Unable to start unless root

A Former User

What is the issue anyway to run nodeBB as root?

It shouldn't be any kind of vulnerability.
As long as you have the general security standards applied (ClamAV, SSH Port changed, direct root login disabled, 32 digit password for Redis) you have nothing to worry about.

Except you have HTML code enabled for your forum. The warning regards it isn't there just for fun. Trust me.

adriangb

I was under the impression that running it as root was a bad idea. It's the only thing on the server so I do agree it shouldn't be that big of a deal. I'm not sure which of those security settings are implemented, but I'll check and try to get them all in. HTML in Markdown settings is disabled, is this what you were referring to?

A Former User

Yep.

However, you have created a password for Redis?
If not, do you want a few instructions?

adriangb

I don't think I have. If you don't mind, please do show me how.

A Former User

The commands below might vary from OS to OS. However, I will show them for Ubuntu Server.

1.Set up a Redis Server password:
First thing you want to do is to open the redis.conf in /etc/redis.
Search for this line:
# requirepass foobared

And uncomment it, just like replace the password with yours, e.g.:
requirepass MyPassword123

Now simply enter:
service redis restart

Lastly you want to edit the config.json file in your nodeBB installation directory, where you insert it as well. Restart nodeBB to be sure the changes have been fully applied.

Next we want to disable the direct root login.
You may ask why. Imagine this scenario:
Someone manages to access your server. But not only with basic permissions. Now he can do whatever he likes...

So we do not want that.

First step is to create a user by using:
useradd YOURUSER
and afterwards
passwd YOURUSER

Set a password you like.
Now open /etc/ssh/sshd_config and check for a line like this:
Port 22

Change it to something random and unused on your server. This sort of "custom" number is also a little extra to add slight security. Be sure to connect to your chosen port then, instead of 22 as before.
Afterwards go to
#PermitRootLogin no

and uncomment it.
Now restart SSH, by using
service sshd restart

To login in as root again, either use sudo su and entering your users password or su -.
I only showed you what is possible without extra software, if you want to have a look at Fail2Ban & ClamAV.

Bri

@adriangb said:

As in have I ever? Yes, it's the only way I can get it to start. But it's not a file permission issue I think.

Can you run anything on nodejs as a non-root user? it might be how you installed node...

adriangb

@AOKP Thanks so much. I was able to do both, and I don't think I'll need the AV software. This is a small private forum for <200 users with no real valuable (personal) info, just stuff that we don't want to be on Facebook and whatnot, so I doubt the added security is worth the trouble.

The only issue I had was with the service commands to restart the services, both fail with the same error: "Failed to restart xxxx.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files". I believe this may be because that verbage is for Upstart, and since I'm using Ubuntu 15.04 I should be using systemd? In fact, that's the next thing I wanted to fix with my forum, getting a reliable autostart/autorestart solution going. I tried to configure systemd but it won't work.

Here's what currently happens after booting the server and running nodebb log (no other commands):

29/6 01:42 [1006] - info: Time: Mon Jun 29 2015 01:42:44 GMT-0400 (EDT)
29/6 01:42 [1006] - info: Initializing NodeBB v0.7.0
29/6 01:42 [1006] - error: Error: Redis connection to 127.0.0.1:6379 failed - co nnect ECONNREFUSED
at RedisClient.on_error (/home/campadmin/nodebb/node_modules/redis/index.js: 185:24)
at Socket.<anonymous> (/home/campadmin/nodebb/node_modules/redis/index.js:95 :14)
at Socket.EventEmitter.emit (events.js:95:17)
at net.js:441:14
at process._tickCallback (node.js:415:13)
3 restarts in 10 seconds, most likely an error on startup. Halting.

And if I run campadmin@camp-friendship:~/nodebb$ ./nodebb start
I get:

Starting NodeBB
"./nodebb stop" to stop the NodeBB server
"./nodebb log" to view server output
campadmin@camp-friendship:~/nodebb$ ./nodebb log
NodeBB v0.7.0 Copyright (C) 2013-2014 NodeBB Inc.
Clustering enabled: Spinning up 1 process(es).
29/6 01:43 [781] - info: Time: Mon Jun 29 2015 01:43:42 GMT-0400 (EDT)
29/6 01:43 [781] - info: Initializing NodeBB v0.7.0
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-calendar] This plugin may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-calendar] In the event of an unr esponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb-plugin -calendar".
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-soundpack-default] This plugin m ay not be compatible with your version of NodeBB. This may cause unintended beha viour or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-soundpack-default] In the event of an unresponsive NodeBB caused by this plugin, run ./nodebb reset plugin="node bb-plugin-soundpack-default".
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-assign-newuser-to-group] This pl ugin may not be compatible with your version of NodeBB. This may cause unintende d behaviour or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-assign-newuser-to-group] In the event of an unresponsive NodeBB caused by this plugin, run ./nodebb reset plugin ="nodebb-plugin-assign-newuser-to-group".
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-dbsearch] This plugin may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-dbsearch] In the event of an unr esponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb-plugin -dbsearch".
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-mentions] This plugin may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-mentions] In the event of an unr esponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb-plugin -mentions".
29/6 01:43 [781] - warn: [plugins/nodebb-widget-essentials] This plugin may not be compatible with your version of NodeBB. This may cause unintended behaviour o r crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-widget-essentials] In the event of an u nresponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb-widg et-essentials".
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-buttons-galore] This plugin may not be compatible with your version of NodeBB. This may cause unintended behavio ur or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-buttons-galore] In the event of an unresponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb- plugin-buttons-galore".
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-markdown] This plugin may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-markdown] In the event of an unr esponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb-plugin -markdown".
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-emoji-extended] This plugin may not be compatible with your version of NodeBB. This may cause unintended behavio ur or crashing.
29/6 01:43 [781] - warn: [plugins/nodebb-plugin-emoji-extended] In the event of an unresponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb- plugin-emoji-extended".
29/6 01:43 [781] - warn: [plugins/nodebb-theme-persona] This plugin may not be c ompatible with your version of NodeBB. This may cause unintended behaviour or cr ashing.
29/6 01:43 [781] - warn: [plugins/nodebb-theme-persona] In the event of an unres ponsive NodeBB caused by this plugin, run ./nodebb reset plugin="nodebb-theme-pe rsona".
29/6 01:43 [781] - warn: [plugins.reload] Library not found for plugin: nodebb-t heme-persona
29/6 01:43 [781] - info: NodeBB Ready
29/6 01:43 [781] - info: Enabling 'trust proxy'
29/6 01:43 [781] - info: NodeBB is now listening on: 0.0.0.0:3000

adriangb

@BDHarrington7 said:

Can you run anything on nodejs as a non-root user? it might be how you installed node...

You'll have to give me a little more detail on how to test this or fix it, since I'm not 100% sure what you mean. I followed the Wiki's guide for Ubuntu Server I believe.

And can someone give me 3 reputation points please? I have a 10 minute limit between posts, and with my lack of knowledge, I won't be able to help people enough to actually earn them anytime soon haha.

Bri

have you experienced something like this: http://stackoverflow.com/questions/16151018/npm-throws-error-without-sudo

I wish I could remember the steps that caused the same issue where I couldn't run things on node unless I was root, I'm sure somewhere along the way I tried to fix it by changing permissions (which isn't something you should have to do unless you really know what you're doing). In the end I re-installed node and npm making sure I did not use sudo

adriangb

@Ali said:

@julian @psychobunny help.

I was able to start it as non root by:

1. creating an iptables route from 80 to 3000

2. changing my nodebb config to start from 3000

3. reapplying permissions (some files had become root because it had been started as root)

4. is done by:
   sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
   apt-get install iptables-persistent

It'll ask you to save your current rules, say yes.

2. edit your config.json
3. chown, chmod

adriangb

@BDHarrington7 said:

have you experienced something like this: http://stackoverflow.com/questions/16151018/npm-throws-error-without-sudo

I wish I could remember the steps that caused the same issue where I couldn't run things on node unless I was root, I'm sure somewhere along the way I tried to fix it by changing permissions (which isn't something you should have to do unless you really know what you're doing). In the end I re-installed node and npm making sure I did not use sudo

No I don't think so. I think the problem was that node wasn't being allowed to bind to port 80. I solved it by binding to 3000 and redirecting via iptables. I can now start it without root

Ali

It didn't fix @adriangb can't even ls -l in forum now.

adriangb

You mean like use the ls command from the command prompt? What do you mean by "in forum"?

Ali

Yes ls command, in Forum directory.

adriangb

Maybe you made the director y belong to root or something?

Ali

I don't know? Can you post detailed chown and chmod codes here please?

Bri

@Ali it would probably just be easier to blow away your NodeBB folder and re-clone, than trying to get the permissions right. You're just working on a development environment, right?

julian

As others have mentioned, you'll need to reset the owner of all files in the NodeBB folder.

Keep in mind if any files are owned by root, you need to be the root user to change ownership!

So that said:

$ su   # to get to root
$ cd /path/to/nodebb
$ ./nodebb stop
$ chown -R ali:ali .   # change ownership to the "ali" user, for the current directory and all files/directories inside of it
$ logout   # To get back to the regular unprivileged user

Change ali as necessary.