Can't authorize_account as user, must be root

[ncoleman]

First time install, first as Debian Stretch apt install, then, when that did not authorize, I removed it and installed by pip install on the basis that the newest version should be the best (the versions were in fact the same).

Problem

b2 can authorize_account successfully only if run as root. When run as a normal user, it fails. This means nothing can be done as a user, since authorize_account is needed before doing anything else.

Example (note when using sudo it works):

➜  ~ b2 authorize_account <account key goes here>  <application key goes here>
Using https://api.backblazeb2.com
ERROR: unable to authorize account: Invalid authorization token. Server said: Invalid authorization token (bad_auth_token)

➜  ~ sudo b2 authorize_account <account key goes here>  <application key goes here>
[sudo] password for nick:
Using https://api.backblazeb2.com

➜  ~ b2 list-buckets
ERROR: Invalid authorization token. Server said: Invalid authorization token (bad_auth_token)

➜  ~ sudo b2 list-buckets
289b50ffbe4edb4f6f160b16  allPrivate  Backups-dell-laptop
e87b60efbeaedb9f6f160b16  allPrivate  Backups-dell-laptop-home
28cbb0bfbebedb9f6f160b16  allPrivate  Backups-dell-laptop-system

It is not a key problem. The third-party backup application restic works successfully with the keys.

I want to automate the process in a script, so sudo isn't really a solution.

[ppolewicz]

It seems that you authorized successfully on the root account, but did not on your user account.

Are you 100% sure the auth data was the same in both cases?

Perhaps you have a WAF, transparent proxy server or environment variables set, that affect http queries done from your user account?

[nilayp]

Does the regular user have access to write to a home directory? The B2 command line tool persists it's credentials in a file called ~/.b2_account_info.

[ncoleman]

Same result in a new shell with fresh, standard environment variables.

The actual error is:

➜  ~ b2 authorize_account <ACCOUNT_ID>  <APPLICATION_KEY>
Using https://api.backblazeb2.com
ERROR: unable to authorize account: Invalid authorization token. Server said: Invalid authorization token (bad_auth_token)

So, if the error message is correct, it is the auth token that b2 is generating that is invalid.

Two things:

• the .b2_account_info database wasn't being filled in with values (sqlite3 dump showed this) when I generated it nor when authorize_account failed (obviously), so I originally ran sudo b2 which did generate values and populated the db, then I copied root's .b2_account_info over to the user and changed it's ownership to the user. Does b2 use user credentials as well as ACCOUNT_ID and APP KEY to salt the account_auth_token? That might be why it doesn't work for the user, only for root.

• The bucket itself contains some files owned by root. Could that affect the auth failure?

I had sort of assumed this was common and I did something wrong. If this is non-trivial, I think I'll delete the bucket and purge the install, then start again with a fresh blank setup. It's only bandwidth, the files themselves were uploaded while testing out B2 and are only backups.

[bwbeach]

Have you tried removing ~/.b2_account_info and then re-authorizing? It could be that sqlite is being weird about using a database owned by root.

You could also try adding the --verbose option to get debugging information. That might tell us what's happening. This is what it looks like when I run it:

$ b2 authorize_account --verbose $ACCOUNT_ID $APP_KEY
INFO:b2.console_tool:// ========================================  1.1.0   ======================================== \\
DEBUG:b2.console_tool:platform is Darwin-16.7.0-x86_64-i386-64bit
DEBUG:b2.console_tool:Python version is CPython 3.5.4 (default, Sep 22 2017, 08:33:07)  [GCC 4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.42)]
DEBUG:b2.console_tool:locale is ('en_US', 'UTF-8')
DEBUG:b2.console_tool:filesystem encoding is utf-8
INFO:b2.console_tool:starting command [b2.console_tool.AuthorizeAccount] (arguments hidden)
Using https://api.backblazeb2.com
DEBUG:b2.api:calling B2Api.authorize_account(self=<b2.api.B2Api object at 0x1038c87b8>, realm='production') (hidden args: account_id, application_key)
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.backblazeb2.com
DEBUG:urllib3.connectionpool:https://api.backblazeb2.com:443 "POST /b2api/v1/b2_authorize_account HTTP/1.1" 200 354
DEBUG:b2.account_info.sqlite_account_info:calling SqliteAccountInfo.set_auth_data(self=<b2.account_info.sqlite_account_info.SqliteAccountInfo object at 0x102aa14e0>, api_url='https://api000.backblazeb2.com', download_url='https://f000.backblazeb2.com', minimum_part_size=100000000, realm='production') (hidden args: account_id, account_auth_token, application_key)
INFO:b2.console_tool:\\ ========================================  exit=0  ======================================== //

[bwbeach]

Closing. Please re-open if fixing the permissions on ~/.b2_account_info does not solve the problem.

[ncoleman]

I was never able to solve this. My backup program (restic) has its own backend to B2 which makes the situation manageable, if not ideal. Occasionally I would like to have the ability to access through a shell, but no luck I'm afraid.

…

On Wed, 2018-12-12 at 01:13 -0800, John Robson wrote: I'm with the same error: ERROR: unable to authorize account: Invalid authorization token. Server said: (bad_auth_token) I deleted "~/.b2_account_info", I used "sudo" and didn't work. I'm using Linux: and backblaze-b2 1.3.6-1 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/Backblaze /B2_Command_Line_Tool","title":"Backblaze/B2_Command_Line_Tool","subt itle":"GitHub repository","main_image_url":"https://assets-cdn.github .com/images/email/message_cards/header.png","avatar_image_url":"https ://assets- cdn.github.com/images/email/message_cards/avatar.png","action":{"name ":"Open in GitHub","url":"https://github.com/Backblaze/B2_Command_Lin ***@***.*** son in #415: I'm with the same error: ERROR: unable to authorize account: Invalid authorization token. Server said: (bad_auth_token)\r\n\r\nI deleted \"~/.b2_account_info\", I used \"sudo\" and didn't work.\r\n\r\nI'm using Linux: and backblaze- b2 1.3.6-1"}],"action":{"name":"View Issue","url":"https://github.com /Backblaze/B2_Command_Line_Tool/issues/415#issuecomment-446515817"}}} [ { ***@***.***": "http://schema.org", ***@***.***": "EmailMessage", "potentialAction": { ***@***.***": "ViewAction", "target": "#4 15#issuecomment-446515817", "url": "#415# issuecomment-446515817", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { ***@***.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

[JohnRobson]

authorize_account is working.

$ b2 authorize_account xxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

if you read your files with sudo, you need to authorize with sudo too.