* dnscache runs under daemontools, unable to bind (access denied) using runit
@ 2005-05-20 12:04 Charles M. Gerungan
2005-05-20 12:10 ` Charles M. Gerungan
2005-05-20 16:03 ` Gregg Howe
0 siblings, 2 replies; 6+ messages in thread
From: Charles M. Gerungan @ 2005-05-20 12:04 UTC (permalink / raw)
This starts up dnscache and it responds to queries:
# cat run.daemontools
#!/bin/sh
exec 2>&1
exec <seed
exec envdir ./env sh -c '
exec envuidgid Gdnscache softlimit -o250 -d "$DATALIMIT" /usr/
local/bin/dnscache
'
This does not start up (an adapted version of http://www.skarnet.org:
80/lists/archive.cgi?2:msp:1046:midfmaimamejgmijfagg -- the content
of the env dir wasn't given so I hope I interpreted the manual
correctly):
# cat run
#!/bin/sh
exec 2>&1
exec <seed
exec chpst -v -u Gdnscache:Gnofiles -e ./env -o 250 /usr/local/bin/
dnscache
The error I'm getting when invoking:
# ./run
dnscache: fatal: unable to bind UDP socket: access denied
Here's the content of the env dir:
# ll env
total 14
drwxr-sr-x 2 root wheel 512 May 20 00:31 ./
drwxr-sr-t 5 root wheel 512 May 20 08:57 ../
-rw-r--r-- 1 root wheel 8 May 20 00:31 CACHESIZE
-rw-r--r-- 1 root wheel 8 May 20 00:31 DATALIMIT
-rw-r--r-- 1 root wheel 13 May 20 02:59 IP
-rw-r--r-- 1 root wheel 8 May 20 00:31 IPSEND
-rw-r--r-- 1 root wheel 25 May 20 00:31 ROOT
# cat env/*
1000000
3000000
83.98.165.81
0.0.0.0
/var/svc.d/dnscache/root
Why am I getting the error and how do I solve it?
--
Regards, Charles.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
2005-05-20 12:04 dnscache runs under daemontools, unable to bind (access denied) using runit Charles M. Gerungan
@ 2005-05-20 12:10 ` Charles M. Gerungan
2005-05-20 16:03 ` Gregg Howe
1 sibling, 0 replies; 6+ messages in thread
From: Charles M. Gerungan @ 2005-05-20 12:10 UTC (permalink / raw)
I neglected to post versions:
$ uname -a
FreeBSD redbus.lahaya.com 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun
May 8 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/
src/sys/GENERIC i386
Installed: http://smarden.org/runit/runit-1.2.3.tar.gz
--
Regards, Charles.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
2005-05-20 12:04 dnscache runs under daemontools, unable to bind (access denied) using runit Charles M. Gerungan
2005-05-20 12:10 ` Charles M. Gerungan
@ 2005-05-20 16:03 ` Gregg Howe
2005-05-20 17:18 ` Charles M. Gerungan
1 sibling, 1 reply; 6+ messages in thread
From: Gregg Howe @ 2005-05-20 16:03 UTC (permalink / raw)
----- Original Message -----
From: "Charles M. Gerungan" <charles@nednieuws.com>
To: <supervision@list.skarnet.org>
Sent: Friday, May 20, 2005 5:04 AM
Subject: dnscache runs under daemontools, unable to bind
(access denied) using runit
> This starts up dnscache and it responds to queries:
>
> # cat run.daemontools
> #!/bin/sh
> exec 2>&1
> exec <seed
> exec envdir ./env sh -c '
> exec envuidgid Gdnscache softlimit -o250 -d
"$DATALIMIT" /usr/
> local/bin/dnscache
> '
>
> This does not start up (an adapted version of
http://www.skarnet.org:
> 80/lists/archive.cgi?2:msp:1046:midfmaimamejgmijfagg --
the content
> of the env dir wasn't given so I hope I interpreted the
manual
> correctly):
>
> # cat run
> #!/bin/sh
> exec 2>&1
> exec <seed
> exec chpst -v -u Gdnscache:Gnofiles -e ./env -o 250
/usr/local/bin/
> dnscache
>
> The error I'm getting when invoking:
>
> # ./run
> dnscache: fatal: unable to bind UDP socket: access denied
>
>
> Why am I getting the error and how do I solve it?
>
> --
> Regards, Charles.
Charles--
The "-u" option in chpst changes dnscache to an unprivileged
user before it executes, so it isn't able to bind the UPD
socket. If you use "-U" instead, dnscache will be able to
complete this before it changes to Gdnscache.
Gregg
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
2005-05-20 16:03 ` Gregg Howe
@ 2005-05-20 17:18 ` Charles M. Gerungan
2005-05-20 17:22 ` Charlie Brady
0 siblings, 1 reply; 6+ messages in thread
From: Charles M. Gerungan @ 2005-05-20 17:18 UTC (permalink / raw)
Op 20-mei-2005, om 18:03 heeft Gregg Howe het volgende geschreven:
> The "-u" option in chpst changes dnscache to an unprivileged
> user before it executes, so it isn't able to bind the UPD
> socket. If you use "-U" instead, dnscache will be able to
> complete this before it changes to Gdnscache.
Oh, man, I think it's time to modify the manpage as -- at least to me
-- what you said wasn't obvious:
OPTIONS
-u user[:group]
setuidgid. Set uid and gid to the user's uid and
gid. If user
is followed by a colon and a group, set the gid to
group's gid
instead of user's gid. All supplementary groups are
removed.
-U user[:group]
envuidgid. Set the environment variables $UID and
$GID to the
user's uid and gid. If user is followed by a colon
and a group,
set $GID to the group's gid instead of user's gid.
So the difference is that -u drops privileges before the program is
invoked and -U after?
Thanks for your help. Next step: tinydns.
--
Regards, Charles.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
2005-05-20 17:18 ` Charles M. Gerungan
@ 2005-05-20 17:22 ` Charlie Brady
2005-05-20 17:31 ` Charles M. Gerungan
0 siblings, 1 reply; 6+ messages in thread
From: Charlie Brady @ 2005-05-20 17:22 UTC (permalink / raw)
Cc: supervision
On Fri, 20 May 2005, Charles M. Gerungan wrote:
> -U user[:group]
> envuidgid. Set the environment variables $UID and $GID to the
> user's uid and gid. If user is followed by a colon and a group,
> set $GID to the group's gid instead of user's gid.
>
> So the difference is that -u drops privileges before the program is invoked
> and -U after?
-U doesn't do anything with privileges. It does exactly what the
documentation says it does - it sets environment variables.
Read dnscache documentation for effect of any environment variable
settings.
---
Charlie
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-05-20 17:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-05-20 12:04 dnscache runs under daemontools, unable to bind (access denied) using runit Charles M. Gerungan
2005-05-20 12:10 ` Charles M. Gerungan
2005-05-20 16:03 ` Gregg Howe
2005-05-20 17:18 ` Charles M. Gerungan
2005-05-20 17:22 ` Charlie Brady
2005-05-20 17:31 ` Charles M. Gerungan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).