Summary: | Dante SOCKS server cannot be started with sockd user | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jose Gonzalez Gomez <jgonzalez.openinput> |
Component: | [OLD] Server | Assignee: | Gentoo Network Proxy Developers (OBSOLETE) <net-proxy+disabled> |
Status: | RESOLVED INVALID | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Jose Gonzalez Gomez
2005-12-21 01:12:06 UTC
it works pretty much out of the box for me. I can't imagine what did you set that requires dante to have root privileges in order to work. Could you post your configuration file so I can compare with mine? Or maybe you prefer me to post mine here? (I'm on holiday until next monday, so I won't be able to provide any more info until them) the reporter has vanished The reporter hasn't vanished... as I told you "I'm on holiday until next monday", and next monday is today... I will test it again this evening and provide a report, so please, don't close the bug On a fresh install (I have unmerged dante and deleted all the configuration files) when I try to start the service I get the following: proxy ~ # /etc/init.d/dante-sockd start Jan 2 15:53:22 (1136213602) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 15:53:22 (1136213602) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 14:53:22 (1136213602) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 14:53:22 (1136213602) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf After editing the /etc/socks/sockd.conf to include the following: logoutput: syslog internal: eth1 port = 1080 external: eth0 user.privileged: sockd user.notprivileged: sockd user.libwrap: sockd I still get the same error. Here you have my network configuration (I haven't included lo): proxy ~ # ifconfig eth0 Link encap:Ethernet HWaddr 00:0A:5E:3C:59:94 inet addr:192.168.2.251 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20a:5eff:fe3c:5994/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:435347 errors:0 dropped:0 overruns:1 frame:0 TX packets:396602 errors:0 dropped:0 overruns:0 carrier:4 collisions:1323 txqueuelen:1000 RX bytes:385019080 (367.1 Mb) TX bytes:69340682 (66.1 Mb) Interrupt:16 Base address:0x1000 eth1 Link encap:Ethernet HWaddr 00:02:B3:28:F5:0C inet addr:192.168.1.251 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::202:b3ff:fe28:f50c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:353661 errors:12 dropped:0 overruns:0 frame:12 TX packets:443616 errors:15 dropped:0 overruns:0 carrier:15 collisions:24850 txqueuelen:1000 RX bytes:67722410 (64.5 Mb) TX bytes:410058198 (391.0 Mb) If I set all the users to root, the service starts (although it doesn't work, as I haven't added any rule). If I set only one of the users to sockd instead of root, the service doesn't starts, with the follwoing errors: With user.privileged: sockd proxy ~ # /etc/init.d/dante-sockd start Jan 2 16:08:47 (1136214527) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 16:08:47 (1136214527) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 15:08:47 (1136214527) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 15:08:47 (1136214527) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf With user.notprivileged: sockd proxy ~ # /etc/init.d/dante-sockd start Jan 2 16:09:33 (1136214573) sockd[0]: socks_seteuid(): old: 0, new: 0 Jan 2 16:09:33 (1136214573) sockd[0]: socks_reseteuid(): current: 0, new: 0 Jan 2 16:09:33 (1136214573) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 16:09:33 (1136214573) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 15:09:33 (1136214573) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 15:09:33 (1136214573) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf With user.libwrap: sockd proxy ~ # /etc/init.d/dante-sockd start Jan 2 16:10:06 (1136214606) sockd[0]: socks_seteuid(): old: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_reseteuid(): current: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_seteuid(): old: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_reseteuid(): current: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 16:10:06 (1136214606) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 15:10:06 (1136214606) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 15:10:06 (1136214606) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf The sockd user seems to be correctly created: proxy ~ # id sockd uid=101(sockd) gid=2(daemon) groups=2(daemon) Any ideas? I've been googlong around, and found that getpwuid is a C function used to retrieve information stored in /etc/passwd for the given id. From the log I've posted it seems Dante fails to switch from user id 101 (sockd) to user id 0 (root), and this is caused by the call to getpwuid(0) returning an error ( getpwuid(0): Permission denied (errno = 13) ). I've checked my /etc/passwd file, to see if it's world readable, and it indeed is: proxy ~ # ls -l /etc/passwd -rw-r--r-- 1 root root 1772 Dec 20 15:01 /etc/passwd So I don't know what can be causing this error... maybe improper permissions on /etc or / ? proxy ~ # ls -ld /etc drwxr-xr-x 41 root root 3032 Jan 4 17:55 /etc proxy ~ # ls -ld / d-wxr----t 19 root root 472 Nov 15 17:41 / Permissions on / seems strange, so I checked another Gentoo installations I have in place: protos ~ # ls -ld / drwxr-xr-x 19 root root 440 mar 10 2005 / cognos ~ # ls -ld / drwxr-xr-x 19 root root 440 dic 9 09:45 / I don't remember having done anything special on that machine but trying to use the Gentoo installer. After failing I did a regular install, and haven't had any other problem until now, and as you may see, I have a few other services already running: proxy ~ # rc-status Runlevel: default sshd [ started ] local [ started ] squid [ started ] vixie-cron[ started ] syslog-ng [ started ] domainname[ started ] net.eth0 [ started ] net.eth1 [ started ] nylond [ started ] netmount [ started ] webmin [ started ] apache2 [ started ] Could this be the problem? If so how are you supposed to change / permissions, just with a regular chmod? I didn't know you could change permissions on /... I have checked /etc/fstab but they look similar in all the machines: proxy: /dev/hda3 / reiserfs noatime 0 1 protos: /dev/sda3 / reiserfs noatime 0 1 your permissions on / are wrong. run "chmod u=rwx,go=rx /" for fixing that. I don't know who changed permission on your root directory (probably the Gentoo installer?), but I'm sure it isn't dante. |