Problem In Using Sudo And Bash Compeletion

P

prayger

New Member
Jul 13, 2019
5
0
1
36
Hello everyone,

I got an issue and here it is :

i have single node proxmox that is not part of any cluster.
i create a user and add it to sudoers and and also from webui added it and gave him Administrator role And correct path , i can use sudo to run every command and also pve commands like qm and vzdump without any problem.but the problem is here , when i'm using tab for command compeletion with sudo i get following error :

bash: compgen: warning: -C option may not work as you expect
ipcc_send_rec[1] failed: No such file or directory
ipcc_send_rec[2] failed: No such file or directory
ipcc_send_rec[3] failed: No such file or directory
please run as root
Click to expand...

and it just happens when using tab to complete commands like qm, for example qm list or qm start or vzdump but it doesn't happen with any other command like for example : cat /etc/shadow when using tab.

and when it happens i got following errors in syslog :

pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 systemd[1]: Starting Proxmox VE replication runner...
pmx01 systemd[1]: Started Proxmox VE replication runner.
Click to expand...

by the way , 1000 is the uid of that sudoer user.

I couldn't find any solution so i bring it up here in case that maybe someone comes up with a suggestion.

Thanks
 
Last edited:
First, why do you use such a complicated setup? What is the increased security by using an unix user (with PVE Administrator role) and setting up sudo without any password, because that what you need to get the bash completion to work with any program that needs root priviledges. I haven't tried it, but aliasing all applications with sudo should fix the completion, if not, you're on your own.
 
Thank you for your suggestions but unfortunately it couldn't help and it doesn't have any effect.
it is not complicated , i just want sudo users that i defined can run commands without any problem even they can use tab to complete commands.
thanks again.
 
Last edited:
You not likely not going to get an answer to this problem, I think you should abandon tab completion, as it's error prone. And focus what commands, via PVE API can run.
 
thanks for your suggestion but i don't get what you mean by "you should abandon tab completion, as it's error prone".
could you please explain how?
thank you
 
I am assuming that's a production server? PVE is designed to often go by CLI and modify things. Doesn't PVE API not offer the things you need?
 
Thanks but i don't want to use api i want sudoers directly login to node and run commands and do administration.
 
prayger said:
Thank you for your suggestions but unfortunately it couldn't help and it doesn't have any effect.
Click to expand...

Now I tried it myself and it does not work. I've never tried the completion and I really don't want to use it, it's so damn slow ... now that I used it.

I tried to investigate and failed to understand how it works in the first place. I'm only familiar with other forms of completion code that calls partially out, but not handle off all completion to another program.

I also tried to create a new program pct for a testuser that runs everything through sudo, also no luck.

I guess you have to find another solution.
 
For completion to work, someone has to write it, and place it in the right places. ORRRRRRRRRRRRRR, you can try ZSH that has a lot builtin commands. The goal here, don't touch CLI, 145 days up me never touching CLI except for general maintenance.
 
lhorace said:
For completion to work, someone has to write it, and place it in the right places.
Click to expand...

Completion does work, for "real" root. It's coded that way, so what should work does work from a PVE point of view. PVE is not programmed to be managed by a non-root user and I don't see why this should change.

lhorace said:
ORRRRRRRRRRRRRR, you can try ZSH that has a lot builtin commands.
Click to expand...

Not for the PVE tools and even if it were, it would also not work. If you look at how it is coded, it will generally not work for non-root users.
 
A quick comment from my side:
* The current implementation of the bash/zsh completion will not work for non root users. Why? As @LnxBil stated correctly we call the actual executable (perl) code with a parameter signaling that we are in a bash/zsh completion context. And to run this, you need to be root.
* Why do we do it this way? Well, it is true that this is not the most performant way, but it has several advantages. The completion is integrated within the code basis and automatically generated when building the packages. This guarantees that the completion and the CLI tools are always consistent without much additional work from our side. And it allows us to perform dynamic, context based completion.
* Could this be improved? Probably yes, especially the zsh completion system is really powerful http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-System
 
Chris said:
* The current implementation of the bash/zsh completion will not work for non root users. Why? As @LnxBil stated correctly we call the actual executable (perl) code with a parameter signaling that we are in a bash/zsh completion context. And to run this, you need to be root.
Click to expand...
Interestingly enough, I run zsh as non-root and root in the past for years without any problems, though it's not supported and I wouldn't recommend it. Nevertheless I've since migrated to sudo -E zsh.

LnxBil said:
Completion does work, for "real" root. It's coded that way, so what should work does work from a PVE point of view. PVE is not programmed to be managed by a non-root user and I don't see why this should change.
Click to expand...
That wasn't the point of my comment, the intent was to clarify for the most part, the completion is simple bash scripts and someone wrote it, not to explain why it doesn't work.
 
lhorace said:
Interestingly enough, I run zsh as non-root and root in the past for years without any problems, though it's not supported and I wouldn't recommend it. Nevertheless I've since migrated to sudo -E zsh.
Click to expand...
lhorace said:
You not likely not going to get an answer to this problem, I think you should abandon tab completion, as it's error prone. And focus what commands, via PVE API can run.
Click to expand...
Hmm, could it be that your zsh completion did not work correctly because of this?
Further, the PVE completion scripts for zsh were only introduced earlier this year, before that we did not offer them. If you encounter issues with that, please let us know in the forum or by opening a bug report.
 
lhorace said:
That wasn't the point of my comment, the intent was to clarify for the most part, the completion is simple bash scripts and someone wrote it, not to explain why it doesn't work.
Click to expand...

It's not bash, is written in perl. The bash completion part just calls out to the perl program and it does the "real" completion.
 
Hi everyone,
Thank you for your replies and participation in this topic.
now it makes sense and it' obvious that we can't do anything but changing the pve code .
it was good to know
thanks
 
Chris said:
Hmm, could it be that your zsh completion did not work correctly because of this?
Further, the PVE completion scripts for zsh were only introduced earlier this year, before that we did not offer them. If you encounter issues with that, please let us know in the forum or by opening a bug report.
Click to expand...
HI,

Would you please tell more about the zsh completion scripts in pve8.1? I am still having this problem in Dec 2023, thanks.
 

Attachments

  • 2023_12_17_21_50_15_1.jpg
    2023_12_17_21_50_15_1.jpg
    119.4 KB · Views: 4
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back