Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit log plugin cannot be enabled when using xo-server as a non-root user #4854

Closed
emersonkfuri opened this issue Mar 6, 2020 · 4 comments · Fixed by #4897
Closed

Audit log plugin cannot be enabled when using xo-server as a non-root user #4854

emersonkfuri opened this issue Mar 6, 2020 · 4 comments · Fixed by #4897
Assignees
@badrAZ
Labels
comp: server/plugin 🔌 severity 1: low type: bug 🐛

Comments

@emersonkfuri
Copy link
Contributor

  • XO origin: the sources
  • Versions:
    • Node: nodejs-10.16.3-2.module_el8.0.0+186+542b25fc.x86_64
    • xo-web: 5.57.1
    • xo-server: 5.57.3

Expected behavior

Audit log plugin cannot be enabled when using xo-server as a non-root user ...

Current behavior

Log shows: "EACCES: permission denied, scandir '/root/.config/xo-server-audit'"
@badrAZ
Copy link
Contributor

badrAZ commented Mar 6, 2020

Hi,

Did you configured a specific user for running xo-server? Thank you.

xen-orchestra/packages/xo-server/sample.config.toml

Lines 29 to 43 in 6adfa61

# User to run XO-Server as.
#
# Note: The user can be specified using either its name or its numeric
# identifier.
#
# Default: undefined
#user = 'nobody'
# Group to run XO-Server as.
#
# Note: The group can be specified using either its name or its numeric
# identifier.
#
# Default: undefined
# group = 'nogroup'

@badrAZ
Copy link
Contributor

badrAZ commented Mar 6, 2020
edited
Loading

After investigation,

This issue can be triggered when xo-server is ran with the root privileges then change the process user after start.

@emersonkfuri
Copy link
Contributor Author

Hi,

Did you configured a specific user for running xo-server? Thank you.

xen-orchestra/packages/xo-server/sample.config.toml

Lines 29 to 43 in 6adfa61

# User to run XO-Server as.
#
# Note: The user can be specified using either its name or its numeric
# identifier.
#
# Default: undefined
#user = 'nobody'
# Group to run XO-Server as.
#
# Note: The group can be specified using either its name or its numeric
# identifier.
#
# Default: undefined
# group = 'nogroup'

Hello badrAZ! Yes, I ran xo-server with a specific user and group.

@badrAZ badrAZ mentioned this issue Mar 9, 2020
Closed
@badrAZ
Copy link
Contributor

badrAZ commented Mar 9, 2020
edited by julien-f
Loading

Hi,

Thank you for your response, It's due to an issue in a tool used in the audit log plugin. I've created an issue in the dedicated repository.

badrAZ added a commit that referenced this issue Mar 30, 2020
@badrAZ
[WiP] feat(audit): ability to customize the default blockedList
5ba8d11 
Fixes #4854
See #4844
@badrAZ badrAZ mentioned this issue Mar 30, 2020
Merged
8 tasks
badrAZ added a commit that referenced this issue Apr 1, 2020
@badrAZ
[WiP] feat(audit): ability to customize the default blockedList
86a2e0f 
Fixes #4854
See #4844
julien-f pushed a commit that referenced this issue Apr 6, 2020
@badrAZ
feat(audit,xo-server): blockedList can be configure via xo-server (#4897
9a72c40 
)

Fixes #4854
See #4844
phil-flex pushed a commit to phil-flex/xen-orchestra that referenced this issue Apr 16, 2020
@badrAZ @phil-flex
feat(audit,xo-server): blockedList can be configure via xo-server (va…
e9f4eea 
…tesfr#4897)

Fixes vatesfr#4854
See vatesfr#4844
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@badrAZ badrAZ

Labels
comp: server/plugin 🔌 severity 1: low type: bug 🐛
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(audit): ability to customize the default blockedList vatesfr/xen-orchestra
3 participants
@julien-f @emersonkfuri @badrAZ