debian 8, rc.local not running
321 views
Skip to first unread message
Drew White
Jun 9, 2016, 10:31:13 PM6/9/16
to qubes-users
Hi folks,
Debian 8...
On boot, the rc.local file doesn't execute after the system has booted.
What could be wrong?
root@***********:/rw/config# ls -al
total **M
drwxr-xr-x 3 root root 4.0K Jun 10 12:24 .
drwxr-xr-x 9 root root 4.0K Jun 8 12:11 ..
-rwxr-xr-x 1 user user 5198 Jun 10 12:20 rc.local
it's executable by everyone, readable by everyone, so there should be no issues, right?
Hope someone can help please?
Every time my PC starts, that VM should set up all the ports to be forwarded and more.
I'm about ready to build an applicaiton to handle all the ports and all because Qubes doesn't have something that
handles it all in one, they are all separate and distinct, when they shouldn't really be.
I have other issues with the Qubes Windows Tools too, but that's another post, and I have pictures and a way around getting them to work on large resolutions, like they say there is a bug for.
Debian 8...
On boot, the rc.local file doesn't execute after the system has booted.
What could be wrong?
root@***********:/rw/config# ls -al
total **M
drwxr-xr-x 3 root root 4.0K Jun 10 12:24 .
drwxr-xr-x 9 root root 4.0K Jun 8 12:11 ..
-rwxr-xr-x 1 user user 5198 Jun 10 12:20 rc.local
it's executable by everyone, readable by everyone, so there should be no issues, right?
Hope someone can help please?
Every time my PC starts, that VM should set up all the ports to be forwarded and more.
I'm about ready to build an applicaiton to handle all the ports and all because Qubes doesn't have something that
handles it all in one, they are all separate and distinct, when they shouldn't really be.
I have other issues with the Qubes Windows Tools too, but that's another post, and I have pictures and a way around getting them to work on large resolutions, like they say there is a bug for.
Chris Laprise
Jun 10, 2016, 12:29:54 AM6/10/16
to Drew White, qubes-users
Did you add the shebang at the beginning of the script?
Chris
Drew White
Jun 10, 2016, 12:40:27 AM6/10/16
to qubes-users, drew....@gmail.com, tas...@openmailbox.org
On Friday, 10 June 2016 14:29:54 UTC+10, Chris Laprise wrote:
Did you add the shebang at the beginning of the script?
Chris
It's the basic file, but with content.
No errors in the code.
I run it from the CLI and it runs.
As I said "On boot, the rc.local file doesn't execute after the system has booted."
Andrew David Wong
Jun 10, 2016, 5:23:42 AM6/10/16
to Drew White, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Just a guess here, but shouldn't it be owned by root:root? That's how
it is in my Fedora VMs, anyway...
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXWocYAAoJENtN07w5UDAwxVMP/2251XpbWdzfzYiCxFn1WWiL
7Wj2S0A318kbVO+4V/1AzEdueK2AtDxWv8/2T2ph21HnU8d3TJ4t+NRyUtrhDNYw
oUXAovakTlp+S4gY1R18d6C4iXl3t6+LcAGZLgXjHVLbvk+Nc5DNt2gQJ4u5fT/H
JX+1ar4Ee8/maHjXKfODOyXiBwq8vepA0zkB7ybSzEKOECIGb4PWyad1/VnmDo0B
QURcCc9t46YeLA5Ko+ZyNCxUbRULnXoRFO7RvBW6iogzaH3DN3rEQyhY1fEqjZbN
9S/7EuGHI1BQtHEHmvXMZ++F0OoxaBa9X3Gwf6eFghYGeZAdNwySp+uAufSynwJq
tJC9rPVy83PszQR+6/ZZz4CI5RSqzcOr/KN+I3e1CZlvU13B5JrHhboAdXTarXzU
UvrPL321Km77ODvlQlgvRci9NeBmAWBhLpk+8ozysRc/8x/AiGRoM87l1/7PSyLu
jvBsPYiMx+5N8JQO3uKaZFoO7tCy1O7IWIx45sO9awZcCgG+RTsfTu5FfTW8zpzr
836xCDxVRc2G2NevT/QsTZOA/YXeN2KIHoBLi2+DH9VXggKmilhYt3Gg0/LlBagk
8FzWu5TtaDbxRRehnfGFiwMeIAGsgXf2N+vfEpGzjZ8ZuRY7i1x7UjZZNMKzc8WF
+Jh5GvM+nJ1/P4CmhHpm
=XDPS
-----END PGP SIGNATURE-----
Hash: SHA512
it is in my Fedora VMs, anyway...
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXWocYAAoJENtN07w5UDAwxVMP/2251XpbWdzfzYiCxFn1WWiL
7Wj2S0A318kbVO+4V/1AzEdueK2AtDxWv8/2T2ph21HnU8d3TJ4t+NRyUtrhDNYw
oUXAovakTlp+S4gY1R18d6C4iXl3t6+LcAGZLgXjHVLbvk+Nc5DNt2gQJ4u5fT/H
JX+1ar4Ee8/maHjXKfODOyXiBwq8vepA0zkB7ybSzEKOECIGb4PWyad1/VnmDo0B
QURcCc9t46YeLA5Ko+ZyNCxUbRULnXoRFO7RvBW6iogzaH3DN3rEQyhY1fEqjZbN
9S/7EuGHI1BQtHEHmvXMZ++F0OoxaBa9X3Gwf6eFghYGeZAdNwySp+uAufSynwJq
tJC9rPVy83PszQR+6/ZZz4CI5RSqzcOr/KN+I3e1CZlvU13B5JrHhboAdXTarXzU
UvrPL321Km77ODvlQlgvRci9NeBmAWBhLpk+8ozysRc/8x/AiGRoM87l1/7PSyLu
jvBsPYiMx+5N8JQO3uKaZFoO7tCy1O7IWIx45sO9awZcCgG+RTsfTu5FfTW8zpzr
836xCDxVRc2G2NevT/QsTZOA/YXeN2KIHoBLi2+DH9VXggKmilhYt3Gg0/LlBagk
8FzWu5TtaDbxRRehnfGFiwMeIAGsgXf2N+vfEpGzjZ8ZuRY7i1x7UjZZNMKzc8WF
+Jh5GvM+nJ1/P4CmhHpm
=XDPS
-----END PGP SIGNATURE-----
Unman
Jun 10, 2016, 5:07:41 PM6/10/16
to Andrew David Wong, Drew White, qubes-users
I dont beleieve the user is significant.
Nor do I think it likely that rc.local isnt executing, (althoygh this is
not impossible.)
To start troubleshooting, try inserting a simple log command at the
start of the file:
echo `date` >> /home/user/log
would do.
See if the log is written on boot.
If it is, then you need to look at the exact commands you are using. I
recall at one time specifying full path although I no longer do so.
I use rc.local to set iptables policies etc. and it works flawlessly.
If you still cant get it working, post the file contents.
unman
David Nogueira
Jun 12, 2016, 10:05:07 AM6/12/16
to qubes-users, a...@qubes-os.org, drew....@gmail.com, un...@thirdeyesecurity.org
Hey,
Actually having the same issue on a fedora23 template AppVM, tried debugging as suggest by unman but still not luck.
And then I chmoded +x rc.local and it started working.
Best,
David
Unman
Jun 12, 2016, 6:34:40 PM6/12/16
to David Nogueira, qubes-users, a...@qubes-os.org, drew....@gmail.com
if you look at Drew's output you will see that the file is already
executable, so this will not be his problem.
It's clearly stated in the docs that you need to apply chmod +x:
Look at https://www.qubes-os.org/doc/config-files/
unman
David Nogueira
Jun 12, 2016, 6:39:52 PM6/12/16
to qubes-users, david....@gmail.com, a...@qubes-os.org, drew....@gmail.com, un...@thirdeyesecurity.org
Unman,
Sorry my bad, missed that he had written it was executable.
David
Drew White
Jun 12, 2016, 9:15:39 PM6/12/16
to qubes-users, a...@qubes-os.org, drew....@gmail.com, un...@thirdeyesecurity.org
On Saturday, 11 June 2016 07:07:41 UTC+10, Unman wrote:
Hi Drew
Hi Unman,
I dont beleieve the user is significant.
Nope, you are right there.
Nor do I think it likely that rc.local isnt executing, (althoygh this is
not impossible.)
To start troubleshooting, try inserting a simple log command at the
start of the file:
echo `date` >> /home/user/log
would do.
I actually have it setting the nameserver as the first thing it does.
This is not happenning, and so I know that it's not doing what it's meant to be doing which means I have to run it manually to get the internet working.
See if the log is written on boot.
If it is, then you need to look at the exact commands you are using. I
recall at one time specifying full path although I no longer do so.
I use rc.local to set iptables policies etc. and it works flawlessly.
Mine works fine on Fedora, it's just Debian that it's not automatically executing on..
My whole issue is with it on Debian, on Fedora, even Fedora 23 it just runs and works, no matter the ownership.
As long as it can be executed, it works.
If you still cant get it working, post the file contents.
Okay..
I'll post some of it.
#!/bin/sh
# This script will be executed at every VM startup, you can place your own
# custom commands here. This include overriding some configuration in /etc,
# starting services etc.
#
# You need to make this script executable to have it enabled.
# Example for overriding the whole CUPS configuration:
# rm -rf /etc/cups
# ln -s /rw/config/cups /etc/cups
# systemctl --no-block restart cups
hname=`hostname`
#service dnsmasq stop
service smbd stop
echo "nameserver NameserverIP" > /etc/resolv.conf
echo "Nameserver Set.";
samba=1;
interVMNet=0;
dnsmasqLocal=0;
nocups=0;
httpd=0;
bridged=0;
bridgeip='';
bridgeto='';
eth='eth0'; # Eth config
local_ip=``; # local IP
local_externalnet=``;
echo "Local : $local_ip - : $local_externalnet";
vif=``; # GET internal IP lists
echo "Using VIF $vif";
intervm_ip=``; # GET internal IP
echo "internal vm parent IP set to $intervm_ip";
intervm_internalnet=``; # GET internal IP
echo "internal vm network set to $intervm_internalnet";
internalnet_bridgevmip=``; # GET internal IP
# Enable ping requests from 10 class network
iptables -I INPUT 1 -i eth0 -p icmp --icmp-type 8 -s $local_externalnet/24 -d $local_ip -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT 1 -o eth0 -p icmp --icmp-type 0 -s $local_externalnet/24 -d $local_externalnet/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
f [ $nocups -eq 1 ]; then
systemctl stop cups
rm -rf /etc/cups
ln -s /rw/config/cups /etc/cups
systemctl --no-block restart cups
echo "CUPS REMOVED";
fi
if [ $samba -eq 1 ]; then
# mycode here
less smb.conf > /etc/samba/smb.conf
service smbd start
echo "SAMBA STARTED";
fi
if [ $interVMNet -eq 1 ]; then
# Sets iptables so that anything targeting local network can find itself. Only use for interVM machine.
# mycode here
echo "INTERVM STARTED";
fi
if [ $dnsmasqLocal -eq 1 ]; then
less dnsmasq.conf > /etc/dnsmasq.conf
# mycode here
service dnsmasq start
echo "DNSMASQ STARTED";
fi
if [ $httpd -eq 1 ]; then
service httpd stop
# mycode here
service httpd start
echo "HTTPD STARTED";
fi
if [ $bridged -eq 1 ]; then
# mycode here
echo "BRIDGE 1 STARTED";
fi
Drew White
Jun 12, 2016, 9:20:15 PM6/12/16
to qubes-users, a...@qubes-os.org, drew....@gmail.com, un...@thirdeyesecurity.org
Unman,
That code is just what I have int hat NetVM.
As I said, rund fine running from CLI, but not on boot.
Does not make sense when it works fine on Fedora 20, 21 & 23 (normal and minimal [ if services I use and call are installed ] )
Yes, I have taken out specific bits of code that I have that do things that set up all things that I have, but they are no of consequence as to why the file isn't executing.
The details there are just the basics for the external VM, many other options are set in the firewall settings.
Many others are executed from Dom0 when I boot specific machines.
The original file is a LOT longer. But that's the basic one for the general NetVM.
Hope you can help.
That code is just what I have int hat NetVM.
As I said, rund fine running from CLI, but not on boot.
Does not make sense when it works fine on Fedora 20, 21 & 23 (normal and minimal [ if services I use and call are installed ] )
Yes, I have taken out specific bits of code that I have that do things that set up all things that I have, but they are no of consequence as to why the file isn't executing.
The details there are just the basics for the external VM, many other options are set in the firewall settings.
Many others are executed from Dom0 when I boot specific machines.
The original file is a LOT longer. But that's the basic one for the general NetVM.
Hope you can help.
Marek Marczykowski-Górecki
Jun 13, 2016, 9:48:35 AM6/13/16
to Drew White, qubes-users, a...@qubes-os.org, un...@thirdeyesecurity.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, Jun 12, 2016 at 06:15:38PM -0700, Drew White wrote:
> On Saturday, 11 June 2016 07:07:41 UTC+10, Unman wrote:
> > If you still cant get it working, post the file contents.
> >
>
> Okay..
>
> I'll post some of it.
>
>
>
> #!/bin/sh
>
> # This script will be executed at every VM startup, you can place your own
> # custom commands here. This include overriding some configuration in /etc,
> # starting services etc.
> #
> # You need to make this script executable to have it enabled.
>
> # Example for overriding the whole CUPS configuration:
> # rm -rf /etc/cups
> # ln -s /rw/config/cups /etc/cups
> # systemctl --no-block restart cups
>
> hname=`hostname`
>
> #service dnsmasq stop
> service smbd stop
Take a look at commented example above and use `systemctl --no-block`
(with all its consequences). rc.local itself is started as a systemd
service and starting/stopping another service from it may block on some
dependencies. You can check if this is the problem by listing processes
after VM startup and see if the above smbd stop is waiting for something.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXXrmsAAoJENuP0xzK19cswqIH/1Y9WAeYW63+m1N9xxS5zatK
waVojvO7+ZF01uc38wzklE3UShcVmLXFpBEpP92TNM2TDWDDEIGu0naDv14cgDVA
hJ1NbI+f7f8q1z9l2W5SZv5qyU2yPPxkQxI3cPvLow92AU1lvUDgARB/xHvIsraz
RkFAKamnrYmySDhubmwVtDc/scU7z7FgFFvHucLlS/iiOwsoJ+9baGbs3VdKfID5
QSIdKvYo2EV3H65KDQKI5yFFYqCCbX1vh09BYhyCfJ/ETnt4A/f1WkN46tijlR5o
r9jqy0S4WIwl6u4l3ZKQzhFWTnBaceUy+r2jWqYk8amO3X9kzjxnEb+qKt/QqYc=
=TUWs
-----END PGP SIGNATURE-----
Hash: SHA256
On Sun, Jun 12, 2016 at 06:15:38PM -0700, Drew White wrote:
> On Saturday, 11 June 2016 07:07:41 UTC+10, Unman wrote:
> > If you still cant get it working, post the file contents.
> >
>
> Okay..
>
> I'll post some of it.
>
>
>
> #!/bin/sh
>
> # This script will be executed at every VM startup, you can place your own
> # custom commands here. This include overriding some configuration in /etc,
> # starting services etc.
> #
> # You need to make this script executable to have it enabled.
>
> # Example for overriding the whole CUPS configuration:
> # rm -rf /etc/cups
> # ln -s /rw/config/cups /etc/cups
> # systemctl --no-block restart cups
>
> hname=`hostname`
>
> #service dnsmasq stop
> service smbd stop
(with all its consequences). rc.local itself is started as a systemd
service and starting/stopping another service from it may block on some
dependencies. You can check if this is the problem by listing processes
after VM startup and see if the above smbd stop is waiting for something.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXXrmsAAoJENuP0xzK19cswqIH/1Y9WAeYW63+m1N9xxS5zatK
waVojvO7+ZF01uc38wzklE3UShcVmLXFpBEpP92TNM2TDWDDEIGu0naDv14cgDVA
hJ1NbI+f7f8q1z9l2W5SZv5qyU2yPPxkQxI3cPvLow92AU1lvUDgARB/xHvIsraz
RkFAKamnrYmySDhubmwVtDc/scU7z7FgFFvHucLlS/iiOwsoJ+9baGbs3VdKfID5
QSIdKvYo2EV3H65KDQKI5yFFYqCCbX1vh09BYhyCfJ/ETnt4A/f1WkN46tijlR5o
r9jqy0S4WIwl6u4l3ZKQzhFWTnBaceUy+r2jWqYk8amO3X9kzjxnEb+qKt/QqYc=
=TUWs
-----END PGP SIGNATURE-----
Drew White
Jun 14, 2016, 8:20:04 PM6/14/16
to qubes-users, drew....@gmail.com, a...@qubes-os.org, un...@thirdeyesecurity.org
Hi Marek,
>
> hname=`hostname`
>
> #service dnsmasq stop
> service smbd stop
Take a look at commented example above and use `systemctl --no-block`
(with all its consequences). rc.local itself is started as a systemd
service and starting/stopping another service from it may block on some
dependencies. You can check if this is the problem by listing processes
after VM startup and see if the above smbd stop is waiting for something.
No, it's not waiting for anything. Not blocked on any dependancies or anything.
If the service is stopped then it doesn't need to stop it and just passes through with no issue.
Everything appears to be working fine, except the script isn't executing.
As for the use of "systemctl --no-block".. That doesn't work, it says "Unknown operation" for that command.
Unman
Jun 15, 2016, 5:53:53 PM6/15/16
to Drew White, qubes-users, a...@qubes-os.org
Can you try just running the logging command that I suggested? No other
systemctl, iptables or anything. Just that one command.
Then we can determine if the file is being run or not.
unman
Reply all
Reply to author
Forward
0 new messages