[Closed] OpenHab 4: Issues with openhabian.conf & restoration of configuration

Hello everyone,
I was unfortunately forced to switch to OpenHab 4 since a sudo apt update && sudo apt upgrade led to OpenHab 3 being updated to 4, which failed due to the Buster operating system (predecessor of Bullseye) and Java 17 (usually, I didn’t think that such major releases would be changed).

I have a backup of the config from OpenHab 2 (I just recently switched from 2 to OpenHab 3). So I decided to reflash OpenHabian onto the SD Card and prepare everything through the openhabian.conf.

openhabian.conf - userpw: Password not applied and automatically deleted
I kept the username and set a new password. It says in the config: “The password will be removed from this file after completion for security reasons.” But I still had to log in via SSH with the PW openhabian, and a search showed that even after the installation of OpenHabian & OpenHab, the password is still in plain text under /boot/openhabian.conf.

initial.zip - backup restoration:
I also placed an initial.zip with my saved configuration. The EnOcean Binding was automatically installed. But my created Rollershutter Items are still missing.

Do you have any idea why it didn’t work properly with the openhabian.conf & initial.zip?

Thank you very much!

Well, /boot/openhabian.conf file is copied to /etc/openhabian.conf.
Then openhabian-config unattended is executed.
So, the password is surely cut out from /etc/openhabian.conf :slight_smile: but maybe not from /boot/openhabian.conf

I can only guess though why the password wasn’t set correctly nor did the initial.zip work as intended.

Hey Udo,
I will try it again, now with the same username and hostname as I used in OH2, which was ‘openhab.’ In OH4, it seems to have changed to ‘openhabian.’

I saw the config files were restored correctly under /var/lib/openhab etc. But are obviously not used.

Because of the PW: But it would also make sense that here also under boot the PW is deleted, because the SD card remains idR. in the RP :). Or do I see that wrong?

No, you’re completely right :slight_smile: Either there was a malfunction or it’s an issue :slight_smile: As I don’t use the image with Raspberry, I can’t check it myself.

The user and password, however, should have been openhabian since the beginning of openHABian.
openhab, on the other hand, was and is the user to run openHAB (i.e. a special user for this software)
All files and directories should belong to user openhab. Sometimes ownership may be mixed up (especially after a restore). Then it’s best practice to use the command

sudo openhab-cli reset-ownership

which will take care of a general correction.

1 Like

As Udo wrote

there are two users in the default setup of openhabian.
They are separated from each other.
openhabian is allowed to login to the shell while openhab is not.
This is done for security reasons.
The OH software runs with openhab privileges. openhabian has privileges to run sudo.
Assumed it would be possible to configure openhabian in a way to run with openhab privileges it would mean the user openhab has sudo privileges - this could end up in a security problem assume an attacker can execute sudo from within the running OH process. This means root access on your OH host.

As the default installation of openhabian does not provide a shell for the user openhab and also no password it could ( I did not tested that ) mean that the password even is not set for user openhab ( that is being used/configured on behalf of user openhabian ).

1 Like

correct, there are many other users in a GNU/Linux system where this is also true.

You can’t login as user openhab (at least not directly from login, there are other options to become user openhab, even though there is no shell set for user openhab).

1 Like

Thank you very much for the explanations! I know that with the user of www-data (Apache) similar. But then I was probably fooled by the backup user and concluded from it to the openHABian user. In general, the systematics of Linux was not yet so clear to me, that these are not login users at all, etc. Thanks for the explanations!

In the meantime, I have openHAB 4 cleanly set up and all devices manually recreated. For the EnOceanIDs etc. I have used the backup of openHAB 2. It has now cost me the whole night but now it runs agian. I’m going to catch up on sleep :slight_smile: