Xpra: Ticket #1476: proxy control socket permission error

Hi,

im trying to setup a working xpra proxy server. I followed https://xpra.org/trac/wiki/ProxyServer

im on 3x ubuntu 16.04 (proxyhost+targethost in docker containers and the client is a physical machine)

Xpra Version on all machines: v2.1-r15427

on the proxy server i start the proxy with:

xpra proxy :100 --bind-tcp=0.0.0.0:10050 --auth=multifile:filename=/xpra-auth --no-daemon -d all
cat xpra-auth
john|secretpassword|1000|1000|tcp:172.17.0.3:10000|EXAMPLE_ENV=VALUE|compression=0
cat /etc/passwd
....
nvidia-persistenced:x:106:109:NVIDIA Persistence Daemon,,,:/:/sbin/nologin
john:x:1000:1000:,,,:/home/john:/bin/bash

on the targethost

xpra start :11 --bind-tcp=0.0.0.0:10000 --no-clipboard --no-pulseaudio --start-child="glxgears" --exit-with-child --no-printing --no-speaker --no-cursors --dbus-control=no --dbus-proxy=no --use-display --no-daemon

and on the client host

xpra attach --username=john --password-file=/password.txt tcp:i31forhlr4:10050
cat password.txt
secretpassword

on the proxyhost i will get the following error:

2017-03-28 08:33:52,106 proxy video encoders:
2017-03-28 08:33:52,106 new proxy instance started
2017-03-28 08:33:52,106  for client tcp socket: 172.17.0.4:10050 <- 141.3.42.171:42458
2017-03-28 08:33:52,106  and server tcp socket: 172.17.0.4:58640 <- 172.17.0.3:10000
2017-03-28 08:33:52,107 Error: failed to setup control socket '/root/.xpra/xpra-proxy-proxy-2398':
2017-03-28 08:33:52,107  [Errno 13] Permission denied

on proxytarget i get

New tcp connection received from 172.17.0.4:58642

Any ideas how to trace the problem? Which debug flag should i enable?

Greets from Germany



Tue, 28 Mar 2017 11:53:52 GMT - Antoine Martin: owner changed

Looks like the proxy instance tries to create its socket in /root/.xpra/xpra-proxy-proxy-$PID, which it will not be able to do since it will be running as uid=1000, gid=1000.

I am not seeing the problem here running Fedora. If you can still reproduce the problem with the latest beta builds, please attach the "-d proxy" output from the proxy server process. Also attach the xpra showconfig | egrep "bind|socket-dir" output, running it as the same user that executes the proxy server (root in your case).

A potential workaround would be to start the proxy server with "--socket-dirs=/tmp/" since that path is normally accessible to all users, but this would be less than ideal: you would then need to specify this socket path with other commands or make the setting permanent.


Tue, 28 Mar 2017 12:54:04 GMT - B:

Hi,

now it looks good, except that xpra is not creating the /home/$USER/.xpra dir and it throws the an error.

I have created the directory by hand, now it looks good. Maybe you can add the dir creation in python, so theres no need to do it by hand...

thanks and greets


Wed, 29 Mar 2017 05:21:34 GMT - Antoine Martin:

it throws an error.

Please always specify the full error message - I assume that you are using the changes from comment:1 and not the "socket-dirs=/tmp/" workaround?

r15443 should fix that, new beta Ubuntu 16.04 builds posted.


Wed, 29 Mar 2017 08:38:37 GMT - B: status changed; resolution set

Your assuming was right and your fix works like a charm.

Thank you very much

greets


Fri, 14 Jul 2017 17:55:11 GMT - Antoine Martin: summary changed

(editing ticket title)


Sat, 23 Jan 2021 05:25:19 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1476