Veyon Community Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups

    Issue with users home on NFS with rootsquash option

    Help & Troubleshooting
    3
    12
    760
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zeltron80 last edited by zeltron80

      Hi,

      System : Ubuntu Mate 18-04
      Veyon version : 4.1.91 (same issue with 4.1.7)

      Since 4.1 version, Veyon has full systemd support, and works totally differently from previous linux versions (see : https://veyon.io/blog/2018/04/09/systemd-support/).

      And since this changes, I can't get veyon working, as my users homes are on an NFS server, with rootsquash export option activated, and so, local root account on PCs doesn't have any rights on users homes.

      When a user's session starts, veyon needs to "do something" in user's home, as root user, and it fails.

      My question is about this "do something" :
      What does veyon need to have access to in user's home ? It seems it doesn't need to write (I didn't notice any new file in user's home when it works).
      I think, maybe, it needs to read the .Xauthority file ?

      Could you explain to me what veyon needs to do, so I can try to fix this issue in my configuration ? (no_root_squash for nfs is not an option, because of security risks).

      Thanks
      ET

      1 Reply Last reply Reply Quote 0
      • Z
        zeltron80 last edited by

        Hi,

        Exploring this issue further, I can know exactly say what keeps veyon from working in this case :
        Veyon needs to read the .Xauthority file in user's home :
        I just made :

        chmod o+x /home/testuser/.Xauthority
        

        and it works back.
        But it's not a great idea for security, of course.

        I don't have any idea of veyon's code, but maybe it wouldn't be too difficult to modify the veyon service launching scenario to avoid this issue (as veyon worker runs as user and can communicate with service/server, I suppose)...

        Just a suggestion, of course, unless, maybe someone sees another solution...

        Regards,
        ET

        1 Reply Last reply Reply Quote 0
        • Z
          zeltron80 last edited by

          Hi again,

          Maybe another solution for me would be to launch veyon service through /etx/xdg/autostart
          To test that, I'd need the command which I need to launch (via Dbus, I guess ?)

          I looked in code, but couldn't find where it takes place...

          1 Reply Last reply Reply Quote 0
          • Z
            zeltron80 last edited by

            Hi,

            Anybody could give me a lead to follow up ?
            I really need to make it work, and I think I'm not far from it, but I just need to understand a little more precisely how it works to find a fix.

            If a (the?) dev is passing by...

            Thanks
            ET

            1 Reply Last reply Reply Quote 0
            • G
              Guenos last edited by

              Hello,

              I make a comment so that you do not feel alone, I come here regularly but I know nothing Linux so I can not help you and I start on this software.

              Good luck !

              Z 1 Reply Last reply Reply Quote 0
              • Z
                zeltron80 @Guenos last edited by zeltron80

                @Guenos
                Thanks for your support 😉

                In fact, I hope tobydox will find time soon to make a little visit on the forum.
                It seems he is a little bit alone in veyon development, and the veyon community is not developed enough yet to help him for support.
                I try to help sometimes, but like you, I'm not veyon-pro enough to help on most of the posts.

                Regards
                ET

                1 Reply Last reply Reply Quote 1
                • tobydox
                  tobydox last edited by

                  Hi @zeltron80
                  thanks for investigating this issue! Indeed there can be small problems if the home directory is not accessible by root, e.g. on network shares where access is managed through tokens or keyrings. So when veyon-services launches veyon-server as root the veyon-server process is not able to access the X session of the user as it needs to read the Xauthority file as you've figured out correctly 😉 So you can either adjust permissions such that root can read this file (you won't need world access for this) or launch veyon-server (no additional parameters required) manually through a desktop file in /etc/xdg/autostart. Hope that helps!
                  Best regards

                  Z 1 Reply Last reply Reply Quote 0
                  • Z
                    zeltron80 @tobydox last edited by

                    @tobydox
                    Thanks for your answer...
                    I already tried to launch veyon-server with a desktop file in /etc/xdg/autostart, but it asks for the root password, and I'm not about to give root passwords to my users 😉
                    Anyway, even if I type it, the server doesn't launch, and it doesn't work better.
                    I hoped there could be a way through dbus : As veyon-server and veyon-service are root processes, I thought the process at session's start were launched as user through dbus.
                    Using a dbus command, it would then be (maybe) possible to make it work.
                    I don't understand what is the start session's scheme : As I see a veyon-worker user process, I imagined, veyon-service and server were launch through it ?

                    Regards
                    ET

                    1 Reply Last reply Reply Quote 0
                    • tobydox
                      tobydox last edited by

                      @zeltron80 I really wonder why it asks for the root password. veyon-server is a simple userspace program which does not require any special privileges - it's only run as root by veyon-service in order to prevent users from killing it . Have you disabled the veyon-service? I'm not familar with dbus when it comes to launch services so I can't help you on this specific topic. Are you using keyfile or logon authentication?

                      Z 1 Reply Last reply Reply Quote 0
                      • Z
                        zeltron80 @tobydox last edited by

                        @tobydox

                        Ok, I just tried again, and you're right : veyon-server starts well when launch through /etc/xdg/autostart.

                        I tried so many things, I forgot this 😞

                        Maybe because I red this was not a good idea that users may kill veyon-server process.
                        But it's not really a problem in my case.

                        Thank you for your work

                        Regards
                        ET

                        1 Reply Last reply Reply Quote 0
                        • tobydox
                          tobydox last edited by

                          Still it's great that it works now! Next time we'll find a solution more quickly 😉

                          Z 1 Reply Last reply Reply Quote 0
                          • Z
                            zeltron80 @tobydox last edited by

                            @tobydox
                            No problem, you can't be on dev and forum at the same time 😉
                            Your job is really helpful for a lot of people, thanks for that.

                            I'd like to be more useful here on the forum, but not "good" enough yet with veyon to help much people.

                            Regards
                            ET

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Powered by NodeBB | Contributors