I am trying to make a script to install more or less automatically oracle database as well as some other application of my own. I haven't writen a line yet because I want to make all steps manually first.
So, my environment is the following. I have RHEL 5 with no graphic interface. I am connecting to the server from Windows laptop through SSH as root. I have enabled XForwarding, so when I login with root account I can run xdpyinfo so that I can check XServer configuration.
I need XForwarding because the Oracle DB installation procedure requires an XServer. However, Oracle requires the user oracle to perform the installation. I have already created the oracle user but when changing the user from root to oracle I can no longer run xdpyinfo command so the Oracle installation procedure fails. I get the following error:
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authorisation protocol attempted
xdpyinfo: unable to open display "localhost:10.0".
I have tried to use xhost to enable my laptop to access my server but I have failed as well to do that.
If you really feel the need to do this, then while you are root, get the current $DISPLAY value, particularly the first value after the colon, which is 10 in your case. Then find the current X authorisation token for your session:
xauth list | grep ":10 "
Which will give you something like:
hostname/unix:10 MIT-MAGIC-COOKIE-1 2b3e51af01827d448acd733bcbcaebd6
After you su to the oracle account, $DISPLAY is probably still set but if not then set it to match your underlying session. Then add the xauth token to your current session:
xauth add hostname/unix:10 MIT-MAGIC-COOKIE-1 2b3e51af01827d448acd733bcbcaebd6
When you've finished you can clean up with:
xauth remove hostname/unix:10
That's assuming PuTTY is configured to use MIT-Magic-Cookie-1 as the remote X11 authentication protocol, in the Connection->SSH->X11 section. If that is set to MDM-Authorization-1 then the value you get and set with xauth will have XDM-AUTHORIZATION-1 instead.
It might be simpler to disconnect from root and start a new ssh session as oracle to continue the installation, which would also make sure you don't accidentally do anything unexpected as root. Well, until you have to run root.sh, anyway.
If you do a silent install with a response file then you don't need a working X11 connection anyway; you just need $DISPLAY to be set, but nothing is ever actually opened on that display so it doesn't matter if xdpyinfo or any other X11 command would fail. I'm not sure how you're thinking of scripting the X11 session, but even if that is possible a silent install will be simpler and more repeatable.
Related
I'm trying to connect to the oracle database via sqlplus hosted on a remote instance using command like this sqlplus user#hostname.com:port/SchemaName. And on typing password it throws weird client host issue. See the screenshot below.
The question is which host name its expecting me to put inside /etc/hosts?
Whereas I can telnet successfully to same instance without any issues. By the way I'm on MacOS 10.15.7.
Oracle clients were installed using this link. Can be seen from the screenshot below.
The installation was moved to the appropriate folder.
The $PATH was also exported to ~/.bash_profile file
I was able to resolve this issue by the solution mentioned on this link.
Using hostname command I was able to find host name of my machine, which was required to make a successful connection to the Oracle.
The screenshot below explains the process
The hostname entry looks like below
I have just installed MariaDB 10.4 using Home Brew. I was finally able to set the root password, and I am now trying to enable network access.
I think have added the correct directive:
bind-address=0.0.0.0
The thing is, is it to the correct my.cnf? I have tried adding it to /usr/local/etc/my.cnf as well as to a my.cnf I found in various Cellar directories.
It doesn’t seem to work. I get the message
Host … is not allowed to connect to this MariaDB server
even when I try from the local machine.
Am I setting the directive in the wrong file, or is there something else I should be doing.
Check that your user have the privilege to access the database from remote by running:
SELECT User, Host FROM mysql.user
Check also that you don't have the skip_networking configuration property set.
Read also the following documentation page: Configuring MariaDB for Remote Client Access
I am attempting to set up gpg preset passphrase caching using the gpg agent so I can automate my file encryption process. In order for the gpg-agent to run and properly cache the passphrase, it seems there needs to be a S.gpg-agent socket located within the ~/.gnupg/ directory that gets generated in the root directory when I set up gpg and gpg-agent.
What I have done (and which seemed to work in the past) is I would start up everything as root and copy over the contents of the /.gnupg directory to my less privileged user and grant permissions to that socket and directory to the user. The commands I ran to start up the gpg-agent daemon and cache passphrase:
gpg-agent --homedir /home/<user>/.gnupg --daemon
/usr/libexec/gpg-preset-passphrase --preset --passphrase <passphrase> <keygrip>
gpg-agent process seems to be running just fine but I get the below error from the second line:
gpg-preset-passphrase: can't connect to `/home/<user>/.gnupg/S.gpg-agent': Connection refused
gpg-preset-passphrase: caching passphrase failed: Input/output error
I have made sure the socket exists in the directory with proper permissions and this process runs as root. It seems that this socket is still inherently tied to root even if I copy and modify permissions. So my questions are
How exactly does this socket get initialized?
Is there a way to do so manually as another user?
To add, the agent process seems to run just fine for both users but where I get a little hazy is how the gpg-preset-passphrase is using the socket and if its that or the agent that is refusing the connection to S.gpg-agent
I also assume that I don't need to explicitly start the agent but figured I would this so that I could set any values such as the homedir if needed.
It turns out the issue was unrelated to the gpg-agent and gpg-preset-passprhase.
Note: This is not a permanent solution but it did allow me to get past the issue I was facing.
After modifying the /etc/selinux/config and disabling SE Linux, I no longer experienced the permissions issue above. SE Linux is a Linux kernel security module developed by Red Hat (I am currently running this on RHEL7). It seems the next step will likely be to make sure these binaries and packages are allowed access from my user using audit2allow. Bit more information on this here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-allowing_access_audit2allow
I am using SFTP client(WinSCP) to get into a remote server and retrieve some files. I could not get to the SFTP server when I use WinSCP in a Windows-7 machine; but it works good when I try it from an XP machine. Can anyone think of what might be wrong. Any help appreciated!
I am also including the error screenshot, if that helps
Can anyone please help!
This could be some problem with your firewall. Check it if you are blocking WinSCP.
Quoting WinSCP documentation on the error message Server unexpectedly closed network connection:
If you get this error message while connecting to your server, it is
most usually caused by the server not being able to run some process
necessary to support your session. Always try to connect with another
SSH (SFTP) client to find, if it is server or client related problem.
Possibilities are:
Shell.
Your account may not be allowed to start a shell at all. With some servers (like OpenSSH or Sun SSH), you may need to be allowed to
start a shell, even if using SFTP protocol.
Also some servers refuse to start a shell if your password has expired or your account was terminated.
Some shells do not work with non-interactive sessions. The same it true for some configurations (or profiles used) for otherwise
working shells. This commonly exhibits with SCP protocol with
associated error message "Error skipping startup message. Your shell
is probably incompatible with the application (BASH is recommended)."
Try to force bash shell explicitly on SCP/Shell page of Advanced Site
Settings dialog. Using SFTP protocol instead of SCP is another option.
OpenSSH server may fail to start shell when chroot is configured, but not possible (e.g. due to group writeable permissions
to chroot directory).
Some environments require specific permissions (e.g. 755) to files like .profile or .bashrc.
SFTP server.
Your account may not be able to start SFTP server binary (e.g. /bin/sftp-server) or the binary is not present on your server.
Your SSH server may also lack the SFTP subsystem.
SSH server:
Your SSH server, particularly OpenSSH, may not be able to access the server key files, due to an incorrect permissions.
psql mydb yields:
psql: could not connect to server: Permission denied
Is the server running locally and accepting
connections on Unix domain socket "/var/pgsql_socket/.s.PGSQL.5432"?
psql -h localhost mydb works just fine. pg_hba.conf looks like:
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
What up?
I had the exact same thing happen to me, presumably due to the conflicting version of psql (one from Lion, one from homebrew). While I still haven't been able to figure out how to make psql use the /tmp socket directory, I do have a work around.
Put the following in your .bashrc (or .zshrc, etc):
export PGHOST=/tmp
This sets the correct "host" back to the correct socket directory, without having to supply the -h flag
Probably psql and the server use a different location for the unix-domain socket.
( /var/pgsql_socket/ is a strange location) This can happen if you are mixing binaries from different packages.
Try to locate the socket ( /tmp/ is a good place to start) You can force psql to use a different directory by misusing the -h option:
psql -h /tmp/
It appears to be a reported defect.
This happened to me on OS X, and the problem was that /usr/bin/psql is what I was using, but postmaster was running from /Library/PostgreSQL/9.0. Using /Library/PostgreSQL/9.0/bin/psql (getting that into my PATH before all else) fixed the problem.
As other answers addressed other alternatives, I guess I could provide something about Mac OS X Server on Lion. I run into very similar issue - in my case even -h localhost didn't work as networking was disabled in PostregSQL which is by the way in many cases very good idea. The thing with Mac OS X Server is that it launches PostgreSQL server via launchd.
Some hints as you go around:
serveradmin service: postgres
launchd configuration file: /System/Library/LaunchDaemons/org.postgresql.postgres.plist
database folder: /var/pgsql
socket folder: /var/pgsql_socket
That configuration file overrides several configuration directives that can be found in postgresql.conf under database folder. Especially these two:
unix_socket_group
unix_socket_permissions
You can find that _postgres account is used to run the server and everything is also accessible if active user is member of _postgres group.
By running dscl . -read /Groups/_postgres GroupMembership you can see that by default that group has these members: _devicemgr _calendar _teamsserver _www
I guess you have two options. Add yourself to _postgres group or change launchd configuration plist file. The later is just plain text editing... But beware of security, because this way you'll be opening Server to whatever meets criteria you change (see the last paragraph).
The former can be done either via Server.app or via dscl command-line utility. The first option probably doesn't need anything to be added. Just make sure that you can see System Accounts (View -> Hide/Show System Accounts). I'm kind of CLI junkie so this should add your user to _postgres group:
sudo dscl . -append /Groups/_postgres GroupMembership $USER
Of course you should be careful what you run under your account then because you're giving access to you Mac OS X Server database back-end. So either secure you _postgres account or create separate user to manipulate your database or don't save anything private there.