I've tried to install and start the Dante SOCKS server with the Gentoo provided ebuild without success. The installation goes fine, but after configuring the server and trying to start the service, I get the following error message: proxy ~ # /etc/init.d/dante-sockd start Dec 21 11:05:03 (1135159503) sockd[0]: socks_seteuid(): old: 0, new: 101 Dec 21 11:05:03 (1135159503) sockd[0]: socks_reseteuid(): current: 101, new: 0 Dec 21 10:05:03 (1135159503) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Dec 21 10:05:03 (1135159503) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf The problem is related to the specification of users to be used by the daemon. The Dante configuration file has three users (taken from man sockd.conf): user.privileged Username which will be used for doing privileged operations. user.notprivileged User which the server runs as most of the time. user.libwrap User used to execute libwrap commands. If only one of those users are set to anything different than root, the service cannot be started. If all of them are set to root, then the service starts without any problem. In the documentation and examples they tell you to use the sockd user as user.notprivileged, for common daemon operations, but there seems to be something preventing this (the sockd user is of course created and added to the daemon group, this is done by the ebuild). Here you have my emerge info: proxy ~ # emerge info Portage 2.0.51.22-r3 (default-linux/x86/2005.1, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.12-gentoo-r6 i686) ================================================================= System uname: 2.6.12-gentoo-r6 i686 Pentium III (Coppermine) Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.11 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium3 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 alsa apache2 apm arts avi berkdb bitmap-fonts bzip2 crypt cups eds emboss encode expat foomaticdb fortran gd gdbm gif gnome gpm gstreamer gtk gtk2 imlib ipv6 jpeg kde libg++ libwww mad mikmod motif mp3 mpeg ncurses nls ogg oggvorbis opengl oss pam pdflib perl png python qt quicktime readline sdl spell ssl tcpd truetype truetype-fonts type1-fonts udev vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
it works pretty much out of the box for me. I can't imagine what did you set that requires dante to have root privileges in order to work.
Could you post your configuration file so I can compare with mine? Or maybe you prefer me to post mine here? (I'm on holiday until next monday, so I won't be able to provide any more info until them)
the reporter has vanished
The reporter hasn't vanished... as I told you "I'm on holiday until next monday", and next monday is today... I will test it again this evening and provide a report, so please, don't close the bug
On a fresh install (I have unmerged dante and deleted all the configuration files) when I try to start the service I get the following: proxy ~ # /etc/init.d/dante-sockd start Jan 2 15:53:22 (1136213602) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 15:53:22 (1136213602) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 14:53:22 (1136213602) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 14:53:22 (1136213602) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf After editing the /etc/socks/sockd.conf to include the following: logoutput: syslog internal: eth1 port = 1080 external: eth0 user.privileged: sockd user.notprivileged: sockd user.libwrap: sockd I still get the same error. Here you have my network configuration (I haven't included lo): proxy ~ # ifconfig eth0 Link encap:Ethernet HWaddr 00:0A:5E:3C:59:94 inet addr:192.168.2.251 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20a:5eff:fe3c:5994/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:435347 errors:0 dropped:0 overruns:1 frame:0 TX packets:396602 errors:0 dropped:0 overruns:0 carrier:4 collisions:1323 txqueuelen:1000 RX bytes:385019080 (367.1 Mb) TX bytes:69340682 (66.1 Mb) Interrupt:16 Base address:0x1000 eth1 Link encap:Ethernet HWaddr 00:02:B3:28:F5:0C inet addr:192.168.1.251 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::202:b3ff:fe28:f50c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:353661 errors:12 dropped:0 overruns:0 frame:12 TX packets:443616 errors:15 dropped:0 overruns:0 carrier:15 collisions:24850 txqueuelen:1000 RX bytes:67722410 (64.5 Mb) TX bytes:410058198 (391.0 Mb) If I set all the users to root, the service starts (although it doesn't work, as I haven't added any rule). If I set only one of the users to sockd instead of root, the service doesn't starts, with the follwoing errors: With user.privileged: sockd proxy ~ # /etc/init.d/dante-sockd start Jan 2 16:08:47 (1136214527) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 16:08:47 (1136214527) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 15:08:47 (1136214527) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 15:08:47 (1136214527) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf With user.notprivileged: sockd proxy ~ # /etc/init.d/dante-sockd start Jan 2 16:09:33 (1136214573) sockd[0]: socks_seteuid(): old: 0, new: 0 Jan 2 16:09:33 (1136214573) sockd[0]: socks_reseteuid(): current: 0, new: 0 Jan 2 16:09:33 (1136214573) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 16:09:33 (1136214573) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 15:09:33 (1136214573) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 15:09:33 (1136214573) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf With user.libwrap: sockd proxy ~ # /etc/init.d/dante-sockd start Jan 2 16:10:06 (1136214606) sockd[0]: socks_seteuid(): old: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_reseteuid(): current: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_seteuid(): old: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_reseteuid(): current: 0, new: 0 Jan 2 16:10:06 (1136214606) sockd[0]: socks_seteuid(): old: 0, new: 101 Jan 2 16:10:06 (1136214606) sockd[0]: socks_reseteuid(): current: 101, new: 0 Jan 2 15:10:06 (1136214606) sockd[0]: socks_reseteuid(): getpwuid(0): Permission denied (errno = 13) Jan 2 15:10:06 (1136214606) sockd[0]: sockdexit(): terminating * Something is wrong with your configuration file * for more info, see: man sockd.conf The sockd user seems to be correctly created: proxy ~ # id sockd uid=101(sockd) gid=2(daemon) groups=2(daemon) Any ideas?
I've been googlong around, and found that getpwuid is a C function used to retrieve information stored in /etc/passwd for the given id. From the log I've posted it seems Dante fails to switch from user id 101 (sockd) to user id 0 (root), and this is caused by the call to getpwuid(0) returning an error ( getpwuid(0): Permission denied (errno = 13) ). I've checked my /etc/passwd file, to see if it's world readable, and it indeed is: proxy ~ # ls -l /etc/passwd -rw-r--r-- 1 root root 1772 Dec 20 15:01 /etc/passwd So I don't know what can be causing this error...
maybe improper permissions on /etc or / ?
proxy ~ # ls -ld /etc drwxr-xr-x 41 root root 3032 Jan 4 17:55 /etc proxy ~ # ls -ld / d-wxr----t 19 root root 472 Nov 15 17:41 / Permissions on / seems strange, so I checked another Gentoo installations I have in place: protos ~ # ls -ld / drwxr-xr-x 19 root root 440 mar 10 2005 / cognos ~ # ls -ld / drwxr-xr-x 19 root root 440 dic 9 09:45 / I don't remember having done anything special on that machine but trying to use the Gentoo installer. After failing I did a regular install, and haven't had any other problem until now, and as you may see, I have a few other services already running: proxy ~ # rc-status Runlevel: default sshd [ started ] local [ started ] squid [ started ] vixie-cron[ started ] syslog-ng [ started ] domainname[ started ] net.eth0 [ started ] net.eth1 [ started ] nylond [ started ] netmount [ started ] webmin [ started ] apache2 [ started ] Could this be the problem? If so how are you supposed to change / permissions, just with a regular chmod? I didn't know you could change permissions on /... I have checked /etc/fstab but they look similar in all the machines: proxy: /dev/hda3 / reiserfs noatime 0 1 protos: /dev/sda3 / reiserfs noatime 0 1
your permissions on / are wrong. run "chmod u=rwx,go=rx /" for fixing that. I don't know who changed permission on your root directory (probably the Gentoo installer?), but I'm sure it isn't dante.