Talk:Installing BOINC on Fedora

From BOINC

Checklist

The instructions for installation need to be tested for each Fedora release (and Red Hat and distributions derived from Red Hat, if possible). Please sign your comments.

Fedora 8
Verified the instructions for the Berkeley installer and the package installer. Dagorath (talk) 18:41, 2 February 2009 (UTC)
Fedora 9
Verified the instructions for the Berkeley installer and the package installer. Dagorath (talk) 18:41, 2 February 2009 (UTC)
Fedora 10
Verified the instructions for the package manager, Yum in Fedora 10. It is my belief that this "How-To" should be more prominent or at least a VERY prominent link to this document should be placed on the front page of the download site. What I ended up doing, after I found out about the new user and group that Boinc creates, was just to go into the graphical user manager and add myself to that group. Newsman2010 (talk) 13:56, 19 March 2009 (UTC)
Good to know. Some of the Fedora developers were concerned that doing that was beyond the "average" Fedora user. Clearly it is not, especially if we have good instructions posted. Can you add those instructions for doing it via the GUI? --Eric (talk) 14:21, 19 March 2009 (UTC)

Optional setup hints

On Fedora you can add user 'joe' to the group 'boinc' from the command line with 

 #  useradd -G boinc joe

Must, of course, be root to do this. I think this is clearer and safer than editing /etc/group. Hopefully it also works on Ubuntu and Debian. --Eric (talk) 13:04, 5 February 2009 (UTC)

I can't get useradd to work on Fedora for an existing user, which is what most users would be doing. If the user exists already then it seems you need to use the usermod command. The syntax is usermod -G <groupname> -a <username>.
Agreed. --Eric (talk) 18:11, 7 February 2009 (UTC)


There is a GUI way to do this, which is probably what many new Fedora users would like (unless it's more complicated). We should get those instructions into the article, or a link to a Fedora/Red Hat page with such instructions. --Eric (talk) 14:28, 19 March 2009 (UTC)

Split off the Optional Setup Hints section

It has been suggested that the optional setup hints be moved to a new page and that the "how to install" pages for each distro link to it. I see no need for that because the main purpose of the optinal hints is to setup the permissions and links to qui_rpc_auth.cfg in such a way that when the manager starts it is able to connect to the client without user intervention. That concept seems to not apply to Ubuntu because the BOINC client in the Ubuntu repository seems to accept only a blank password. I say "seems" because perhaps I am doing something wrong with Ubuntu. I have had BOINC running on Fedora for 2 years but have installed Ubuntu only recently. Anyway, if it's true that "Ubuntu BOINC" accepts only a blank password then perhaps BOINC on SuSe, Gentoo and Debian accept only a blank password as well? If so then the Optional Hints really doesn't apply to any distro except Fedora so the Optional Hints could just be left on the Fedora page and removed from the other distro pages. Dagorath (talk) 02:20, 12 February 2009 (UTC)

If Fedora doesn't behave like Ubuntu and "work out of the box" then it's a bug in the Fedora packaging and we need to ask Milos to fix it. In that case this section should remain as a workaround until the fix propagates. And we need to test each distro for this. --Eric (talk) 02:54, 12 February 2009 (UTC)
Huh? Since when is Ubuntu "The Golden Standard"? Nope. If Ubuntu BOINC doesn't work like Fedora BOINC then Ubuntu needs to be fixed. The client has always had a functional password GUI RPC password and for good reason. If the Ubuntu BOINC package maintainers removed that then they have broke with precedent. There is nothing wrong with breaking with precedent when there is some benefit to be gained but removing security features is not exactly beneficial.Dagorath (talk) 05:51, 12 February 2009 (UTC)
I think its an issue of file permissions. It should work "out of the box" with a blank password, but gui_rpc is turned off. Ubuntu does that. If Fedora doesn't then that should be fixed. It's not an issue of "Ubuntu is better". What we should do is make the security implications clear in the documentation. --Eric (talk) 13:04, 12 February 2009 (UTC)
I think it's an issue of "just get it out the door". If there is any standard then surely the standard must be the Berkeley installer which existed long before any of the package installers. The Berkeley installer works "out of the box" with a functional password that you can change. It appears that Ubuntu BOINC does not measure up to that standard but Fedora BOINC does. Just to be sure I understand how Ubuntu BOINC works I am going to take another look at it today but if they've broken the passwording in the Ubuntu package then, compared to the Berkeley standard, Ubuntu BOINC is broken.
If they broke it just to make it easier for the installer authors then that's just mediocrity, in my opinion, and I do realise that volunteers are not bound to the Berkeley standard. If they broke it to make it easier for the users then that's not very wise because with just a few more lines of code the installer could ask the user for a password and the name of the non-root user who will administer BOINC and then setup the password for that user. At least I think that might be possible but maybe I have overlooked something.
Anyway, I'll be contacting Milos to ask him to leave the Fedora package the way it is or else add the code I've described to setup the password. Or maybe I'll publish the bash script I have created that will setup the password though as Chris pointed out there may be issues with updates. For now, I agree that the security issues should be documented here in the wiki. And I think this discussion should be taking place in the forums, not here in the wiki and certainly not on some obscure mailing list, but that's a minor issue. Dagorath (talk) 15:18, 12 February 2009 (UTC)
I agree it would be useful to move this discussion to the forums. --Eric (talk) 17:01, 12 February 2009 (UTC)
From my first experience with BOINC on Ubuntu, I thought that the BOINC client in the Ubuntu package had been modified to accept only a blank password, regardless of what is stored in gui_rpc_auth.cfg. I had a second look at that and it's obvious now that I was wrong. The client in the Ubuntu package will work with a non-blank password. I must have forgotten to restart the daemon which would have left the original blank password in effect.
What I find surprising and confusing is that the manager on Ubuntu connects to the client without any user intervention, i.e. user does not have to give the password, the manager just somehow finds it. That seems to be a bad idea because it allows any/all users on a multi-user system to mess around with BOINC and wreak havoc, for example, they might detach a host from CPDN when the host is 90% done the CPDN model. On Fedora, you can prevent any/all users from connecting the manager to the client simply by NOT putting a link to gui_rpc_auth.cfg in the user's home directory.
Here is how it finds it: the init script launches the client from the working directory, which also contains gui_rpc_auth.txt, and the client looks in that directory (only) for that file. So it was set up this way. Yes, it is insecure on multi-user systems, but for a laptop or single-user desktop it is fine. Also, the default configuration is to NOT include the --allow-gui-rpc flag when launching the daemon, so remote control is not possible. Setting that stuff up is a good thing to document, but perhaps on a separate page. The fact that it's insecure for multi-user is something important to mention in the install page, but point to the other page for the solution. IMHO :-) --Eric (talk) 21:40, 12 February 2009 (UTC)
That's how the client finds gui_rpc_auth.cfg and subsequently the password. I had that much figured out already. What I want to know is how the manager finds the password on Ubuntu.
Another interesting observation about Ubuntu... suppose you have 2 system user accounts, 1 named Bob and the other Mary. If you login on Ubuntu as Bob and install BOINC, the manager will auto-connect to the client for Bob whenever Bob runs the manager. By auto-connect I mean you don't have to give the password. However, if you login as Mary the manager will not auto-connect to the client. Mary will have to give the GUI RPC password or the system admin has to put a link to gui_rpc_auth.cfg in Mary's home directory. That would lead you to assume that the package installer put a link to gui_rpc_auth.cfg in Bob's home directory but it does not.
--Dagorath (talk) 00:11, 13 February 2009 (UTC)

Please have a look at https://bugzilla.redhat.com/show_bug.cgi?id=478715#c2 -- the proposed solution sounds good to me, it would mean that disabling the password would only need adding a user to boinc group. No clearing passwords etc. I'm going to test the solution and release an update then, but I'd like to hear your opinions on this solution. --Mjakubicek (talk) 23:43, 6 March 2009 (UTC)

The related update has been submitted for testing, see https://admin.fedoraproject.org/updates/boinc-client-6.4.7-1.r17542svn.fc10

This conversation really should be in the developer forums. This wiki is for discussing the documentation, not functionality or configuration changes. --Eric (talk) 14:21, 7 March 2009 (UTC)
Retrieved from "https://boinc.berkeley.edu/w/?title=Talk:Installing_BOINC_on_Fedora&oldid=1897"