Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gunicorn requiring password for service user on new system? #135

Open
tromlet opened this issue Jan 23, 2025 · 0 comments
Open

Gunicorn requiring password for service user on new system? #135

tromlet opened this issue Jan 23, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@tromlet
Copy link

tromlet commented Jan 23, 2025
edited
Loading

Describe the bug
The service cannot start due to some kind of a user login issue - the system appears to be trying to do a password login on a local user, and I don't think it needs to do that.

To Reproduce
Steps to reproduce the behavior:

  1. SCP your wg-manager directory from a working CentOS 7 server to a new, Alma Linx 8.10 server
  2. Create a new service file /etc/systemd/system/wg-manager.service on your new server, copy the contents of the old one to this new one
  3. Create requisite service user, vpn
  4. chown -R vpn:vpn /opt/wg-manager
  5. Try starting the service. You'll get this error with journalctl -u wg-manager.

Platform:

  • OS: Alma Linux 8.10

Stacktrace/error output
This is the error I get when I run journalctl -u wg-manager:

Jan 22 19:23:52 wg.example.com sudo[5535]: pam_unix(sudo:auth): conversation failed
Jan 22 19:23:52 wg.example.com sudo[5535]: pam_unix(sudo:auth): auth could not identify password for [vpn]
Jan 22 19:23:52 wg.example.com gunicorn[5535]: sudo: a password is required
Jan 22 19:23:53 wg.example.com gunicorn[5537]: We trust you have received the usual lecture from the local System
Jan 22 19:23:53 wg.example.com gunicorn[5537]: Administrator. It usually boils down to these three things:
Jan 22 19:23:53 wg.example.com gunicorn[5537]:     #1) Respect the privacy of others.
Jan 22 19:23:53 wg.example.com gunicorn[5537]:     #2) Think before you type.
Jan 22 19:23:53 wg.example.com gunicorn[5537]:     #3) With great power comes great responsibility.
Jan 22 19:23:53 wg.example.com gunicorn[5537]: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

Additional context
I copied and pasted my /opt/wg-manager directory from a CentOS 7 server to /opt/wg-manager on a fresh, new, Alma 8.10 server. I'm trying to just migrate this thing to a server that still gets security patches, and then I'll work on getting it onto a different WireGuard manager.

I do not see any fancy differences between the users in the /etc/passwd file, I made sure they're both in wheel, but I DO notice a SLIGHT difference in /etc/pam.d/sudo between each system:

CentOS 7:

#.d/sudo
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so revoke
session    include      system-auth

Alma 8.10:

# cat /etc/pam.d/sudo
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth

Not sure what I've done here?
@tromlet tromlet added the bug Something isn't working label Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tromlet