I’m trying this on Ubuntu 22.04 Rust’s cargo install seems to keep creating permission problems between what I have to install, compile and what gets published in the cargo “registry”, which causes issues at runtime when I run as lemmy:lemmy through systemctl.

If I run: cargo install lemmy_server --target-dir /usr/bin/ --locked --features embed-pictrs as a non-root user, I get permission denied issues with /usr/bin/.future-incompat-report.json and /usr/bin/release

If I run the build as a root user, and then manually copy the binaries to /usr/bin and chmod them to lemmy:lemmy, then try to run as lemmy:lemmy, it appears the binary is trying to access some “registry” files in /root/.cargo/registry (for which of course it does not have permissions.)

How do I fix this?

You are viewing a single thread.
View all comments View context
0 points

Thanks @RoundSparrow

I am able to bring things up and I can create an admin user by visiting the /setup URL.

Problem is, after I create my admin user, the /setup URL appears to still be active.

Is there some step I am missing to disable this /setup page after I have created my admin user?

permalink
report
parent
reply
0 points

There are security/data-exposure issues with this that I raised on Github… https://github.com/LemmyNet/lemmy/issues/3060 (I’m RocketDerp)

My testing shows that visiting /setup on Lemmy isn’t restricted. it behaves differently if you are logged-in or not logged-in. If not logged-in, it presents a form to create an admin user. If logged-in (even as a normal non-admin user) it shows the site configuration.

Since /setup has to be accessible to someone not logged-in, the whole design is a race condition for some script-kiddie to admin-create wen installing on a public remote server. The admin accounts should probably be managed from Linux shell and not from lemmy-ui

permalink
report
parent
reply
0 points

Ok, thanks for confirming that I am not entirely insane.

1 - I visited other lemmy instances and saw that the /setup URL was still accessible.

That seems like a huge bug / security issue.

2 - How did you configure and daemonize pictrs?

I don’t want to run that as root, so I ended up creating a pictrsxx user

And a systemd service that runs as that user.

/etc/systemd/system/lemmy-pictrsxx.service

Which makes me wonder, what is the purpose of this “embed-pictrs” option.

cargo install lemmy_server --target-dir /usr/bin/ --locked --features embed-pictrs

3 - email

Still can’t get smtp to work.

permalink
report
parent
reply
0 points

Which makes me wonder, what is the purpose of this “embed-pictrs” option.

It probably does something to the code to enable the hand-off of the pictures, but doesn’t actually setup everything automatically. Not sure, just guessing.

permalink
report
parent
reply

Lemmy Support

!lemmy_support@lemmy.ml

Create post

Support / questions about Lemmy.

Matrix Space: #lemmy-space

Community stats

  • 138

    Monthly active users

  • 1.2K

    Posts

  • 5.7K

    Comments

Community moderators