• Re: Fresh install error

    From NuSkooler@21:1/121 to Shitty on Mon Jan 15 21:24:29 2024

    Shitty around Tuesday, January 16th...
    That's what I thought, but I set permissions to 777 for the entire Mystic folder, and that didn't solve it.

    You can try loading it under strace to see what error(s) dump out



    --
    |08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
    |08 â–  |03xibalba|08.|03vip |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
    |08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
    --- ENiGMA 1/2 v0.0.14-beta (linux; x64; 18.18.2)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From Accession@21:1/200 to Shitty on Tue Jan 16 07:14:50 2024
    Hello Shitty,

    On Tue, 16 Jan 2024 04:33:46 -0500, you wrote:

    Error loading prelogin.mnu

    Could it be a permission problem?

    That's what I thought, but I set permissions to 777 for the entire
    Mystic folder, and that didn't solve it.

    Not so much 777 or chmod. Did you install as root and are now trying to login as a user? If you do "ls -alh" in the Mystic folder who are the files owned by, and what group?

    Also, when you run './mis -daemon' are you running it as root or with sudo? I believe you need to run it with sudo as the user you want the BBS to run under. Mystic will automatically bind to lower ports and then give permissions over to said user.

    Regards,
    Nick

    ... "Take my advice, I don't use it anyway."
    --- Claws Mail 4.2.0 (GTK 3.24.38; x86_64-w64-mingw32)
    * Origin: _thePharcyde distribution system (Wisconsin) (21:1/200.0)
  • From esc@21:4/173 to StackFault on Tue Jan 16 14:25:23 2024
    This way, MIS can be started with a regular user and still be able to
    bind to a low port, without root privilege.

    And it prevents a lot of odd problems, for example trying to run dos doors.

    --- Mystic BBS v1.12 A49 2023/02/26 (Linux/64)
    * Origin: m O N T E R E Y b B S . c O M (21:4/173)
  • From Accession@21:1/200 to NuSkooler on Tue Jan 16 16:53:10 2024
    Hello NuSkooler,

    On Tue, 16 Jan 2024 19:45:14 -0700, you wrote:

    It's permission dropping - what older (maybe current?) Apache does/did
    as well. It's certainly not a best practice, and has been known for many years.

    I know what it is, however, that's not what the discussion was about.

    Stack is right on both accounts. You can set the caps and not worry
    about security, or run as root and cross your fingers.

    I also agree, but him replying to me on how Linux servers should be started had nothing to do with the original poster's problem, or was geared to help the subject in any way whatsoever. It seemed more like a blatant attempt to try to tell others how to use Linux, and nothing to do with Mystic, permissions, or fixing the actual issue.

    See where I'm going with this?

    Regards,
    Nick

    ... "Take my advice, I don't use it anyway."
    --- Claws Mail 4.2.0 (GTK 3.24.38; x86_64-w64-mingw32)
    * Origin: _thePharcyde distribution system (Wisconsin) (21:1/200.0)
  • From Accession@21:1/200 to Shitty on Tue Jan 16 16:57:54 2024
    Hello Shitty,

    On Tue, 16 Jan 2024 22:22:30 -0500, you wrote:

    ogg, Accession, NuSkooler, thanks guys. I installed with sudo, and then
    I was locally logged in to Mystic while I was logged into sudo.

    Install it as the user you want to run it with, under /home/<user>/mystic. Probably the easiest way to keep permissions in check.

    The way I got this resolved was by installed mystic in a subfolder from
    my home folder. g00r00 said to do that in some documentation that I overlooked.

    This sounds a lot like what I said above. Looks like you're getting the hang of it. ;)

    I know it didn't used to be that way - because my old bbs is installed
    in /var/www. So something is weird about that folder issue to me, but at least the problem is solved.

    Your BBS was installed in /var/www? That's odd. You probably don't want your BBS installed where your web server resides. Some people create a user named "bbs" or "mystic", then install it to /home/bbs or /home/mystic. But if you don't want to have to switch users all the time to keep permissions correct, using your normal user is fine, too. I have mine installed as /home/<user>/mystic and all is good.

    Regards,
    Nick

    ... "Take my advice, I don't use it anyway."
    --- Claws Mail 4.2.0 (GTK 3.24.38; x86_64-w64-mingw32)
    * Origin: _thePharcyde distribution system (Wisconsin) (21:1/200.0)
  • From StackFault@21:1/172 to Accession on Tue Jan 16 20:29:37 2024
    MIS should not be run as root.

    Okay. Whatever. While opinions are like assholes, this is another topic completely. What I was asking him is if he DID run it as root (even just once) it would ruin his permissions if in the future he started running
    it as a regular user, or even using sudo.

    Sure, no issues, while I answered to you, it was not directed but just to pass the information.

    You should use setcap instead to provide the MIS binary the capability to bind to privileged port using this command:

    sudo setcap 'cap_net_bind_service=+ep' /path/to/mis

    This way, MIS can be started with a regular user and still be able to bind to a low port, without root privilege.

    Thank you, Mr. Linux Guru.

    ...and all I was trying to say is even if you use sudo to start MIS, it binds to the low ports and passes permissions off to the user that used sudo immediately after. It was done on purpose by the developer himself. You can take it up with him if you want to argue about what should and shouldn't be done. *shrug*

    Well, again, not personal.

    To be fair, Synchronet also does this. And it seems so does just about anything that uses systemd if you use the USER and GROUP keywords in
    your .service file. So you may as well tell all those people how they should do it, too. ;)

    Well, I guess you took it to heart.

    Cheers!

    |15 ß Þ |15StackFault |08<|03.|11.|15P|11h|03EN|11o|15M|11.|03.|08>
    |11 Ý ß |11The Bottomless Abyss BBS
    |03 ß Ýß |03ssh|08.|072222 |08/ |03telnet|08.|072023 |08/ |03https
    |08 ÜþÞ |08bbs|07.|08bottomlessabyss|07.|08net

    ... As a matter of fact, it IS a banana in my pocket!

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (21:1/172)
  • From StackFault@21:1/172 to niter3 on Tue Jan 16 20:30:29 2024
    You should use setcap instead to provide the MIS binary the capabilit to bind to privileged port using this command:

    This is the way... :>

    Otherwise when setting up your port forward, redirect it to a high port
    of something like 2023.

    This is another good way, set it to a high port on the server then NAT from a low port on your firewall or router.

    Either way works.

    Cheers!

    |15 ß Þ |15StackFault |08<|03.|11.|15P|11h|03EN|11o|15M|11.|03.|08>
    |11 Ý ß |11The Bottomless Abyss BBS
    |03 ß Ýß |03ssh|08.|072222 |08/ |03telnet|08.|072023 |08/ |03https
    |08 ÜþÞ |08bbs|07.|08bottomlessabyss|07.|08net

    ... A Meteor is an example of a rock star.

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (21:1/172)
  • From StackFault@21:1/172 to Shitty on Tue Jan 16 20:32:21 2024
    You should not set 777 to files except in some rare occasions.

    Regular files should be 644 and directory 755 (depending on the need, you may have to tweak this on a case by case basis).

    Thanks for that tip! I felt like it was mistake but at the time I was
    just trying everything.

    No worries. The strace tip is also a very good way to understand what it happening under the hood with the syscalls.

    Happy t-shooting!

    Cheers!

    |15 ß Þ |15StackFault |08<|03.|11.|15P|11h|03EN|11o|15M|11.|03.|08>
    |11 Ý ß |11The Bottomless Abyss BBS
    |03 ß Ýß |03ssh|08.|072222 |08/ |03telnet|08.|072023 |08/ |03https
    |08 ÜþÞ |08bbs|07.|08bottomlessabyss|07.|08net

    ... There is an exception to every rule, except this one.

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (21:1/172)
  • From StackFault@21:1/172 to esc on Tue Jan 16 20:34:40 2024
    This way, MIS can be started with a regular user and still be able to bind to a low port, without root privilege.

    And it prevents a lot of odd problems, for example trying to run dos doors.

    I've never tried running it as root so I guess I never experimented these issues.

    Accession did mention something interesting which I didn't know and need to go validate, apparently MIS drops root privileges after bind, I need to check this out.

    Cheers!

    |15 ß Þ |15StackFault |08<|03.|11.|15P|11h|03EN|11o|15M|11.|03.|08>
    |11 Ý ß |11The Bottomless Abyss BBS
    |03 ß Ýß |03ssh|08.|072222 |08/ |03telnet|08.|072023 |08/ |03https
    |08 ÜþÞ |08bbs|07.|08bottomlessabyss|07.|08net

    ... "No comment" is a comment.

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (21:1/172)
  • From StackFault@21:1/172 to Shitty on Tue Jan 16 14:35:35 2024
    That's what I thought, but I set permissions to 777 for the entire Mystic folder, and that didn't solve it.

    You should not set 777 to files except in some rare occasions.

    Regular files should be 644 and directory 755 (depending on the need, you may have to tweak this on a case by case basis).

    Making every file writable/executable by anyone can result in other problems and is really not needed.

    Cheers!

    |15 ß Þ |15StackFault |08<|03.|11.|15P|11h|03EN|11o|15M|11.|03.|08>
    |11 Ý ß |11The Bottomless Abyss BBS
    |03 ß Ýß |03ssh|08.|072222 |08/ |03telnet|08.|072023 |08/ |03https
    |08 ÜþÞ |08bbs|07.|08bottomlessabyss|07.|08net

    ... A social life? Where can I download that!?

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (21:1/172)
  • From StackFault@21:1/172 to Accession on Tue Jan 16 14:40:20 2024
    Also, when you run './mis -daemon' are you running it as root or with sudo? I believe you need to run it with sudo as the user you want the

    MIS should not be run as root.

    You should use setcap instead to provide the MIS binary the capability to bind to privileged port using this command:

    sudo setcap 'cap_net_bind_service=+ep' /path/to/mis

    This way, MIS can be started with a regular user and still be able to bind to a low port, without root privilege.

    Cheers!

    |15 ß Þ |15StackFault |08<|03.|11.|15P|11h|03EN|11o|15M|11.|03.|08>
    |11 Ý ß |11The Bottomless Abyss BBS
    |03 ß Ýß |03ssh|08.|072222 |08/ |03telnet|08.|072023 |08/ |03https
    |08 ÜþÞ |08bbs|07.|08bottomlessabyss|07.|08net

    ... They say there's always one weirdo on the bus, but I couldn't find them!

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (21:1/172)
  • From Accession@21:1/200 to StackFault on Tue Jan 16 13:53:36 2024
    Hello StackFault,

    On Tue, 16 Jan 2024 20:40:20 -0500, you wrote:

    MIS should not be run as root.

    Okay. Whatever. While opinions are like assholes, this is another topic completely. What I was asking him is if he DID run it as root (even just once) it would ruin his permissions if in the future he started running it as a regular user, or even using sudo.

    You should use setcap instead to provide the MIS binary the capability
    to bind to privileged port using this command:

    sudo setcap 'cap_net_bind_service=+ep' /path/to/mis

    This way, MIS can be started with a regular user and still be able to
    bind to a low port, without root privilege.

    Thank you, Mr. Linux Guru.

    ...and all I was trying to say is even if you use sudo to start MIS, it binds to the low ports and passes permissions off to the user that used sudo immediately after. It was done on purpose by the developer himself. You can take it up with him if you want to argue about what should and shouldn't be done. *shrug*

    To be fair, Synchronet also does this. And it seems so does just about anything that uses systemd if you use the USER and GROUP keywords in your .service file. So you may as well tell all those people how they should do it, too. ;)

    Regards,
    Nick

    ... "Take my advice, I don't use it anyway."
    --- Claws Mail 4.2.0 (GTK 3.24.38; x86_64-w64-mingw32)
    * Origin: _thePharcyde distribution system (Wisconsin) (21:1/200.0)
  • From NuSkooler@21:1/121 to Accession on Tue Jan 16 13:45:14 2024

    On Tuesday, January 16th Accession said...
    sudo immediately after. It was done on purpose by the developer himself. You can take it up with him if you want to argue about what should and shouldn't be done. *shrug*

    It's permission dropping - what older (maybe current?) Apache does/did as well. It's certainly not a best practice, and has been known for many years.

    Stack is right on both accounts. You can set the caps and not worry about security, or run as root and cross your fingers.

    --
    |08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
    |08 â–  |03xibalba|08.|03vip |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
    |08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
    --- ENiGMA 1/2 v0.0.14-beta (linux; x64; 18.18.2)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From niter3@21:1/199 to StackFault on Tue Jan 16 16:04:04 2024
    You should use setcap instead to provide the MIS binary the capability
    to bind to privileged port using this command:

    This is the way... :>

    Otherwise when setting up your port forward, redirect it to a high port of something like 2023.

    ... System halted - Press all keys at once to continue

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: Clutch BBS * telnet://clutchbbs.com (21:1/199)
  • From Shitty@21:4/177 to Accession on Tue Jan 16 16:22:30 2024
    Error loading prelogin.mnu

    Could it be a permission problem?

    That's what I thought, but I set permissions to 777 for the entire Mystic folder, and that didn't solve it.

    Not so much 777 or chmod. Did you install as root and are now trying to login as a user? If you do "ls -alh" in the Mystic folder who are the files owned by, and what group?

    Also, when you run './mis -daemon' are you running it as root or with sudo? I believe you need to run it with sudo as the user you want the
    BBS to run under. Mystic will automatically bind to lower ports and then give permissions over to said user.

    ogg, Accession, NuSkooler, thanks guys. I installed with sudo, and then I was locally logged in to Mystic while I was logged into sudo.

    The way I got this resolved was by installed mystic in a subfolder from my home folder. g00r00 said to do that in some documentation that I overlooked.

    I know it didn't used to be that way - because my old bbs is installed in /var/www. So something is weird about that folder issue to me, but at least the problem is solved.

    --- Mystic BBS v1.12 A49 2023/02/26 (Linux/64)
    * Origin: alcoholidaybbs.com / Est. 1995 / Columbia, SC (21:4/177)
  • From Shitty@21:4/177 to StackFault on Tue Jan 16 16:30:35 2024
    That's what I thought, but I set permissions to 777 for the entire My folder, and that didn't solve it.

    You should not set 777 to files except in some rare occasions.

    Regular files should be 644 and directory 755 (depending on the need,
    you may have to tweak this on a case by case basis).

    Thanks for that tip! I felt like it was mistake but at the time I was just trying everything.

    --- Mystic BBS v1.12 A49 2023/02/26 (Linux/64)
    * Origin: alcoholidaybbs.com / Est. 1995 / Columbia, SC (21:4/177)
  • From esc@21:4/173 to StackFault on Wed Jan 17 04:22:05 2024
    Accession did mention something interesting which I didn't know and need to go validate, apparently MIS drops root privileges after bind, I need
    to check this out.

    It does, but it's not a silver bullet. Some issues remain.

    For example, if you try running a dos door, you'll get an error about how /root/.dosemu doesn't exist (in spite of allegedly running as a non-root user). So I don't think it's smart to run with sudo or anything as there are gremlins here and there.

    --- Mystic BBS v1.12 A49 2023/02/26 (Linux/64)
    * Origin: m O N T E R E Y b B S . c O M (21:4/173)
  • From StackFault@21:1/172 to esc on Wed Jan 17 11:49:52 2024
    Accession did mention something interesting which I didn't know and n to go validate, apparently MIS drops root privileges after bind, I ne to check this out.

    It does, but it's not a silver bullet. Some issues remain.

    For example, if you try running a dos door, you'll get an error about how /root/.dosemu doesn't exist (in spite of allegedly running as a non-root user). So I don't think it's smart to run with sudo or anything as there are gremlins here and there.

    Very interesting. I'd never do that myself but having the additional details is quite interesting.

    Thanks for sharing this.

    Cheers!

    |15 ß Þ |15StackFault |08<|03.|11.|15P|11h|03EN|11o|15M|11.|03.|08>
    |11 Ý ß |11The Bottomless Abyss BBS
    |03 ß Ýß |03ssh|08.|072222 |08/ |03telnet|08.|072023 |08/ |03https
    |08 ÜþÞ |08bbs|07.|08bottomlessabyss|07.|08net

    ... What do you mean, QWK? It took me over an hour to read!

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net (21:1/172)