Problem In Using Sudo And Bash Compeletion

prayger

New Member
Jul 13, 2019
5
0
1
36
Hello everyone,

I got an issue and here it is :

i have single node proxmox that is not part of any cluster.
i create a user and add it to sudoers and and also from webui added it and gave him Administrator role And correct path , i can use sudo to run every command and also pve commands like qm and vzdump without any problem.but the problem is here , when i'm using tab for command compeletion with sudo i get following error :

bash: compgen: warning: -C option may not work as you expect
ipcc_send_rec[1] failed: No such file or directory
ipcc_send_rec[2] failed: No such file or directory
ipcc_send_rec[3] failed: No such file or directory
please run as root

and it just happens when using tab to complete commands like qm, for example qm list or qm start or vzdump but it doesn't happen with any other command like for example : cat /etc/shadow when using tab.

and when it happens i got following errors in syslog :

pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 pmxcfs[1543]: [ipcs] crit: connection from bad user 1000! - rejected
pmx01 pmxcfs[1543]: [libqb] error: Error in connection setup (1543-2201-9): Unknown error -1 (-1)
pmx01 systemd[1]: Starting Proxmox VE replication runner...
pmx01 systemd[1]: Started Proxmox VE replication runner.

by the way , 1000 is the uid of that sudoer user.

I couldn't find any solution so i bring it up here in case that maybe someone comes up with a suggestion.

Thanks
 
Last edited:
First, why do you use such a complicated setup? What is the increased security by using an unix user (with PVE Administrator role) and setting up sudo without any password, because that what you need to get the bash completion to work with any program that needs root priviledges. I haven't tried it, but aliasing all applications with sudo should fix the completion, if not, you're on your own.
 
Thank you for your suggestions but unfortunately it couldn't help and it doesn't have any effect.
it is not complicated , i just want sudo users that i defined can run commands without any problem even they can use tab to complete commands.
thanks again.
 
Last edited:
You not likely not going to get an answer to this problem, I think you should abandon tab completion, as it's error prone. And focus what commands, via PVE API can run.
 
thanks for your suggestion but i don't get what you mean by "you should abandon tab completion, as it's error prone".
could you please explain how?
thank you
 
I am assuming that's a production server? PVE is designed to often go by CLI and modify things. Doesn't PVE API not offer the things you need?
 
Thanks but i don't want to use api i want sudoers directly login to node and run commands and do administration.
 
Thank you for your suggestions but unfortunately it couldn't help and it doesn't have any effect.

Now I tried it myself and it does not work. I've never tried the completion and I really don't want to use it, it's so damn slow ... now that I used it.

I tried to investigate and failed to understand how it works in the first place. I'm only familiar with other forms of completion code that calls partially out, but not handle off all completion to another program.

I also tried to create a new program pct for a testuser that runs everything through sudo, also no luck.

I guess you have to find another solution.
 
For completion to work, someone has to write it, and place it in the right places. ORRRRRRRRRRRRRR, you can try ZSH that has a lot builtin commands. The goal here, don't touch CLI, 145 days up me never touching CLI except for general maintenance.
 
For completion to work, someone has to write it, and place it in the right places.

Completion does work, for "real" root. It's coded that way, so what should work does work from a PVE point of view. PVE is not programmed to be managed by a non-root user and I don't see why this should change.

ORRRRRRRRRRRRRR, you can try ZSH that has a lot builtin commands.

Not for the PVE tools and even if it were, it would also not work. If you look at how it is coded, it will generally not work for non-root users.
 
A quick comment from my side:
* The current implementation of the bash/zsh completion will not work for non root users. Why? As @LnxBil stated correctly we call the actual executable (perl) code with a parameter signaling that we are in a bash/zsh completion context. And to run this, you need to be root.
* Why do we do it this way? Well, it is true that this is not the most performant way, but it has several advantages. The completion is integrated within the code basis and automatically generated when building the packages. This guarantees that the completion and the CLI tools are always consistent without much additional work from our side. And it allows us to perform dynamic, context based completion.
* Could this be improved? Probably yes, especially the zsh completion system is really powerful http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-System
 
* The current implementation of the bash/zsh completion will not work for non root users. Why? As @LnxBil stated correctly we call the actual executable (perl) code with a parameter signaling that we are in a bash/zsh completion context. And to run this, you need to be root.
Interestingly enough, I run zsh as non-root and root in the past for years without any problems, though it's not supported and I wouldn't recommend it. Nevertheless I've since migrated to sudo -E zsh.

Completion does work, for "real" root. It's coded that way, so what should work does work from a PVE point of view. PVE is not programmed to be managed by a non-root user and I don't see why this should change.
That wasn't the point of my comment, the intent was to clarify for the most part, the completion is simple bash scripts and someone wrote it, not to explain why it doesn't work.
 
Interestingly enough, I run zsh as non-root and root in the past for years without any problems, though it's not supported and I wouldn't recommend it. Nevertheless I've since migrated to sudo -E zsh.
You not likely not going to get an answer to this problem, I think you should abandon tab completion, as it's error prone. And focus what commands, via PVE API can run.
Hmm, could it be that your zsh completion did not work correctly because of this?
Further, the PVE completion scripts for zsh were only introduced earlier this year, before that we did not offer them. If you encounter issues with that, please let us know in the forum or by opening a bug report.
 
That wasn't the point of my comment, the intent was to clarify for the most part, the completion is simple bash scripts and someone wrote it, not to explain why it doesn't work.

It's not bash, is written in perl. The bash completion part just calls out to the perl program and it does the "real" completion.
 
Hi everyone,
Thank you for your replies and participation in this topic.
now it makes sense and it' obvious that we can't do anything but changing the pve code .
it was good to know
thanks
 
Hmm, could it be that your zsh completion did not work correctly because of this?
Further, the PVE completion scripts for zsh were only introduced earlier this year, before that we did not offer them. If you encounter issues with that, please let us know in the forum or by opening a bug report.
HI,

Would you please tell more about the zsh completion scripts in pve8.1? I am still having this problem in Dec 2023, thanks.
 

Attachments

  • 2023_12_17_21_50_15_1.jpg
    2023_12_17_21_50_15_1.jpg
    119.4 KB · Views: 3

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!