r-- 1 78e0ccf7 78e0ccf7 141 Nov 18 15:24 .bash_profile
-rw-r--r-- 1 78e0ccf7 78e0ccf7 492 Nov 18 15:24 .bashrc
-rw-r--r-- 1 78e0ccf7 78e0ccf7 172 Sep 19 12:42 .kshrc
drwxr-xr-x 4 78e0ccf7 78e0ccf7 4096 Jul 22 01:56 .mozilla
drwxr-xr-x 3 root root 4096 Dec 19 11:58 repos
drwxr-xr-x 2 root root 4096 Dec 19 11:58 .ssh
-rw-r--r-- 1 78e0ccf7 78e0ccf7 299 Jul 23 16:08 .zprofile
-rw-r--r-- 1 78e0ccf7 78e0ccf7 658 Jul 23 16:08 .zshrc
[root@cygnus shells]# ll /var/borgwarehouse/
total 12
drwxr-xr-x 3 root root 4096 Dec 19 11:58 .
drwxr-xr-x 34 root root 4096 Dec 18 22:57 ..
drwx------ 5 78e0ccf7 78e0ccf7 4096 Dec 19 11:58 78e0ccf7
[root@cygnus shells]# ll /var/borgwarehouse/78e0ccf7/repos/
total 12
drwxr-xr-x 3 root root 4096 Dec 19 11:58 .
drwx------ 5 78e0ccf7 78e0ccf7 4096 Dec 19 11:58 ..
drwxr-xr-x 2 root root 4096 Dec 19 11:58 repo0
[root@cygnus shells]# ll /var/borgwarehouse/78e0ccf7/repos/repo0/
total 8
drwxr-xr-x 2 root root 4096 Dec 19 11:58 .
drwxr-xr-x 3 root root 4096 Dec 19 11:58 ..
[root@cygnus shells]#
[root@cygnus shells]# ll /var/borgwarehouse/78e0ccf7/.ssh/
total 8
drwxr-xr-x 2 root root 4096 Dec 19 11:58 .
drwx------ 5 78e0ccf7 78e0ccf7 4096 Dec 19 11:58 ..
-rw-r--r-- 1 root root 0 Dec 19 11:58 authorized_keys
lolo
from borgwarehouse.
Strange, is the file /var/borgwarehouse/78e0ccf7/.ssh/authorized_keys
Β exist ?
from borgwarehouse.
Yes as you can see above
[root@cygnus shells]# ll /var/borgwarehouse/78e0ccf7/.ssh/authorized_keys
-rw-r--r-- 1 root root 0 Dec 19 11:58 /var/borgwarehouse/78e0ccf7/.ssh/authorized_keys
from borgwarehouse.
Did you launch the app with root ? I have the impression that the npm run start
was launched with root and not the borgwarehouse user?
from borgwarehouse.
No it was run as borgwarehouse user π
[borgwarehouse@cygnus borgwarehouse]$ npm run start
> [email protected] start
> next start -H 127.0.0.1 -p 7689
ready - started server on 127.0.0.1:7689, url: http://127.0.0.1:7689
info - Loaded env from /home/borgwarehouse/borgwarehouse/.env.local
from borgwarehouse.
I will test it on Fedora. What is your version of Fedora please ?
from borgwarehouse.
@lolomin
Please, can you pull the last commits :
git pull
Then, change the all content of /etc/sudoers.d/10-borgwarehouse with :
borgwarehouse ALL=(ALL) NOPASSWD: /usr/sbin/userdel -rf [[\:xdigit\:]]*
borgwarehouse ALL=(ALL) NOPASSWD: /usr/sbin/useradd -d /var/borgwarehouse/[[\:xdigit\:]]* -s /bin/bash -m --badname [[\:xdigit\:]]*
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/mkdir -p /var/borgwarehouse/[[\:xdigit\:]]*/repos/repo[[\:digit\:]]*, /usr/bin/mkdir -p /var/borgwarehouse/[[\:xdigit\:]]*/.ssh
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/touch /var/borgwarehouse/[[\:xdigit\:]]*/.ssh/authorized_keys
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/chmod -R 750 /var/borgwarehouse/[[\:xdigit\:]]*, /usr/bin/chmod 600 /var/borgwarehouse/[[\:xdigit\:]]*/.ssh/authorized_keys
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/chown -R [[\:xdigit\:]]*\:borgwarehouse /var/borgwarehouse/[[\:xdigit\:]]*
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/tee /var/borgwarehouse/[[\:xdigit\:]]*/.ssh/authorized_keys
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/sed -ri s|*|g /var/borgwarehouse/[[\:xdigit\:]]*/.ssh/authorized_keys
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/jc du -s *
The change in sudoers file is a security improvement of sudo limitations. And the two commits I did resolve problems for Fedora. I tested it on Fedora 37 π
from borgwarehouse.
Great, I close this issue for Fedora. I will improve the app with your feedback. Thanks
from borgwarehouse.
Related Issues (20)
- Can't connect to the web interface when using IPv4 in a dual-stack setup HOT 3
- Outdated version of Borg in container image HOT 2
- Connection closed by remote host HOT 3
- Failed to start custom docker image - exec: "./docker-bw-init.sh": permission denied: unknown HOT 8
- [Enhancement]: Add support to use the same key on multiple repos HOT 1
- Typo in docs HOT 1
- Possible to access the same Borg Repo from multiple machines? HOT 2
- Issue with Docker Deploy HOT 3
- Manual import old repository: Storage used not updated - or what can be expected? HOT 2
- Append only option HOT 3
- Unit tests HOT 1
- Spaces in passwords? HOT 3
- Server side prune HOT 2
- Typo in systemd service description? HOT 1
- [Debian] Repository path incorrect HOT 4
- [Baremetal Debian] Down status despite successful backup with symbolic link for repo HOT 10
- Repo API with Token key HOT 1
- OIDC / OAuth Support HOT 1
- Repo location doesn't seem to read from .env.local? HOT 2
- Hetzner StorageBox compatibility HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from borgwarehouse.