- Newest
- Most votes
- Most comments
@aws dudes @Greg_B I consider this a either a bug or a non documentation issue. I must issue below line after each machine reboot in order to be able to shell to a greengrass-cli command.
Please let me know how to deal with this issue. By default, user-0 is root:root owned which thus does not allow us to configure a normal system account for having these priviliges.
sudo chown myaccount /greengrass/v2/cli_ipc_info/user-0
I'm having a similar issue where I'm not able to use the Greengrass cli. Every time I get a:
Caused by: java.io.IOException: Not able to find auth information in directory: /greengrass/v2/cli_ipc_info. Please run CLI as authorized user or group.
I've been looking everywhere but I can't seem to find a feasible answer for this issue. I tried doing the following:
- Set the GGC_ROOT_PATH environment variable to /greengrass/v2.
- Add the --ggcRootPath /greengrass/v2 argument to your command as shown in the following example.
As recommended by AWS documentation (https://docs.aws.amazon.com/greengrass/v2/developerguide/gg-cli-reference.html) but I get nowhere.
Any help would be appreciated!
did you do what i suggested in the post? Not sure if greengrass finally fixed the issue. the file simply should not be owned by root.
You refer to change the ownership of the user-0?
I did change it with sudo chown myacct:myacct /greengrass/v2/cli_ipc_info/user-0. This was successful
Although if I restart my raspberry pi, it seems that it goes back to the root:root ownership. Therefore being only temporary. Would there be a more permanent solution?
Hi enierop. Did you follow the authorization steps that shagupta-aws outlined previously?
I tried to re-create your problem, but actually I couldn't make a situation in which the Greengrass CLI gave the error you mentioned. I made a new myadmin system user on my core device and used sudo -u myadmin -s
inside a bash script called from the component recipe, but still the call in the script worked fine. Can you perhaps share a bit more about your recipe and code?
Hi Thank you for trying. I have more info. if you do ls -la on the folder /greengrass/v2/cli_ipc_info you will see, it is owned by root:root
If I sudo to myaccount, who is in fact already member of sudoers, the linux behavior is, now you run as myaccount but for root access, you need to use sudo.
ls -la cli_ipc_info total 12 drwxr-xr-x 2 root root 4096 May 31 22:42 . drwxr-xr-x 12 root root 4096 May 31 22:42 .. -rw------- 1 root root 86 May 31 22:42 user-0
So, I need sudo TWICE. Which is a weird solution, or su and sudo. I need cli_ipc_info to be able to be read by my account directly. Otherwise, I get the IPC communication exception complaining that maccount, has no rights to read cli_ipc_info
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi enierop,
user-0 is root. Your component should NOT have access to that file. If you wish for your component to call the CLI, then you must add access to the Unix group for the user which your component runs as (default is ggc_group). You must update the configuration of the CLI component using a deployment, so set AuthorizedPosixGroups to a string which contains ggc_group, or the group of your user. https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-cli-component.html#greengrass-cli-component-configuration.
The "requirements" section https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-cli-component.html#greengrass-cli-component-requirements is clear that to use the CLI, you must
or