Results 1 to 4 of 4

Thread: WebYast on 12.3: No permissions

  1. #1

    Default WebYast on 12.3: No permissions

    I just installed 12.3 on a new system and tried to enable webyast. After installing webyast and a number of modules I am able to authenticate successfully both as root and as a separate user in webyast. However none of the modules are listed of available, with the only exception being the terminal module (which doesn't work due to a bug in rshellinabox).


    Here are the messages from : permission_service.log

    Code:
    ...check permissions ["org.opensuse.yast.modules.yapi.mailsettings.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.mailsettings.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.metrics.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.metrics.writelimits"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.network.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.network.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.ntp.setserver"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.ntp.synchronize"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.packages.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.patches.install"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.patches.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.repositories.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.repositories.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.roles.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.roles.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.services.execute"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.services.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.system.reboot"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.system.shutdown"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.time.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.time.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupadd"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupdelete"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupmodify"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupsget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.useradd"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.userdelete"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.userget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.usermodify"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.usersget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.permissions.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.permissions.write"] for user root with result ["NOPERM"] (Polkit1)...
    I tried to figure out how to grant permissions. One suggestion was to use polkit-auth, but this doesn't seem to be available on 12.3.

    Any pointer on how to grant the required permission, or why they not set by default.

  2. #2

    Default Re: WebYast on 12.3: No permissions

    After going over the documentation again I came across /usr/sbin/grantwebyastrights

    However this doesn't work either and fails with the following error:

    Code:
    for i in $(cat permission_service.log |cut -d "\"" -f 2 |sort |uniq);do echo $i;/usr/sbin/grantwebyastrights --user root --action grant --policy $i;done
    
    org.opensuse.yast.modules.logfile.read
    granting: org.opensuse.yast.modules.logfile.read
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.logfile.read.pkla"
    org.opensuse.yast.modules.yapi.activedirectory.read
    granting: org.opensuse.yast.modules.yapi.activedirectory.read
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.activedirectory.read.pkla"
    org.opensuse.yast.modules.yapi.activedirectory.write
    granting: org.opensuse.yast.modules.yapi.activedirectory.write
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.activedirectory.write.pkla"
    org.opensuse.yast.modules.yapi.administrator.read
    granting: org.opensuse.yast.modules.yapi.administrator.read
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.administrator.read.pkla"
    org.opensuse.yast.modules.yapi.administrator.write
    granting: org.opensuse.yast.modules.yapi.administrator.write
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.administrator.write.pkla"
    org.opensuse.yast.modules.yapi.firewall.read
    granting: org.opensuse.yast.modules.yapi.firewall.read
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.firewall.read.pkla"
    org.opensuse.yast.modules.yapi.firewall.write
    granting: org.opensuse.yast.modules.yapi.firewall.write
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.firewall.write.pkla"
    org.opensuse.yast.modules.yapi.kerberos.read
    granting: org.opensuse.yast.modules.yapi.kerberos.read
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.kerberos.read.pkla"
    org.opensuse.yast.modules.yapi.kerberos.write
    granting: org.opensuse.yast.modules.yapi.kerberos.write
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.kerberos.write.pkla"
    org.opensuse.yast.modules.yapi.language.read
    granting: org.opensuse.yast.modules.yapi.language.read
    Could not parse line: "/etc/polkit-1/localauthority/55-webyast.d/org.opensuse.yast.modules.yapi.language.read.pkla"
    org.opensuse.yast.modules.yapi.language.write

  3. #3

    Default Re: WebYast on 12.3: No permissions

    Hello,

    check your permissions here:

    linux-qsu3:~ # ps aux | grep /etc/polkit-default-privs.local
    root 17804 0.0 0.0 2992 532 pts/2 S+ 23:31 0:00 grep --color=auto /etc/polkit-default-privs.local
    linux-qsu3:~ #

    is this file empty: /etc/polkit-default-privs.local?

    Do you have file /root/polkit-default-privs.local?

    is the next tool installed?
    linux-qsu3:~ # which set_polkit_default_privs
    /sbin/set_polkit_default_privs
    linux-qsu3:~ #

    Check it, please!!!

    linux-qsu3:~ # cp /root/polkit-default-privs.local /etc/polkit-default-privs.local
    linux-qsu3:~ # view /etc/polkit-default-privs.local
    linux-qsu3:~ # set_polkit_default_privs
    linux-qsu3:~ #

    Post your files, please.









    Quote Originally Posted by ahartner View Post
    I just installed 12.3 on a new system and tried to enable webyast. After installing webyast and a number of modules I am able to authenticate successfully both as root and as a separate user in webyast. However none of the modules are listed of available, with the only exception being the terminal module (which doesn't work due to a bug in rshellinabox).


    Here are the messages from : permission_service.log

    Code:
    ...check permissions ["org.opensuse.yast.modules.yapi.mailsettings.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.mailsettings.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.metrics.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.metrics.writelimits"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.network.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.network.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.ntp.setserver"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.ntp.synchronize"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.packages.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.patches.install"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.patches.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.repositories.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.repositories.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.roles.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.roles.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.services.execute"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.services.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.system.reboot"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.system.shutdown"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.time.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.time.write"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupadd"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupdelete"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupmodify"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.groupsget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.useradd"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.userdelete"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.userget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.usermodify"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.modules.yapi.users.usersget"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.permissions.read"] for user root with result ["NOPERM"] (Polkit1)
    check permissions ["org.opensuse.yast.permissions.write"] for user root with result ["NOPERM"] (Polkit1)...
    I tried to figure out how to grant permissions. One suggestion was to use polkit-auth, but this doesn't seem to be available on 12.3.

    Any pointer on how to grant the required permission, or why they not set by default.

  4. #4

    Default Re: WebYast on 12.3: No permissions

    Read this documentation first:

    https://doc.opensuse.org/documentati...licykit.change

    https://doc.opensuse.org/products/ot....html#id313348


    Did you install the following tools?

    polkit-action

    polkit-auth




    Quote Originally Posted by Attila_Ladanyi View Post
    Hello,

    check your permissions here:

    linux-qsu3:~ # ps aux | grep /etc/polkit-default-privs.local
    root 17804 0.0 0.0 2992 532 pts/2 S+ 23:31 0:00 grep --color=auto /etc/polkit-default-privs.local
    linux-qsu3:~ #

    is this file empty: /etc/polkit-default-privs.local?

    Do you have file /root/polkit-default-privs.local?

    is the next tool installed?
    linux-qsu3:~ # which set_polkit_default_privs
    /sbin/set_polkit_default_privs
    linux-qsu3:~ #

    Check it, please!!!

    linux-qsu3:~ # cp /root/polkit-default-privs.local /etc/polkit-default-privs.local
    linux-qsu3:~ # view /etc/polkit-default-privs.local
    linux-qsu3:~ # set_polkit_default_privs
    linux-qsu3:~ #

    Post your files, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •