[Dachs-support] [Support EPNTAP #69686] Re: Problems with DaCHS installation
Chloé Azria
chloe.azria at universite-paris-saclay.fr
Mon Apr 5 12:31:59 CEST 2021
Hello,
Thank you very much Markus and Pierre, (sorry for this late answer, i
was in holidays last week)
_I finally solve this problem_ after a lot of tries. This is how I did
it, i used some forums
(https://forum.ubuntu-fr.org/viewtopic.php?id=426491 ;
https://stackoverflow.com/questions/11874754/eliminating-non-working-postgresql-installations-on-ubuntu-10-04-and-starting-af),
I don't think every step is relevant :
First, I couldn't access to postgres bash, i had the same
"su:authentification error"
Then, I purged gavodachs2 but i still couldn't access to postgres bash,
so i added a password to it and have the postgres bash. But psql didnt
work, i had this error :
|psql psql: n'a pas pu se connecter au serveur : Aucun fichier ou
dossier de ce type Le serveur est-il actif localement et accepte-t-il
les connexions sur la socket Unix « /var/run/postgresql/.s.PGSQL.5432 » ? |
ps ax | grep postgres didn't gives me the lines showing that the server
was active.
So I start to totally purge and delete every postgres databases and
files and reinstall it properly postgres gavodachs installation.
sudo rm -r /etc/postgresql
sudo rm -r /var/lib/postgresql/
sudo pg_createcluster 11 main --start
Here, I had an error:
Error: The cluster is owned by group id 125 which does not exist
So i deleted it
sudo pg_dropcluster 11 main
sudo apt-get --purge remove postgresql\*
sudo rmdir /var/lib/postgresql/
sudo rm -r /var/lib/postgresql/
sudo userdel -r postgres
sudo groupdel postgres
sudo apt install postgresql
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install gavodachs2-server
sudo apt-get update
sudo apt-get upgrade
And now no more error is raised and DaCHS looks to work correctly.
Best Regards,
Azria Chloé
Le 26/03/2021 à 11:45, markus demleitner a écrit :
> Page web de ce ticket : <URL: https://support.obspm.fr/Ticket/Display.html?id=69686 >
> Demandeur de ce ticket : msdemlei at ari.uni-heidelberg.de
> En copie pour ce ticket : Anni.Maattanen at latmos.ipsl.fr, chloe.azria at universite-paris-saclay.fr, dachs-support at g-vo.org, ehouarn.millour at lmd.jussieu.fr
>
> Chloé,
>
> On Thu, Mar 25, 2021 at 04:10:40PM +0100, Chloé Azria wrote:
>> I am installing DaCHS on a new test server for LMD laboratory and I have
>> troubles with DaCHS installation.
>>
>> This new server is on Debian 4.19 with a user with effective sudo rights.
> 4.19 looks like a kernel version -- the Debian version is in
> /etc/debian_version, and I'd guess you'll see something like 10.8 in
> there, right?
>
>> Adding new user `dachsroot' (1001) with group `gavo' ...
>> The home directory `/home/dachsroot' already exists. Not copying from
>> `/etc/skel'.
> Ok -- this means you've tried to install DaCHS on that box before, so
> I'll count this as normal, but:
>
>> su: Authentication failure
> This totally stumps me.
>
> As you found out, this comes from the post-installation script of
> DaCHS, which contains:
>
> if ! su postgres -c "createdb --encoding=UTF-8 --template template0 gavo" ; then
> echo "Creation of gavo database failed; assuming it's already there"
> echo "and carrying on."
> fi
>
> ...and the message quite clearly indicates that the su to postgres
> fails. The script takes this as meaning that the database is already
> there, because it's actually hard to pick apart the various reasons
> why this can fail, but an existing DB is the most likely reason.
>
> Anyway: It seems that on your box root (which is what executes the
> postinst script) cannot become postgres, for which I have basically
> no plausible explanation.
>
> Could you try it interactively and report anything that the system
> says, perhaps also in /var/log/auth.log? The best way to try would
> be to log in as root and then run
>
> su postgres -c bash
>
> If that works, I'd next make sure that it actually *is* root that
> runs postinst; I *think* just adding a strategic
>
> echo "User active:" `who am i`
>
> in create_database in /var/lib/dpkg/info/gavodachs2-server.postinst
> and then running
>
> sudo apt install -f
>
> would do the trick (although that might become overwritten by the apt
> install, in which case I'd make a special debug package for you).
>
>> I have no idea how to solve this. I know it comes during the execution of
>> "postinst", the user postgres doesn't have su rights, I don't know why, I
>> tried to add it to sudoers manually, but it didn't work
> No, it's root that can't become postgres; just in case someone does
> break in through postgres (a remote likelihood), it's probably wise
> to remove any sudoers lines referring to postgres again.
>
> This must be something else -- perhaps some new policykit deviltry,
> or some apparmor-related or something like that. Hence, I'd be very
> interested to learn what did that, as this sounds like it might hit
> more people. If the test above doesn't tell us anything: Is there
> any specific "hardening" done on the box?
>
> Thanks,
>
> Markus
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.g-vo.org/pipermail/dachs-support/attachments/20210405/b60e2ac6/attachment.htm>
More information about the Dachs-support
mailing list