The ddclient-3.3.6 ebuild has the following ewarn lines: * The files in /etc/ddclient will be chowned to * root:ddclient, and chmodded to 640: * (user/group read; user write) * Please run etc-update and update your initscript to take * advantage of non-root permissions on the daemon * Further, please note that your config files must be owned * by the user ddclient or have group ownership by ddclient. * In other words, please follow the ownership/permissions scheme * that has been laid out in /etc/ddclient for you. Reading the message indicates that the directory and files in /etc/ddclient will be changed to be owned by ddclient:ddclient with permissions 640. After upgrading from ddclient-3.6.3, these were the resulting permissions: arath ddclient # ls -la total 52 drwxr-xr-x 2 root root 4096 Apr 6 21:44 . drwxr-xr-x 68 root root 4096 Apr 6 21:38 .. -rw------- 1 root root 286 Mar 23 17:59 ddclient.cache -rw------- 1 root root 4946 Apr 6 21:44 ddclient.conf -rw-r--r-- 1 root root 911 Feb 21 17:42 sample-etc_cron.d_ddclient -rw-r--r-- 1 root root 4740 Feb 21 17:42 sample-etc_ddclient.conf -rw-r--r-- 1 root root 670 Feb 21 17:42 sample-etc_dhclient-exit-hooks -rw-r--r-- 1 root root 703 Feb 21 17:42 sample-etc_dhcpc_dhcpcd-eth0.exe -rw-r--r-- 1 root root 1388 Feb 21 17:42 sample-etc_ppp_ip-up.local -rw-r--r-- 1 root root 899 Feb 21 17:42 sample-etc_rc.d_init.d_ddclient -rw-r--r-- 1 root root 717 Feb 21 17:42 sample-etc_rc.d_init.d_ddclient.redhat As you can see all of the files are owned by root:root. With the new fix to run ddclient as the ddclient user, this results in /etc/init.d/ddclient not being able to start. Completely unmerging, removing /etc/ddclient and re-emerging ddclient results in the following permissions: drwxr-xr-x 2 root root 4096 Apr 6 22:07 . drwxr-xr-x 68 root root 4096 Apr 6 22:07 .. -rw-r----- 1 root ddclient 4946 Apr 6 22:07 ddclient.conf Which are still not coorect for it to run. Commenting out the redirect to /dev/null in /etc/init.d/ddclient script shows the following: WARNING: file /etc/ddclient/ddclient.conf: file /etc/ddclient/ddclient.conf must be accessible only by its owner. After which ddclient exits. Setting the ownership and permissions to the following allows it to run correctly. garath ddclient # ls -al total 20 drwxr-x--- 2 ddclient ddclient 4096 Apr 6 22:17 . drwxr-xr-x 68 root root 4096 Apr 6 22:07 .. -rw------- 1 ddclient ddclient 286 Apr 6 22:17 ddclient.cache -rw------- 1 ddclient ddclient 4946 Apr 6 22:07 ddclient.conf Reproducible: Always Steps to Reproduce: 1. emerge ddclient Actual Results: The /etc/ddclient/ddclient.conf file ownership and permissions were not set correctly. Expected Results: Changed the ownership and permissions of /etc/ddclient and its files correctly so that /etc/init.d/ddclient would execute properly. Portage 2.0.51.19 (default-linux/x86/2004.3, gcc-3.3.5, glibc-2.3.4.20050125-r1, 2.6.11-gentoo-r4 i686) ================================================================= System uname: 2.6.11-gentoo-r4 i686 Intel(R) Pentium(R) 4 CPU 1.80GHz Gentoo Base System version 1.6.10 Python: dev-lang/python-2.3.5 [2.3.5 (#1, Feb 19 2005, 10:18:50)] dev-lang/python: 2.3.5 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.5, 1.9.5, 1.8.5-r3, 1.7.9-r1, 1.6.3, 1.4_p6 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.14 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks fixpackages sandbox sfperms" GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://gentoo.osuosl.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="x86 X acpi alsa apache2 arts artswrappersuid audiofile avi bash-completionberkdb bitmap-fonts cdr crypt cups curl dvd emboss encode fam fbcon flac font-server foomaticdb fortran gdbm gif gpm gtk gtk2 imagemagick imlib java javascriptjpeg kde libg++ libwww mad maildir mikmod mmx motif mozilla moznocompose moznoirc moznomail mp3 mpeg ncurses nls nptl oggvorbis opengl pam pda pdflib perl png ppds python qt quicktime readline samba sasl sdl spell sqlite sse ssl tcltk tcpdtiff truetype truetype-fonts type1-fonts usb xml2 xmms xv zlib linguas_en" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS
added a blurb in the postinst to this effect.
added a blurb in the postinst to this effect. Just to note: I guess it would be evil for the ebuild to change perms in /etc, so the note will have to suffice.
Still not working as expect, every time i attempt to launch ddclient using the init script it fails, i commented the redirect to /dev/null in /etc/init.d/ddclient to debug purposes, and changed the locale to return the messages error in english, here the ouput: ------------------------------------------------------------ LC_ALL=C /etc/init.d/ddclient start * Starting DDClient ... WARNING: file /etc/ddclient/ddclient.conf: Cannot open file '/etc/ddclient/ddclient.conf'. (Permission denied) stat() on closed filehandle FD at /usr/sbin/ddclient line 756. Use of uninitialized value in bitwise and (&) at /usr/sbin/ddclient line 757. readline() on closed filehandle FD at /usr/sbin/ddclient line 768. WARNING: file /etc/ddclient/ddclient.conf: Cannot open file '/etc/ddclient/ddclient.conf'. (Permission denied) stat() on closed filehandle FD at /usr/sbin/ddclient line 756. Use of uninitialized value in bitwise and (&) at /usr/sbin/ddclient line 757. readline() on closed filehandle FD at /usr/sbin/ddclient line 768. WARNING: unable to determine IP address [ !! ] ------------------------------------------------------------ following the ebuild ewarn i've changed the proper permissions in /etc/ddclient ls -al /etc/ddclient/ total 50 drw-r----- 2 root ddclient 448 Abr 11 16:25 . drwxr-xr-x 71 root root 5688 Abr 15 15:23 .. -rw------- 1 root ddclient 501 Abr 13 18:19 ddclient.cache -rw------- 1 root ddclient 4993 Abr 15 15:22 ddclient.conf -rw-r----- 1 root ddclient 911 Out 24 19:56 sample-etc_cron.d_ddclient -rw-r----- 1 root ddclient 4740 Out 24 19:56 sample-etc_ddclient.conf -rw-r----- 1 root ddclient 670 Out 24 19:56 sample-etc_dhclient-exit-hooks -rw-r----- 1 root ddclient 703 Out 24 19:56 sample-etc_dhcpc_dhcpcd-eth0.exe -rw-r----- 1 root ddclient 1388 Out 24 19:56 sample-etc_ppp_ip-up.local -rw-r----- 1 root ddclient 899 Out 24 19:56 sample-etc_rc.d_init.d_ddclient -rw-r----- 1 root ddclient 717 Out 24 19:56 sample-etc_rc.d_init.d_ddclient.r edhat ------------------------------------------------------------ cat /etc/passwd | grep ddclient ddclient:x:460:460:added by portage for ddclient:/dev/null:/bin/false ------------------------------------------------------------ esearch ddclient * net-dns/ddclient Latest version available: 3.6.6 Latest version installed: 3.6.6 ------------------------------------------------------------ emerge info Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.4.20050125-r1, 2.6.11-gentoo-r6 i686) ================================================================= System uname: 2.6.11-gentoo-r6 i686 AMD Athlon(tm) Processor Gentoo Base System version 1.6.10 Python: dev-lang/python-2.3.5 [2.3.5 (#1, Apr 12 2005, 17:54:52)] ccache version 2.4 [enabled] dev-lang/python: 2.3.5 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.14 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=athlon-tbird -fomit-frame-pointer -ftracer -fprefetch-loop-arrays -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-tbird -fomit-frame-pointer -ftracer -fprefetch-loop-arrays -pipe -fvisibility-inlines-hidden" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks noalllocale prelink sandbox sfperms" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" LC_ALL="pt_BR.ISO-8859-1" LINGUAS="pt_BR" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X aac acpi alsa avi bash-completion berkdb bitmap-fonts bzlib cdr crypt curl dga directfb divx4linux dvd emboss encode exif fam fbcon fortran gd gdbm gif gpm gstreamer gtk gtk2 imagemagick imlib jpeg kdeenablefinal lcms libedit libg++ libwww mad maildir mikmod mime mmx mng motif mp3 mpeg ncurses nls nocd nptl offensive ogg oggvorbis openal opengl oss pam pdflib perl pic png python qt quicktime readline sdl session skey slang spell ssl svg svga tcltk tcpd threads tidy tiff truetype truetype-fonts type1-fonts userlocales videos vorbis wmf wxwindows x86 xml xml2 xmms xosd xpm xv xvid zlib video_cards_nvidia linguas_pt_BR" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LDFLAGS ------------------------------------------------------------ Changing permitions in /etc/ddclient, (chmod -Rfv ug+X /etc/ddclient/) the init script works again, but complaining about permissions ------------------------------------------------------------ /etc/init.d/ddclient start * Starting DDClient ... WARNING: file /etc/ddclient/ddclient.conf: file /etc/ddclient/ddclient.conf must be accessible only by its owner. ------------------------------------------------------------ I don't known if it's secutity flaw, but i need desesperately this service working. I hope this should help. Cheers.
I had to do the following: chmod 750 /etc/ddclient (probably not neccessary) chown ddclient:ddclient /etc/ddclient chmod 600 /etc/ddclient/ddclient.conf /etc/ddclient/ddclient.cache chown ddclient:ddclient /etc/ddclient/ddclient.conf /etc/ddclient/ddclient.cache
