I’m trying this on Ubuntu 22.04 Rust’s cargo install seems to keep creating permission problems between what I have to install, compile and what gets published in the cargo “registry”, which causes issues at runtime when I run as lemmy:lemmy through systemctl.

If I run: cargo install lemmy_server --target-dir /usr/bin/ --locked --features embed-pictrs as a non-root user, I get permission denied issues with /usr/bin/.future-incompat-report.json and /usr/bin/release

If I run the build as a root user, and then manually copy the binaries to /usr/bin and chmod them to lemmy:lemmy, then try to run as lemmy:lemmy, it appears the binary is trying to access some “registry” files in /root/.cargo/registry (for which of course it does not have permissions.)

How do I fix this?

    • RoundSparrow@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Oops. I was running some test code that IIRC set the bot field (it was code for creating a bot) on my own login. I just changed it. Thanks for letting me know.

      • KIM_JONG_JUICEBOX@lemmy.mlOP
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Well, you are the only person really responding to me here with helpful information.

        So if you are a bot, I welcome our new robot overlords.

        I’m still trying to get the lemmy-ui installed. I’ll check your links. Looks like they updated the join-lemmy.org page.

        I owe you a beer, or a pint of 10w-40.

        • RoundSparrow@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          ha.

          I didn’t have much trouble with lemmu-ui, I ended up following instructions that put it at /var/lib/lemmy-ui on Ubuntu 22.04 server.

          I already had nginx running for a different domain name on that server, so that confused me for a while. As the SSL certification instructions assume you have an empty nginx server, it won’t prompt you for domain names if you already have some defined. Once I figured that out, the instructions worked fine.

          1. I moved all my live site config files out of /etc/nginx/sites-enabled

          2. ran the certbot certonly --nginx command from the 'From Scratch" instructions, which now prompted me for domain names interactively.

          3. put back my previous sites-enabled files I removed in step 1.

          4. Then the template in the ‘From Scratch’ instructions worked fine after the sed commands to modify it: https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx.conf

          Are you stuck on updating NodeJS on your server? I already had Node apps on my server, so I followed my standard setup for node. I’m running lemmy-ui on Node.js v19.4.0, I think it probably wold work on version 20.x too. My npm --version says 9.3.1 and my yarn --version says 1.22.19

          • KIM_JONG_JUICEBOX@lemmy.mlOP
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            Thanks @RoundSparrow

            I am able to bring things up and I can create an admin user by visiting the /setup URL.

            Problem is, after I create my admin user, the /setup URL appears to still be active.

            Is there some step I am missing to disable this /setup page after I have created my admin user?

            • RoundSparrow@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              1 year ago

              There are security/data-exposure issues with this that I raised on Github… https://github.com/LemmyNet/lemmy/issues/3060 (I’m RocketDerp)

              My testing shows that visiting /setup on Lemmy isn’t restricted. it behaves differently if you are logged-in or not logged-in. If not logged-in, it presents a form to create an admin user. If logged-in (even as a normal non-admin user) it shows the site configuration.

              Since /setup has to be accessible to someone not logged-in, the whole design is a race condition for some script-kiddie to admin-create wen installing on a public remote server. The admin accounts should probably be managed from Linux shell and not from lemmy-ui

              • KIM_JONG_JUICEBOX@lemmy.mlOP
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Ok, thanks for confirming that I am not entirely insane.

                1 - I visited other lemmy instances and saw that the /setup URL was still accessible.

                That seems like a huge bug / security issue.

                2 - How did you configure and daemonize pictrs?

                I don’t want to run that as root, so I ended up creating a pictrsxx user

                And a systemd service that runs as that user.

                /etc/systemd/system/lemmy-pictrsxx.service

                Which makes me wonder, what is the purpose of this “embed-pictrs” option.

                cargo install lemmy_server --target-dir /usr/bin/ --locked --features embed-pictrs

                3 - email

                Still can’t get smtp to work.

                • RoundSparrow@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Which makes me wonder, what is the purpose of this “embed-pictrs” option.

                  It probably does something to the code to enable the hand-off of the pictures, but doesn’t actually setup everything automatically. Not sure, just guessing.

                • RoundSparrow@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  That seems like a huge bug / security issue.

                  The developers did respond and basically said that the config can be derived by federation and other aspects, so they don’t consider it a significant security risk. It doesn’t seem to allow writing of changes unless an admin, so I guess it is what it is for now. It is mentioned on Github and in the forums now, so others can raise the issue if they thing it is serious.

                  I actually didn’t bother setting up email, I’m trying to hack on the code and get some of the database tuning done and I thought there needs to be some better way to sign-up and notify new users. But I can try to help you, I do know a lot about email. I’ll warn you that spam filters probably won’t like Lemmy instances, email is a battleground with hosting providers.

                  I didn’t setup images, did that really run as root? I thought it would have been running under the lemmy user account, but I I don’t know.

                  Don’t be afraid to ping me if you need help.

                  They have fixed some of the install issues based on our feedback, co new server setups won’t be as difficult. And I do want to try and edit the documentation on ‘from scratch’ for them to make it more consistent (the lemmy_server I think should also be done from git checkout on a ‘from scratch’ and a few other changes in toe docs).