Running Greengrass-cli from gg component, not authorized, while same user context mannually works.

0

Hello, when I run greengrass-cli under a certain account, it works.

When I do the same using a bash shell from a gg component having the same account context, it does not work. (Note I use sudo -u [account] -S for that)

But I get this error...

Not able to find auth information in directory: /greengrass/v2/cli_ipc_info. 
Please run CLI as authorized user or group

the given directory does have a file named user-0 having a valid token!

Thanks for any insights!

enierop
asked 2 years ago460 views
4 Answers
0

@aws dudes @Greg_B I consider this a either a bug or a non documentation issue. I must issue below line after each machine reboot in order to be able to shell to a greengrass-cli command.

Please let me know how to deal with this issue. By default, user-0 is root:root owned which thus does not allow us to configure a normal system account for having these priviliges.

sudo chown myaccount /greengrass/v2/cli_ipc_info/user-0

enierop
answered 2 years ago
0

I'm having a similar issue where I'm not able to use the Greengrass cli. Every time I get a:

Caused by: java.io.IOException: Not able to find auth information in directory: /greengrass/v2/cli_ipc_info. Please run CLI as authorized user or group.

I've been looking everywhere but I can't seem to find a feasible answer for this issue. I tried doing the following:

  • Set the GGC_ROOT_PATH environment variable to /greengrass/v2.
  • Add the --ggcRootPath /greengrass/v2 argument to your command as shown in the following example.

As recommended by AWS documentation (https://docs.aws.amazon.com/greengrass/v2/developerguide/gg-cli-reference.html) but I get nowhere.

Any help would be appreciated!

Ed
answered a year ago
  • did you do what i suggested in the post? Not sure if greengrass finally fixed the issue. the file simply should not be owned by root.

  • You refer to change the ownership of the user-0?

    I did change it with sudo chown myacct:myacct /greengrass/v2/cli_ipc_info/user-0. This was successful

    Although if I restart my raspberry pi, it seems that it goes back to the root:root ownership. Therefore being only temporary. Would there be a more permanent solution?

0

Hi enierop. Did you follow the authorization steps that shagupta-aws outlined previously?

https://repost.aws/questions/QUeNKJRdvURiS-apWswZN9Kw/running-greengrass-cli-from-a-greengrass-component-whats-going-on-here#ANFgT7dmEvRb6MVuBE2f6TLA

I tried to re-create your problem, but actually I couldn't make a situation in which the Greengrass CLI gave the error you mentioned. I made a new myadmin system user on my core device and used sudo -u myadmin -s inside a bash script called from the component recipe, but still the call in the script worked fine. Can you perhaps share a bit more about your recipe and code?

profile pictureAWS
EXPERT
Greg_B
answered 2 years ago
0

Hi Thank you for trying. I have more info. if you do ls -la on the folder /greengrass/v2/cli_ipc_info you will see, it is owned by root:root

If I sudo to myaccount, who is in fact already member of sudoers, the linux behavior is, now you run as myaccount but for root access, you need to use sudo.

ls -la cli_ipc_info total 12 drwxr-xr-x 2 root root 4096 May 31 22:42 . drwxr-xr-x 12 root root 4096 May 31 22:42 .. -rw------- 1 root root 86 May 31 22:42 user-0

So, I need sudo TWICE. Which is a weird solution, or su and sudo. I need cli_ipc_info to be able to be read by my account directly. Otherwise, I get the IPC communication exception complaining that maccount, has no rights to read cli_ipc_info

enierop
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions