+13

Superuser access required

Sazern 4 years ago updated by Gabor Zsoldos 1 month ago 11

Hello i just installed Ajenti on my Ubuntu 16.04.1 server and it all works fine but im not able to access the settings or plugin page. It just says "superuser access required".


So i go to the user menu and press elevate, i type in my sudo password but it says incorrect password. Even if im logged in with the sudo user (same password)


Anyone noticed this issue? Tried my google skills but didnt find any solution or thread about it.

I just installed Ajenti but don't have the super user access. I also tried google but didn't find any solution

Guess this project is dead :(

I have same issue. it say

Superuser access required. also dashboard and options are not like example.

+1

Hi,
I solved the issue.
first check your all user list. then change your password for root. try login with username root and password is your pass.

is that only way to login with root ?

+3

set root password by "sudo passwd root" and then login using username root and your password

Hi,

But is no way to login with "mortal" user and then use some pivilegue elevation functionality?, like in COCKPIT?

thankz

Solved,

Login with root/admin   then go to "Users" and youcan choose local auth, LDAP, OS Users, etc etc etc.

+1

i elevated my self in the webgui, and used the password admin as suggested. So I didn't need to do anything with the root account. Didn't even use the root/admin login.

I have had added my OS account as restricted_user in /etc/ajenti/config.yml

Hi,

I'm a new user in Ajenti use. But when I install it (Version: aj==2.1.37, python==3.7.3) fist time, I get same issues like these and not found information for correct solutions.

I looked at the source code and found some bugs and information gaps on this topic.

1. The user elevation is using the sudo command. The aj documentation does not include the required sudo settings. The problem is that the user running aj does not have permission to run sudo.

First: Insert into the sudoers file the below line (in Debian 10 aj run with nobody user):

"nobody ALL=(ALL) /bin/ls /tmp"

Second: The sudo default authentication method is authenticate the invoking user's credentials not the target user credentials. Insert next line to sudoers after last "Defaults" line:

"Defaults:nobody targetpw"

Third: If the user than want elevated rights and not permission the directory (on Debian 10 is "/root"), the authentication also failed. Maybe better way is setting an existing directory name and set correct rights this directory for users we want set elevated rights. I chaneged the sudo command in source code.

2. Python 3.5 and above some Popen behaviour changed. I expanded the code in ajenti-core/aj/auth.py:

class AuthenticationService():

...

def check_sudo_password(self, username, password):

if not aj.config.data['auth'].get('allow_sudo',False):

return False

sudo = subprocess.Popen(

['sudo', '-S', '-k', '-u', username, '--', 'ls', '/tmp'],

stdin=subprocess.PIPE,

stdout=subprocess.PIPE,

stderr=subprocess.PIPE,

)

o, e = sudo.communicate(input=(password + '\n').encode('utf-8'))

if sudo.returncode != 0:

raise SudoError((o + e).decode('utf-8').splitlines()[-1].strip())

return True

...