"permission denied" on eos commands

Oren_Shani · April 1, 2024, 11:50am

Hi All,

I am only making my first steps in EOS land, trying to install a small setup on two small nodes.

So first, my machines run RHEL 9, and from the notice at the top of the forum pages, I am not sure. Is it still supported at all? Because if not, then maybe that’s my problem…

But assuming RHEL is still supported, my problem is this:

I followed the instructions in this page:

https://eos-docs.web.cern.ch/diopside/manual/getting-started.html#eos-up-in-few-minutes

And was able to install eos and bring up the daemons, but when I run eos commands like “eos node set hostname -f:1095 on” and “eos space define default”, I get a “permission denied” error. And the following messages appear in /var/log/eos/mgm/Clients.log

240402 09:28:05 ESC[49;32mINFO ESC[0m [00099/00099]             root ::open             op=read path=/proc/admin/ info=eos.rgid=0&eos.ruid=0&mgmm 
240402 09:28:05 ESC[49;31mERRORESC[0m [00099/00099]             root ::Emsg             Unable to execute proc command - you don't have the requt

So can you tell me what I might be missing?

Many thanks,

Oren

Oren_Shani · April 2, 2024, 12:53pm

I think the problem is caused by this:

[root@sd4 ~]# eos whoami
Virtual Identity: uid=99 (99) gid=99 (99) [authz:unix] host=[::ffff:127.0.0.1] domain=0.0.1]

(instead of uid=0)

apeters · April 2, 2024, 1:25pm

Did you create an sss key doing this before starting the service?

eos daemon sss recreate

Can you try to run this:
env XrdSecPROTOCOL=sss eos whoami

If it fails, then check the file /var/log/eos/mgm/xrdlog.mgm

There could be a problem with the hostname reverse-lookup of the node or it is related to IPV6.

Cheers Andreas.

Oren_Shani · April 3, 2024, 6:04am

I did create the sss keys. Also I tried:

but got the same result.

By ‘reverse lookup of the node’, you mean reverse lookup of 127.0.0.1?

In any case, this is what I see in the log:

240403 08:59:12 367686 XrootdXeq: root.368048:392@[::ffff:127.0.0.1] pvt IPv4 login as eosnobody
240403 08:59:12 time=1712123952.487352 func=IdMap                    level=INFO  logid=static.............................. unit=mgm@sd4.lab.net:1094 tid=00007fd7cb5ff640 so
urce=Mapping:999                    tident= sec=(null) uid=99 gid=99 name=- geo="" sec.prot=sss sec.name="eosnobody" sec.host="[::ffff:127.0.0.1]" sec.vorg="" sec.grps="eosn
obody" sec.role="" sec.info="" sec.app="" sec.tident="root.368048:392@[::ffff:127.0.0.1]" vid.uid=99 vid.gid=99 sudo=0 gateway=0
240403 08:59:12 time=1712123952.487424 func=open                     level=INFO  logid=4b7fd1b6-f17f-11ee-8091-0894ef78fb46 unit=mgm@sd4.lab.net:1094 tid=00007fd7cb5ff640 so
urce=XrdMgmOfsFile:548              tident=root.368048:392@[::ffff:127.0.0.1] sec=sss   uid=99 gid=99 name=eosnobody geo="" op=read path=/proc/user/ info=eos.rgid=0&eos.ruid
=0&mgm.cmd=whoami

Many thanks,

Oren

apeters · April 3, 2024, 6:39am

Ok, that is weird. Can you remove the eosnobody entry in /etc/eos.keytab and restart the MGM service and try again. There are two lines in this file, one with daemon, which you keep and the one with eosnobody you remove.

Cheers Andreas.

Oren_Shani · April 3, 2024, 7:32am

Hi Andreas

removing the line didn’t help. The only differnce is that now I see in the log, sec.name=“daemon”

BR

Oren

apeters · April 3, 2024, 8:02am

Ok,
I am just creating a RHEL9 node and will try it. I remember I had the same problem in the past on RHEL9, but I don’t remember how to resolve it. The problem is, that the connections swho up with IPV6 notation and not localhost6 etc. … will let you know asap.

Oren_Shani · April 4, 2024, 11:09am

Hi Andreas,

Thank you for that… Still, if it’s too much of a bother, just let me know and I will switch to Alma9

BR

Oren

apeters · April 4, 2024, 11:30am

Hi Oren,
sorry for the delay. I just did it on a RHEL9 node.

It works without any problem, but I noticed I created a VM with IPV4 address and I think the problem comes from IPV6.

Let me just recreate one with IPV6 and I will come back asap.

Cheers Andreas.

apeters · April 5, 2024, 1:18pm

Hi Oren,
I have now an IPV6 node with RHEL9. I have no problem, but it is true, that this node has IPV4+6 Address.

Can you paste me the output of this command:

env XRD_LOGLEVEL=Dump eos root://[::1] whoami

How do you resolve hostnames on your RHEL9 node?

Which entry do you have in /etc/resolv.conf ?

Oren_Shani · April 7, 2024, 6:12am

Hi Andreas. See the output of the command below. Also, my resolv.conf looks like this:

domain lab.net
search lab.net
nameserver 11.11.32.53

BR

Oren

--------- output of dump ----------

[root@sd4 ~]# env XRD_LOGLEVEL=Dump eos root://[::1] whoami
[2024-04-07 09:08:41.244396 +0300][Debug  ][Utility           ] Initializing xrootd client version: 5.6.9
[2024-04-07 09:08:41.244485 +0300][Warning][Utility           ] Unable to process global config file: [ERROR] OS Error: no such file or directory
[2024-04-07 09:08:41.244560 +0300][Debug  ][Utility           ] Unable to process user config file: [ERROR] OS Error: no such file or directory
[2024-04-07 09:08:41.244658 +0300][Debug  ][PlugInMgr         ] Initializing plug-in manager...
[2024-04-07 09:08:41.244667 +0300][Debug  ][PlugInMgr         ] No default plug-in, loading plug-in configs...
[2024-04-07 09:08:41.244673 +0300][Debug  ][PlugInMgr         ] Processing plug-in definitions in /etc/xrootd/client.plugins.d...
[2024-04-07 09:08:41.244682 +0300][Debug  ][PlugInMgr         ] Unable to process directory /etc/xrootd/client.plugins.d: [ERROR] OS Error: no suy
[2024-04-07 09:08:41.244706 +0300][Debug  ][PlugInMgr         ] Processing plug-in definitions in /root/.xrootd/client.plugins.d...
[2024-04-07 09:08:41.244713 +0300][Debug  ][PlugInMgr         ] Unable to process directory /root/.xrootd/client.plugins.d: [ERROR] OS Error: no y
[2024-04-07 09:08:41.255650 +0300][Debug  ][Utility           ] Env: overriding entry: runforkhandler=1 with 1
[2024-04-07 09:08:41.255671 +0300][Debug  ][Utility           ] Env: overriding entry: requesttimeout=1800 with 900
[2024-04-07 09:08:41.255674 +0300][Debug  ][Utility           ] Env: overriding entry: streamtimeout=60 with 1200
[2024-04-07 09:08:41.258093 +0300][Dump   ][Utility           ] URL: root://[::1]
[2024-04-07 09:08:41.258093 +0300][Dump   ][Utility           ] Protocol:  root
[2024-04-07 09:08:41.258093 +0300][Dump   ][Utility           ] User Name: 
[2024-04-07 09:08:41.258093 +0300][Dump   ][Utility           ] Password:  
[2024-04-07 09:08:41.258093 +0300][Dump   ][Utility           ] Host Name: [::1]
[2024-04-07 09:08:41.258093 +0300][Dump   ][Utility           ] Port:      1094
[2024-04-07 09:08:41.258093 +0300][Dump   ][Utility           ] Path:      
[2024-04-07 09:08:41.258112 +0300][Dump   ][Utility           ] URL: root://[::1]:1094/
[2024-04-07 09:08:41.258112 +0300][Dump   ][Utility           ] Protocol:  root
[2024-04-07 09:08:41.258112 +0300][Dump   ][Utility           ] User Name: 
[2024-04-07 09:08:41.258112 +0300][Dump   ][Utility           ] Password:  
[2024-04-07 09:08:41.258112 +0300][Dump   ][Utility           ] Host Name: [::1]
[2024-04-07 09:08:41.258112 +0300][Dump   ][Utility           ] Port:      1094
[2024-04-07 09:08:41.258112 +0300][Dump   ][Utility           ] Path:      
[2024-04-07 09:08:41.258127 +0300][Dump   ][Utility           ] URL: root://[::1]:1094/
[2024-04-07 09:08:41.258127 +0300][Dump   ][Utility           ] Protocol:  root
[2024-04-07 09:08:41.258127 +0300][Dump   ][Utility           ] User Name: 
[2024-04-07 09:08:41.258127 +0300][Dump   ][Utility           ] Password:  
[2024-04-07 09:08:41.258127 +0300][Dump   ][Utility           ] Host Name: [::1]
[2024-04-07 09:08:41.258127 +0300][Dump   ][Utility           ] Port:      1094
[2024-04-07 09:08:41.258127 +0300][Dump   ][Utility           ] Path:      
[2024-04-07 09:08:41.258142 +0300][Dump   ][Utility           ] URL: root://[::1]:1094/
[2024-04-07 09:08:41.258142 +0300][Dump   ][Utility           ] Protocol:  root
[2024-04-07 09:08:41.258142 +0300][Dump   ][Utility           ] User Name: 
[2024-04-07 09:08:41.258142 +0300][Dump   ][Utility           ] Password:  
[2024-04-07 09:08:41.258142 +0300][Dump   ][Utility           ] Host Name: [::1]
[2024-04-07 09:08:41.258142 +0300][Dump   ][Utility           ] Port:      1094
[2024-04-07 09:08:41.258142 +0300][Dump   ][Utility           ] Path:      
[2024-04-07 09:08:41.258169 +0300][Dump   ][FileSystem        ] [0xbc78a0@[::1]:1094] Sending kXR_ping ()
[2024-04-07 09:08:41.258187 +0300][Debug  ][Utility           ] Env: trying to get a non-existent string entry: pollerpreference
[2024-04-07 09:08:41.258198 +0300][Debug  ][Poller            ] Available pollers: built-in
[2024-04-07 09:08:41.258202 +0300][Debug  ][Poller            ] Attempting to create a poller according to preference: built-in
[2024-04-07 09:08:41.258206 +0300][Debug  ][Poller            ] Creating poller: built-in
[2024-04-07 09:08:41.258214 +0300][Debug  ][Poller            ] Creating and starting the built-in poller...
[2024-04-07 09:08:41.259312 +0300][Debug  ][Poller            ] Using 10 poller threads
[2024-04-07 09:08:41.259322 +0300][Debug  ][TaskMgr           ] Starting the task manager...
[2024-04-07 09:08:41.259355 +0300][Debug  ][TaskMgr           ] Task manager started
[2024-04-07 09:08:41.259361 +0300][Debug  ][JobMgr            ] Starting the job manager...
[2024-04-07 09:08:41.259448 +0300][Debug  ][JobMgr            ] Job manager started, 3 workers
[2024-04-07 09:08:41.259458 +0300][Debug  ][TaskMgr           ] Registering task: "FileTimer task" to be run at: [2024-04-07 09:08:41 +0300]
[2024-04-07 09:08:41.259465 +0300][Dump   ][XRootD            ] [[::1]:1094] Sending message kXR_ping ()
[2024-04-07 09:08:41.259498 +0300][Debug  ][ExDbgMsg          ] [[::1]:1094] MsgHandler created: 0xc141f0 (message: kXR_ping () ).
[2024-04-07 09:08:41.259527 +0300][Dump   ][Utility           ] URL: [::1]:1094
[2024-04-07 09:08:41.259527 +0300][Dump   ][Utility           ] Protocol:  root
[2024-04-07 09:08:41.259527 +0300][Dump   ][Utility           ] User Name: 
[2024-04-07 09:08:41.259527 +0300][Dump   ][Utility           ] Password:  
[2024-04-07 09:08:41.259527 +0300][Dump   ][Utility           ] Host Name: [::1]
[2024-04-07 09:08:41.259527 +0300][Dump   ][Utility           ] Port:      1094
[2024-04-07 09:08:41.259527 +0300][Dump   ][Utility           ] Path:      
[2024-04-07 09:08:41.259549 +0300][Dump   ][Utility           ] URL: root://[::1]:1094/
[2024-04-07 09:08:41.259549 +0300][Dump   ][Utility           ] Protocol:  root
[2024-04-07 09:08:41.259549 +0300][Dump   ][Utility           ] User Name: 
[2024-04-07 09:08:41.259549 +0300][Dump   ][Utility           ] Password:  
[2024-04-07 09:08:41.259549 +0300][Dump   ][Utility           ] Host Name: [::1]
[2024-04-07 09:08:41.259549 +0300][Dump   ][Utility           ] Port:      1094
[2024-04-07 09:08:41.259549 +0300][Dump   ][Utility           ] Path:      
[2024-04-07 09:08:41.259566 +0300][Debug  ][PostMaster        ] Creating new channel to: root://[::1]:1094/
[2024-04-07 09:08:41.259717 +0300][Debug  ][PostMaster        ] [[::1]:1094] Stream parameters: Network Stack: IPAuto, Connection Window: 120, Co0
[2024-04-07 09:08:41.259738 +0300][Debug  ][TaskMgr           ] Registering task: "TickGeneratorTask for: root://[::1]:1094/" to be run at: [2024]
[2024-04-07 09:08:41.259753 +0300][Dump   ][PostMaster        ] [[::1]:1094] Sending message kXR_ping () (0xbc7a30) through substream 0 expecting0
[2024-04-07 09:08:41.259783 +0300][Error  ][Utility           ] Unable to resolve [::1]:1094: Address family for hostname not supported
[2024-04-07 09:08:41.259788 +0300][Error  ][PostMaster        ] [[::1]:1094] Unable to resolve IP address for the host
[2024-04-07 09:08:41.259793 +0300][Error  ][XRootD            ] [[::1]:1094] Unable to send the message kXR_ping (): [FATAL] Invalid address
[2024-04-07 09:08:41.259805 +0300][Debug  ][ExDbgMsg          ] [[::1]:1094] Destroying MsgHandler: 0xc141f0.
error: MGM root://[::1] not online/reachable
[2024-04-07 09:08:41.262376 +0300][Debug  ][JobMgr            ] Stopping the job manager...
[2024-04-07 09:08:41.262395 +0300][Dump   ][JobMgr            ] Stopping worker #0...
[2024-04-07 09:08:41.262541 +0300][Dump   ][JobMgr            ] Worker #0 stopped
[2024-04-07 09:08:41.262547 +0300][Dump   ][JobMgr            ] Stopping worker #1...
[2024-04-07 09:08:41.262681 +0300][Dump   ][JobMgr            ] Worker #1 stopped
[2024-04-07 09:08:41.262686 +0300][Dump   ][JobMgr            ] Stopping worker #2...
[2024-04-07 09:08:41.262753 +0300][Dump   ][JobMgr            ] Worker #2 stopped
[2024-04-07 09:08:41.262759 +0300][Debug  ][JobMgr            ] Job manager stopped
[2024-04-07 09:08:41.262762 +0300][Debug  ][Poller            ] Stopping the poller...
[2024-04-07 09:08:41.263302 +0300][Debug  ][TaskMgr           ] Stopping the task manager...
[2024-04-07 09:08:41.263460 +0300][Debug  ][TaskMgr           ] Task manager stopped
[2024-04-07 09:08:41.263476 +0300][Debug  ][AsyncSock         ] [[::1]:1094.0] Closing the socket
[2024-04-07 09:08:41.263486 +0300][Debug  ][PostMaster        ] [[::1]:1094] Destroying stream
[2024-04-07 09:08:41.263494 +0300][Debug  ][Utility           ] Monitor library name not set. No monitoring
[2024-04-07 09:08:41.263500 +0300][Debug  ][AsyncSock         ] [[::1]:1094.0] Closing the socket

apeters · April 8, 2024, 6:16am

Ah interesting,
it cannot resolve the localhost IPV6 address.

Do you have this?

cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

Oren_Shani · April 8, 2024, 7:03am

Hi Andreas

Yes, my /etc/hosts has these lines. Also, maybe this is a clue:

[root@sd4 ~]# getent hosts localhost
::1             localhost localhost.localdomain localhost6.localdomain6 localhost6

But

[root@sd4 ~]# getent hosts 
127.0.0.1       localhost localhost.localdomain localhost4 localhost4.localdomain4
127.0.0.1       localhost localhost.localdomain localhost6.localdomain6 localhost6

BR

Oren

Oren_Shani · April 8, 2024, 7:18am

Hi Andreas,

In our live systems, we don’t use IPv6 at all, so maybe I should just configure the machine to use IPv4 only?

Thanks

Oren

Oren_Shani · April 9, 2024, 11:48am

Hi Andreas,

I gave it some thought and I think the best thing to do is to reinstall my hosts with Alma 9, so that it can be in align with your documentation. I will let you know if there is still a problem after I move to Alma 9.

Many thanks for your help so far,

Oren

Oren_Shani · April 11, 2024, 7:12am

Hi Andreas,

I was able to setup a standalone eos server on alma-9 . I still think that problem was due to some configuration error though, maybe even just that I didn’t have the host interfaces (other than lo) defined in /etc/hosts…

In any case, now I have another problem: I am trying to setup a second FST host, and when I try to install the eos server package, I get this error:

 - Status code: 404 for https://storage-ci.web.cern.ch/storage-ci/eos/diopside-depend/el-9s/x86_64/repodata/repomd.xml (IP: 188.185.18.46)

Can you please check?

Many thanks,

Oren

apeters · April 11, 2024, 7:54am

Yes you use el-9s … should be “el-9”
Cheers Andreas.

Oren_Shani · April 15, 2024, 6:11am

Hi Andreas,

I was able to install an EOS demo with two nodes. I now have several other things to report and ask, but I will do that in separate posts.

So thank you for all your help,

Oren

CERN Accelerating science

"permission denied" on eos commands