Replies: 2 comments
-
Hello, I think it will be difficult to avoid superuser permission because it's the kernel of Ajenti to handle softwares which require root access. But it's possible to handle the user permissions via the Users plugin. Making the Since it's not an issue, I'm converting it as a discussion ;) Regards Arnaud |
Beta Was this translation helpful? Give feedback.
-
hi, my apologies for my late response. but that python is really more moduler vs c/c++ based implementations. it is easier to design python modules as plugins. a difficulty with d-bus is to make sure that everything is authenticated and secure, and that alone increase the difficulty significantly e.g. even with PKS authentication, all the modules and Ajenti will need to be paired as such. |
Beta Was this translation helpful? Give feedback.
-
I wanted to run ajenti as a user in /home/ajenti.
The motivations are:
I downloaded the script as given in the install guide
https://docs.ajenti.org/en/latest/man/install.html#automatic-installation-in-virtual-environment
running in Ubuntu 22.04.4
created user ajenti
however, I'm intending to install ajenti to /home/agenti and to run it on its own user id in its own venv setup in a subdir within /home/ajenti
I found myself doing a few things, remove 'script must be run as root' codes.
I'm mainly interested in the pip3 install parts.
but that the script does some other useful stuff, such as to create a systemd unit service file.
I'd think that file can be created as an example rather than set straight in /etc/systemd/system
e.g. I edited like such, note I did not use forking
in addition, the script or I'm not sure if it is ajenty itself created the config files in /etc/ajenti
those config files can be created as examples without root access and with instructions to create and move them to /etc/ajenti
I'm thinking perhaps this can be done as a different install script rather than patching into the existing for venv.
or perhaps that they can simply be documented as part of the install instructions
Ajenti insist on a pid file, which isn't strictly necessary with systemd.
I ended up editing in my site packages aj/entry.py
and later run without the
-d
optionwhile starting up
I actually ended up changing the user and groups for /var/log/ajenti and /etc/ajenti so that the user ajenti can read and edit those. I ran into some permission errors
I found it coded in aj/log.py
I'm thinking that perhaps this can goto
/etc/ajenti/config.yml
as a config option.and to fix one of the permission errors starting as a user, i ended doing this fix
this is reasonably a bug, the execute permission is needed to operate in the log dir, hence the permissions 0o750
I had errors using
provider: users; users_file: /etc/ajenti/users.yml;
and /etc/ajenti/users.yml.it turns out this is needed
after that, I managed to get the 'user' authorization provider working.
Initially I couldn't figure out how to generate the password.
it turns out this is it:
ajenti/plugins/auth_users/api.py
Line 30 in 77be350
I manually updated /etc/ajenti/users.yml and used the codes to generate a password so that I can log in.
That could perhaps be made into a command line utility, perhaps for the user to generate a user in
/etc/ajenti/users.yml
I'm still struggling with other stuff, but that I managed to start Ajenti and login to the web.
I'm getting 'superuser access' needed for practically every other menu option, including 'Settings'. I'm not sure how to go about fix that.
I did a hack, I made
simply return True
but that didn't made the 'superuser access needed' go away
in fact, I even tried elevate and got root and that isn't enough to make 'superuser access needed' go away lol
Beta Was this translation helpful? Give feedback.
All reactions