The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

«‹›1040 »

ExcessBLarg!: Sep 1, 2001

Rocko Bonaparte posted:

How quickly do those Chromebooks boot a contemporary BIOS and OS?

Chromebooks boot into Chrome OS in a few seconds, very fast.

I couldn't tell you how long they take to boot UEFI and a stock distro, but I don't think they're appreciably faster than a comparable Intel NUC with an eMMC instead of NVMe. So 30 seconds?

# ? Jul 28, 2022 14:43

Adbot: ADBOT LOVES YOU

# ? Jun 8, 2024 15:39

ExcessBLarg!: Sep 1, 2001

A couple more things regarding Chrome hardware: I don't know that they make sense if you want to avoid running Chrome OS--buying Chrome hardware, practically speaking, means buying into Google's ecosystem on some level. But I do appreciate that a Linux container installation is one-click away, and it's well integrated enough that it might as well be native, albeit�with providing good security/recoverability isolation. The idea that you can purchase a $200 Chromebook for an interested kid and they can go off and learn how to code Python or Ruby or whatever with little effort is a big benefit. Sure you can do that on a Mac, but those are expensive, and I guess you could do the same with Windows and WSL (or Cygwin) but I don't think you can do that on a comparably-priced "Windows S" machine. Or maybe you can--I don't follow that.

I was also really attracted to Chrome hardware because I felt that they really thought about how to do secure/attested devices the right way. There's multiple layers of security in place to minimize unknowing compromise and ensure easy recovery should something happen. But at the same time they made openness a requirement, which is why they allow progressively-greater access to the raw hardware for someone with enough inclination, time, (and physical access) to open the machine up. It would've been easier for them to lock the machine down hard and say "forget it".

# ? Jul 28, 2022 14:55

other people: Jun 27, 2004; Associate Christ

I bought a new chromebook and it errors out when enabling the linux vm/container without any useful message. Pretty drat annoying.

Overall it is like using some gnome-like thing where there are even less configuration options. And I complain about that as someone who enjoys gnome3.

# ? Jul 28, 2022 15:50

Eletriarnation: Apr 6, 2005; People don't appreciate the substance of things...
objects in space.; Oven Wrangler

Rocko Bonaparte posted:

How quickly do those Chromebooks boot a contemporary BIOS and OS?

For the Dell Chromebook 11-3120 that I mentioned earlier booting XFCE EndeavourOS off its built in eMMC, this is what I see:

Power button pressed to bootloader menu: 7 seconds
Bootloader menu to login screen: 13 seconds
Hitting enter at the login screen to a fully loaded desktop: 10 seconds

# ? Jul 28, 2022 18:05

ihafarm: Aug 12, 2004

buglord posted:

scroll speed

In my experience this has always been a problem on linux, until the last time I tried Fedora. Fedora Workstation seems to have solved the issue system-wide. I've no idea how :shrug:

# ? Jul 29, 2022 00:42

waffle iron: Jan 16, 2004

ihafarm posted:

Powerwash?

Yeah, Powerwash is my recommendation. Or if that doesn't work Recovery mode reinstall Chrome OS. Those two things have solve most every problem I've had that wasn't a known issue that started with an OS update.

# ? Jul 29, 2022 00:58

CaptainSarcastic: Jul 6, 2013

Comatoast posted:

In my experience this has always been a problem on linux, until the last time I tried Fedora. Fedora Workstation seems to have solved the issue system-wide. I've no idea how

Really? I don't remember it being a thing for a long time, but I've been pretty much 100% OpenSUSE and KDE for several years now.

Fake edit: Oh my god, it's been around a decade. :corsair:

# ? Jul 29, 2022 06:42

RFC2324: Jun 7, 2012; http 418

CaptainSarcastic posted:

Really? I don't remember it being a thing for a long time, but I've been pretty much 100% OpenSUSE and KDE for several years now.

Fake edit: Oh my god, it's been around a decade.

I miss opensuse sometimes. Such a good platform, mostly.

Shame about the ancient docker tooling tho

# ? Jul 29, 2022 17:04

Mr. Crow: May 22, 2008; Snap City mayor for life

RFC2324 posted:

I miss opensuse sometimes. Such a good platform, mostly.

Shame about the ancient docker tooling tho

Why wouldn't you pull direct from docker if your gonna use that? Or Podman?

# ? Jul 29, 2022 18:03

RFC2324: Jun 7, 2012; http 418

Mr. Crow posted:

Why wouldn't you pull direct from docker if your gonna use that? Or Podman?

Couldn't find a recent version packaged for opensuse that wasn't some rando on the suse version of ppas

# ? Jul 29, 2022 18:49

Hikaki: Oct 11, 2005; Motherfucking Fujitsu Heavy Industries

Does anyone know much about how abrt works? I'm on Centos 7 and I've been chasing the cause behind a couple machine check exceptions that keep popping up during every startup. I think what's happening is that abrt keeps showing me these old problems because the timestamps on the problem directories are always the same. I'm now pretty sure that the original exceptions were caused by me trying to undervolt too much, which I am not anymore. So I go to delete the problems with "abrt-cli rm <dir>" but then the exact same directories come back after a reboot and abrt continues to show them to me. Any idea what's going on? I guess it doesn't really matter because the computer works fine but it would be nice if I could satisfy my OCD by having it stop telling me it encountered a problem several months ago.

Edit: Well I figured it out. The errors I got were dumped into /var/crash and abrt parses that directory so that's why they kept coming back. I just needed to delete those too and all is good.

Hikaki fucked around with this message at 09:45 on Aug 1, 2022

# ? Jul 31, 2022 09:11

NihilCredo: Jun 6, 2011; iram omni possibili modo preme:
plus una illa te diffamabit, quam multæ virtutes commendabunt

Another BTRFS question. Is it possible to achieve the following configuration?

- Two physical drives of different capacity, let's say the small one is 2TB and the big one is 3TB

- Two data folders: /important and /unimportant (could also be /data and /data/important if it makes things easier)

- The data under /important is replicated in RAID1 on both drives

- The data under /unimportant is not replicated (single mode)

- Both drives live in a single JBOD-esque filesystem, and I don't have to manually choose how to split the total (A+B) capacity

- End goal: I'm free to write either Important or Unimportant data without periodically janitoring the partitions. The Important data will be duplicated, so I can potentially write up to 2TB of Important data, in which case I would have 1TB left for Unimportant data on the big drive.

Realistically, the ratio between Important and Unimportant data is gonna be between 1:10 and 1:100, so I won't have a lot of balancing problems. I just want to avoid having to guess partition sizes if possible.

# ? Aug 2, 2022 16:22

VictualSquid: Feb 29, 2012; Gently enveloping the target with indiscriminate love.

When I checked for a similar function it was planned and an experimental buggy mess. It might stop be in that state of even having been abandoned. Or maybe it works now, but certainly was less of a priority then raid5.
It would work by setting a file or directory to single mode, similar to the function for compression.

# ? Aug 2, 2022 16:44

Klyith: Aug 3, 2007; GBS Pledge Week

NihilCredo posted:

Another BTRFS question. Is it possible to achieve the following configuration?

- End goal: I'm free to write either Important or Unimportant data without periodically janitoring the partitions. The Important data will be duplicated, so I can potentially write up to 2TB of Important data, in which case I would have 1TB left for Unimportant data on the big drive.

No: you within a single btrfs volume you can have subvolumes, but you can't have different mirror/stripe options per subvolume. (Yet, it's a wishlist feature, but who knows when it will happen.)

A btrfs raid1 drive pool can use 3 or more unequal size drives to get the maximum capacity that is possible (ie 2TB+3TB=6TB = 10TB capacity), but that's still mirroring on everything.

btrfs isn't a terrible choice for your setup because it's relatively fast to resize volumes, much more than ZFS. But you're still gonna be doing everything manually when you want to change the balance of Important and Unimportant.

# ? Aug 2, 2022 18:27

BlankSystemDaemon: Mar 13, 2009

Wait, btrfs doesn't have an equivalent of ditto blocks?

On zfs, you set copies=2|3 which tells zfs to write the same block multiple times on the vdev that the dataset is on*.
I believe this function is essentially reusing the exact same code for metadata, which also gets written multiple times to disks.

*: It's not an even distribution, hence it's not a replacement for the actual mirroring or striped data with distributed parity - the primary use-case is if you've got a machine which can't fit multiple drives and you want some protection against UREs without having to resort to backups.

# ? Aug 2, 2022 23:36

jaegerx: Sep 10, 2012; Maybe this post will get me on your ignore list!

BlankSystemDaemon posted:

Wait, btrfs doesn't have an equivalent of ditto blocks?

On zfs, you set copies=2|3 which tells zfs to write the same block multiple times on the vdev that the dataset is on*.
I believe this function is essentially reusing the exact same code for metadata, which also gets written multiple times to disks.

*: It's not an even distribution, hence it's not a replacement for the actual mirroring or striped data with distributed parity - the primary use-case is if you've got a machine which can't fit multiple drives and you want some protection against UREs without having to resort to backups.

Your red txt is perfect.

# ? Aug 3, 2022 00:18

Dead Goon: Dec 13, 2002; No Obvious Flaws

I would like to automate the downloading of Linux isos on my EndeavourOS install (Arch derivative), something that was trivially simple on Windows, using Sabnzbd and Radarr.

I have done my best at googling, and it seems the simplest way for me to do this is to run the radarr.service as my own user, by editing it and adding changing the user and group in the override section.

I have <indicated> where I figure I need to make changes.

code:

### Editing /etc/systemd/system/radarr.service.d/override.conf
&#9096;### Anything between here and the comment below will become the new contents of the file

<I figure this is where I need to add my changes>

### Lines below this comment will be discarded

### /usr/lib/systemd/system/radarr.service
# [Unit]
# Description=Radarr Service
# Wants=network-online.target
# After=network-online.target
#
# [Service]
# User=radarr
# Group=radarr
# SyslogIdentifier=radarr
# ExecStart=/usr/lib/radarr/bin/Radarr -nobrowser -data=/var/lib/radarr
# Type=simple
#
# [Install]
# WantedBy=multi-user.target

If I just add

code:

[Service]
User=jt4527
Group=jt4527

The whole service no longer works, and I can't launch anything.

I'm hours away from going back to Windows to avoid all these permissions headaches.

I just want to download Linuxeses.

# ? Aug 3, 2022 08:34

Tesseraction: Apr 5, 2009

Who's the owner of the download folder? Does it have permission for you to write? Does it work if you leave the group as radarr?

# ? Aug 3, 2022 09:54

Dead Goon: Dec 13, 2002; No Obvious Flaws

The folder is owned by my user.

If I leave the group as radarr I cannot access the folder.

I've read so much on folder permissions and users and groups, my brain has gone blurry.

# ? Aug 3, 2022 10:32

Tesseraction: Apr 5, 2009

What does systemctl status radarr.service and journalctl -xe say on the matter after you attempt to start the service? As root or via sudo ofc.

# ? Aug 3, 2022 10:39

Dead Goon: Dec 13, 2002; No Obvious Flaws

Systemctl after I try changing the user and groups:

code:

&#9679; radarr.service - Radarr Service
     Loaded: loaded (/usr/lib/systemd/system/radarr.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/radarr.service.d
             &#9492;&#9472;override.conf
     Active: active (running) since Wed 2022-08-03 11:11:58 BST; 10s ago
   Main PID: 28877 (Radarr)
      Tasks: 15 (limit: 19112)
     Memory: 59.0M
        CPU: 1.262s
     CGroup: /system.slice/radarr.service
             &#9492;&#9472;28877 /usr/lib/radarr/bin/Radarr -nobrowser -data=/var/lib/radarr

Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Radarr.Host.Bootstrap.Start(String[] args, Action`1 trayCallback) in D:\a\1\s\src\NzbDrone.Host\Bootstrap.cs:line 78
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at NzbDrone.Console.ConsoleApp.Main(String[] args) in D:\a\1\s\src\NzbDrone.Console\ConsoleApp.cs:line 45
Aug 03 11:12:00 james-b450mds3h radarr[28877]: Press enter to exit...
Aug 03 11:12:01 james-b450mds3h radarr[28877]: Non-recoverable failure, waiting for user intervention...

and journalctl -xe

code:

Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at NzbDrone.Common.EnvironmentInfo.AppFolderFactory.Register() in D:\a\1\s\src\NzbDrone.Common\EnvironmentInfo\AppFolderFactory.cs:line 55
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at NzbDrone.Host.Startup.Configure(IApplicationBuilder app, IStartupContext startupContext, Lazy`1 mainDatabaseFactory, Lazy`1 logDatabaseFactory, DatabaseTarget dbTarge>
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at System.RuntimeMethodHandle.InvokeMethod(Object target, Span`1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.AspNetCore.Hosting.ConfigureBuilder.Invoke(Object instance, IApplicationBuilder builder)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.AspNetCore.Hosting.ConfigureBuilder.<>c__DisplayClass4_0.<Build>b__0(IApplicationBuilder builder)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.<>c__DisplayClass15_0.<UseStartup>b__1(IApplicationBuilder app)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at Radarr.Host.Bootstrap.Start(String[] args, Action`1 trayCallback) in D:\a\1\s\src\NzbDrone.Host\Bootstrap.cs:line 78
Aug 03 11:12:00 james-b450mds3h radarr[28877]:    at NzbDrone.Console.ConsoleApp.Main(String[] args) in D:\a\1\s\src\NzbDrone.Console\ConsoleApp.cs:line 45
Aug 03 11:12:00 james-b450mds3h radarr[28877]: Press enter to exit...
Aug 03 11:12:01 james-b450mds3h radarr[28877]: Non-recoverable failure, waiting for user intervention...
Aug 03 11:12:09 james-b450mds3h dbus-daemon[377]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.371' (uid=0 pid=28900 comm="sudo systemc>
Aug 03 11:12:09 james-b450mds3h kernel: audit: type=1101 audit(1659521529.914:384): pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="jt4527" exe="/usr/bin/sudo" hostn>
Aug 03 11:12:09 james-b450mds3h kernel: audit: type=1110 audit(1659521529.914:385): pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/>
Aug 03 11:12:09 james-b450mds3h audit[28900]: USER_ACCT pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="jt4527" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/p>
Aug 03 11:12:09 james-b450mds3h audit[28900]: CRED_REFR pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? term>
Aug 03 11:12:09 james-b450mds3h dbus-daemon[377]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found.
Aug 03 11:12:09 james-b450mds3h sudo[28900]: pam_systemd_home(sudo:account): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
Aug 03 11:12:09 james-b450mds3h sudo[28900]:   jt4527 : TTY=pts/0 ; PWD=/home/jt4527 ; USER=root ; COMMAND=/usr/bin/systemctl status radarr.service
Aug 03 11:12:09 james-b450mds3h sudo[28900]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
Aug 03 11:12:09 james-b450mds3h audit[28900]: USER_START pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? ad>
Aug 03 11:12:09 james-b450mds3h kernel: audit: type=1105 audit(1659521529.920:386): pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe="/>
Aug 03 11:14:21 james-b450mds3h mullvad-daemon[836]: [mullvad_relay_selector::updater][DEBUG] Relay list is up-to-date
Aug 03 11:14:43 james-b450mds3h sudo[28900]: pam_unix(sudo:session): session closed for user root
Aug 03 11:14:43 james-b450mds3h audit[28900]: USER_END pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:session_close grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? add>
Aug 03 11:14:43 james-b450mds3h audit[28900]: CRED_DISP pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? term>
Aug 03 11:14:43 james-b450mds3h kernel: audit: type=1106 audit(1659521683.556:387): pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:session_close grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe=">
Aug 03 11:14:43 james-b450mds3h kernel: audit: type=1104 audit(1659521683.556:388): pid=28900 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/>
Aug 03 11:14:47 james-b450mds3h dbus-daemon[377]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.373' (uid=0 pid=29008 comm="sudo journal>
Aug 03 11:14:47 james-b450mds3h kernel: audit: type=1101 audit(1659521687.822:389): pid=29008 uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="jt4527" exe="/usr/bin/sudo" hostn>
Aug 03 11:14:47 james-b450mds3h kernel: audit: type=1110 audit(1659521687.826:390): pid=29008 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/>
Aug 03 11:14:47 james-b450mds3h audit[29008]: USER_ACCT pid=29008 uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="jt4527" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/p>
Aug 03 11:14:47 james-b450mds3h kernel: audit: type=1105 audit(1659521687.829:391): pid=29008 uid=1000 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe="/>
Aug 03 11:14:47 james-b450mds3h audit[29008]: CRED_REFR pid=29008 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? term>
Aug 03 11:14:47 james-b450mds3h audit[29008]: USER_START pid=29008 uid=1000 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? ad>
Aug 03 11:14:47 james-b450mds3h dbus-daemon[377]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found.

# ? Aug 3, 2022 11:16

Tesseraction: Apr 5, 2009

yeah, we'll need to go up in the journalctl output, the "at NzbDrone.Common.EnvironmentInfo.AppFolderFactory.Register() in D:\a\1\s\src\NzbDrone.Common\EnvironmentInfo\AppFolderFactory.cs:line 55" line at the top is clearly cut-off output of the error. Go up until you you see something like "Unit radarr.service has begun starting up"

# ? Aug 3, 2022 11:29

Dead Goon: Dec 13, 2002; No Obvious Flaws

code:

Subject: A start job for unit radarr.service has finished successfully
&#9617;&#9617; Defined-By: systemd
&#9617;&#9617; Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
&#9617;&#9617; 
&#9617;&#9617; A start job for unit radarr.service has finished successfully.
&#9617;&#9617; 
&#9617;&#9617; The job identifier is 3013.
Aug 03 11:36:49 james-b450mds3h kernel: audit: type=1130 audit(1659523009.764:426): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=radarr comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Aug 03 11:36:49 james-b450mds3h audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=radarr comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Aug 03 11:36:49 james-b450mds3h polkitd[378]: Unregistered Authentication Agent for unix-process:30350:1215889 (system bus name :1.455, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8) (disconnected from bu>
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Info] Bootstrap: Starting Radarr - /usr/lib/radarr/bin/Radarr - Version 4.1.0.6175
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Debug] Bootstrap: Console selected
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Info] AppFolderInfo: Data directory is being overridden to [/var/lib/radarr]
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Debug] Microsoft.Extensions.Hosting.Internal.Host: Hosting starting
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Info] AppFolderInfo: Data directory is being overridden to [/var/lib/radarr]
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Trace] DiskProviderBase: Directory '/var/lib/radarr' isn't writable. Access to the path '/var/lib/radarr/radarr_write_test.txt' is denied.
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Fatal] Microsoft.AspNetCore.Hosting.Diagnostics: Application startup exception
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [v4.1.0.6175] NzbDrone.Common.Exceptions.RadarrStartupException: Radarr failed to start: AppFolder /var/lib/radarr is not writable
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at NzbDrone.Common.EnvironmentInfo.AppFolderFactory.Register() in D:\a\1\s\src\NzbDrone.Common\EnvironmentInfo\AppFolderFactory.cs:line 55
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at NzbDrone.Host.Startup.Configure(IApplicationBuilder app, IStartupContext startupContext, Lazy`1 mainDatabaseFactory, Lazy`1 logDatabaseFactory, DatabaseTarget dbTarget, ISingleInstanceP>
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at System.RuntimeMethodHandle.InvokeMethod(Object target, Span`1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.ConfigureBuilder.Invoke(Object instance, IApplicationBuilder builder)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.ConfigureBuilder.<>c__DisplayClass4_0.<Build>b__0(IApplicationBuilder builder)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.<>c__DisplayClass15_0.<UseStartup>b__1(IApplicationBuilder app)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [Fatal] ConsoleApp: EPIC FAIL!
Aug 03 11:36:50 james-b450mds3h radarr[30362]: [v4.1.0.6175] NzbDrone.Common.Exceptions.RadarrStartupException: Radarr failed to start: AppFolder /var/lib/radarr is not writable
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at NzbDrone.Common.EnvironmentInfo.AppFolderFactory.Register() in D:\a\1\s\src\NzbDrone.Common\EnvironmentInfo\AppFolderFactory.cs:line 55
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at NzbDrone.Host.Startup.Configure(IApplicationBuilder app, IStartupContext startupContext, Lazy`1 mainDatabaseFactory, Lazy`1 logDatabaseFactory, DatabaseTarget dbTarget, ISingleInstanceP>
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at System.RuntimeMethodHandle.InvokeMethod(Object target, Span`1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.ConfigureBuilder.Invoke(Object instance, IApplicationBuilder builder)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.ConfigureBuilder.<>c__DisplayClass4_0.<Build>b__0(IApplicationBuilder builder)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.<>c__DisplayClass15_0.<UseStartup>b__1(IApplicationBuilder app)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at Radarr.Host.Bootstrap.Start(String[] args, Action`1 trayCallback) in D:\a\1\s\src\NzbDrone.Host\Bootstrap.cs:line 78
Aug 03 11:36:50 james-b450mds3h radarr[30362]:    at NzbDrone.Console.ConsoleApp.Main(String[] args) in D:\a\1\s\src\NzbDrone.Console\ConsoleApp.cs:line 45
Aug 03 11:36:51 james-b450mds3h radarr[30362]: Press enter to exit...
Aug 03 11:36:52 james-b450mds3h radarr[30362]: Non-recoverable failure, waiting for user intervention...
Aug 03 11:36:55 james-b450mds3h dbus-daemon[377]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.460' (uid=0 pid=30404 comm="sudo journalctl -xe")
Aug 03 11:36:55 james-b450mds3h audit[30404]: USER_ACCT pid=30404 uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="jt4527" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Aug 03 11:36:55 james-b450mds3h audit[30404]: CRED_REFR pid=30404 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res>
Aug 03 11:36:55 james-b450mds3h kernel: audit: type=1101 audit(1659523015.427:427): pid=30404 uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="jt4527" exe="/usr/bin/sudo" hostname=? addr=? termin>
Aug 03 11:36:55 james-b450mds3h kernel: audit: type=1110 audit(1659523015.427:428): pid=30404 uid=1000 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? ad>
Aug 03 11:36:55 james-b450mds3h dbus-daemon[377]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found.
Aug 03 11:36:55 james-b450mds3h sudo[30404]: pam_systemd_home(sudo:account): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
Aug 03 11:36:55 james-b450mds3h sudo[30404]:   jt4527 : TTY=pts/0 ; PWD=/home/jt4527 ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Aug 03 11:36:55 james-b450mds3h sudo[30404]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
Aug 03 11:36:55 james-b450mds3h audit[30404]: USER_START pid=30404 uid=1000 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/>
Aug 03 11:36:55 james-b450mds3h kernel: audit: type=1105 audit(1659523015.434:429): pid=30404 uid=1000 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_systemd_home,pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostn>
lines 1306-1367/1367 (END)

This is as far up as I can go.

# ? Aug 3, 2022 11:38

Pablo Bluth: Sep 7, 2007; I've made a huge mistake.

The problem is it can't write to /var/lib/radarr. You either need to make that location and the existing files writable by jt4527 or change the "-data=/var/lib/radarr" part of the service file to write to a location owned by jt4527.

# ? Aug 3, 2022 11:44

Dead Goon: Dec 13, 2002; No Obvious Flaws

So I would chown that directory to jt4527:jt4527?

# ? Aug 3, 2022 11:45

Pablo Bluth: Sep 7, 2007; I've made a huge mistake.

That should work. Put a recursive -R on there. That said; why does the default install run as root and why do you need to run it as not root?

# ? Aug 3, 2022 11:48

Dead Goon: Dec 13, 2002; No Obvious Flaws

I've no idea why it runs as root, but when I try and setup up my folders in radarr I only have access to the top level directories and when I click save, it says the directory is not writable by the user radarr.

I just want to run the service as a user I know has access to the files and folders.

# ? Aug 3, 2022 11:51

BlankSystemDaemon: Mar 13, 2009

You should probably fix it so it doesn't run as root.

On FreeBSD, daemon(8) can drop privileges for any arbitrary program or script - I'd be shocked if Linux can't do it somehow.

# ? Aug 3, 2022 11:52

Dead Goon: Dec 13, 2002; No Obvious Flaws

I probably should, but I've got it working now and that'll do for me.

Thanks Tesseraction and Pablo Bluth for taking a look for me.

# ? Aug 3, 2022 11:58

Pablo Bluth: Sep 7, 2007; I've made a huge mistake.

Sorry, I may have misread radarr as root, confusing the issue.

A quick google shows install notes that say:
User=radarr
Group=media

If you want access radarr content as jt4527, then you could also add that account to the media group

code:

sudo usermod -G media jt4527

.
Or you add the radarr user to a group that gives it permission to access a folder owned by jt4527.

But not being familar with radarr, how you machine is exactly setup or exactly which directories you want radarr to write to, it's hard to provide exact solution. In theory you've lost a bit of security benefit of separation between radarr and your normal account (eg radarr has a flaw that allows an attacker a foothold and they can immediately pivot to stealing your browser saved passwords) but the risk assessment is your own.

# ? Aug 3, 2022 12:17

Tesseraction: Apr 5, 2009

Being fair that guide does later say in a red box

quote:

Note: This assumes you will run as the user radarr and group media. You may change this to fit your usecase. It's important to choose these correctly to avoid permission issues with your media files. We suggest you keep at least the group name identical between your download client(s) and Radarr.

Which does make the warning about permission issues.

Ah, permissions, the gift that keeps on stinking.

# ? Aug 3, 2022 12:20

Dead Goon: Dec 13, 2002; No Obvious Flaws

Pablo Bluth posted:

Sorry, I may have misread radarr as root, confusing the issue.

A quick google shows install notes that say:
User=radarr
Group=media

If you want access radarr content as jt4527, then you could also add that account to the media group
code:
sudo usermod -G media jt4527
.
Or you add the radarr user to a group that gives it permission to access a folder owned by jt4527.

But not being familar with radarr, how you machine is exactly setup or exactly which directories you want radarr to write to, it's hard to provide exact solution. In theory you've lost a bit of security benefit of separation between radarr and your normal account (eg radarr has a flaw that allows an attacker a foothold and they can immediately pivot to stealing your browser saved passwords) but the risk assessment is your own.

As it's finally running I shall leave as is for now, but knowing a little more about what I need to be doing I will have a look at doing it properly in the future.

Thanks again.

# ? Aug 3, 2022 12:38

Keito: Jul 21, 2005; WHAT DO I CHOOSE ?

UNIX permissions are super simple, try proper ACLs if you want stink. The guy posted how his Radarr service looks in his very first post asking about this:

Dead Goon posted:

code:

### Editing /etc/systemd/system/radarr.service.d/override.conf
&#9096;### Anything between here and the comment below will become the new contents of the file

<I figure this is where I need to add my changes>

### Lines below this comment will be discarded

### /usr/lib/systemd/system/radarr.service
# [Unit]
# Description=Radarr Service
# Wants=network-online.target
# After=network-online.target
#
# [Service]
# User=radarr
# Group=radarr
# SyslogIdentifier=radarr
# ExecStart=/usr/lib/radarr/bin/Radarr -nobrowser -data=/var/lib/radarr
# Type=simple
#
# [Install]
# WantedBy=multi-user.target

It should be easy to decipher that the service will run as user radarr and group radarr by default.

What the -data option does you would have to look at documentation to be sure, but given that it's pointing to a path under /var/lib, a good guess would be that it's used for storing program state. That means it needs to be writable for the service process.

Technically and security wise it would be nicer to set up fitting group and adding yourself and radarr to it, running the service as system user radarr instead of giving the software full access to everything your login user account can do when the only thing you need is to be able to access the data it spits out to disk, but I know most people just don't care enough to do this at home.

# ? Aug 3, 2022 12:58

ExcessBLarg!: Sep 1, 2001

Keito posted:

Technically and security wise it would be nicer to set up fitting group and adding yourself and radarr to it, running the service as system user radarr instead of giving the software full access to everything your login user account can do when the only thing you need is to be able to access the data it spits out to disk, but I know most people just don't care enough to do this at home.

Except running as the radarr user is the default setup, you have to go a good bit out of your way to change that with a systemd override.

But also, the security risk is that Radarr has bugs or is straight-up bad software that will delete your files. This has nothing to do with other potential users on a time-share machine.

# ? Aug 3, 2022 15:46

Tesseraction: Apr 5, 2009

Keito posted:

UNIX permissions are super simple, try proper ACLs if you want stink.

Oh for sure, but there's no more frustrating cause of a problem than realising you hosed up a permission/file group.

# ? Aug 3, 2022 15:57

Klyith: Aug 3, 2007; GBS Pledge Week

Dead Goon posted:

As it's finally running I shall leave as is for now, but knowing a little more about what I need to be doing I will have a look at doing it properly in the future.

Thanks again.

Keep this in mind because this is how a *lot* of linux services work: they make a new limited user to run themselves as, and rely on group permissions to gain access to files.

This can get a bit complicated to keep track of because you now have a bunch of groups. And a folder can only be owned by one group, nor can you have a group in a group.

So radarr by default does the radarr:media, and you're supposed to just change the group on home/myuser/Videos or whatever to myuser:media, with r/w given to the group. That way you have ownership and both you and radarr (and anyone else in media) has full access. But radarr can't see anything else in your home folder.

But maybe you also have a sambashare group controlling access to folders you're sharing to the network, and you want to share ~/Videos. At that point you can add the network users from samba to media group, or radarr to sambashare. Start taking notes when you have more than 3 or 4 of these types of interactions.

# ? Aug 3, 2022 16:46

RFC2324: Jun 7, 2012; http 418

When I finally worked out the find command for fixing all the perms in a tree my life was changed

In the short term I had to rebuild my box because fixing all the perms in the whole filesystem turns out to be a bad idea lol

# ? Aug 3, 2022 16:47

ExcessBLarg!: Sep 1, 2001

Klyith posted:

This can get a bit complicated to keep track of because you now have a bunch of groups. And a folder can only be owned by one group, nor can you have a group in a group.

As hinted to earlier, you can setup permissions for more than one group on a directory with Linux ACLs, but in this case it's probably just easier to add the handful of needed users to the media group as you suggested.

# ? Aug 3, 2022 17:13

Adbot: ADBOT LOVES YOU

# ? Jun 8, 2024 15:39

Mr. Crow: May 22, 2008; Snap City mayor for life

Dead Goon posted:

The folder is owned by my user.

If I leave the group as radarr I cannot access the folder.

I've read so much on folder permissions and users and groups, my brain has gone blurry.

Leveraging linux ACLs would trivialize this, leave the service running as radarr user/group and let it control everything and just add your user to the ACL, both default (so new folders get it) and current lists.

code:


setfacl -d -m jt4527:rwx /downloads
setfacl -m jt4527:rwx /downloads

But also you shouldnt need to leverage ACLs. Lotta ways to cut the problem.

Mr. Crow fucked around with this message at 17:55 on Aug 3, 2022

# ? Aug 3, 2022 17:52

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

«‹›1040 »