dnscache runs under daemontools, unable to bind (access denied) using runit

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

* dnscache runs under daemontools, unable to bind (access denied) using runit
@ 2005-05-20 12:04 Charles M. Gerungan
  2005-05-20 12:10 ` Charles M. Gerungan
  2005-05-20 16:03 ` Gregg Howe
  0 siblings, 2 replies; 6+ messages in thread
From: Charles M. Gerungan @ 2005-05-20 12:04 UTC (permalink / raw)


This starts up dnscache and it responds to queries:

# cat run.daemontools
#!/bin/sh
exec 2>&1
exec <seed
exec envdir ./env sh -c '
   exec envuidgid Gdnscache softlimit -o250 -d "$DATALIMIT" /usr/ 
local/bin/dnscache
'

This does not start up (an adapted version of http://www.skarnet.org: 
80/lists/archive.cgi?2:msp:1046:midfmaimamejgmijfagg -- the content  
of the env dir wasn't given so I hope I interpreted the manual  
correctly):

# cat run
#!/bin/sh
exec 2>&1
exec <seed
exec chpst -v -u Gdnscache:Gnofiles -e ./env -o 250 /usr/local/bin/ 
dnscache

The error I'm getting when invoking:

# ./run
dnscache: fatal: unable to bind UDP socket: access denied

Here's the content of the env dir:

# ll env
total 14
drwxr-sr-x    2 root     wheel         512 May 20 00:31 ./
drwxr-sr-t    5 root     wheel         512 May 20 08:57 ../
-rw-r--r--    1 root     wheel           8 May 20 00:31 CACHESIZE
-rw-r--r--    1 root     wheel           8 May 20 00:31 DATALIMIT
-rw-r--r--    1 root     wheel          13 May 20 02:59 IP
-rw-r--r--    1 root     wheel           8 May 20 00:31 IPSEND
-rw-r--r--    1 root     wheel          25 May 20 00:31 ROOT

# cat env/*
1000000
3000000
83.98.165.81
0.0.0.0
/var/svc.d/dnscache/root

Why am I getting the error and how do I solve it?

-- 
Regards, Charles.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
  2005-05-20 12:04 dnscache runs under daemontools, unable to bind (access denied) using runit Charles M. Gerungan
@ 2005-05-20 12:10 ` Charles M. Gerungan
  2005-05-20 16:03 ` Gregg Howe
  1 sibling, 0 replies; 6+ messages in thread
From: Charles M. Gerungan @ 2005-05-20 12:10 UTC (permalink / raw)


I neglected to post versions:

$ uname -a
FreeBSD redbus.lahaya.com 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun  
May  8 10:21:06 UTC 2005     root@harlow.cse.buffalo.edu:/usr/obj/usr/ 
src/sys/GENERIC  i386

Installed: http://smarden.org/runit/runit-1.2.3.tar.gz

-- 
Regards, Charles.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
  2005-05-20 12:04 dnscache runs under daemontools, unable to bind (access denied) using runit Charles M. Gerungan
  2005-05-20 12:10 ` Charles M. Gerungan
@ 2005-05-20 16:03 ` Gregg Howe
  2005-05-20 17:18   ` Charles M. Gerungan
  1 sibling, 1 reply; 6+ messages in thread
From: Gregg Howe @ 2005-05-20 16:03 UTC (permalink / raw)



----- Original Message ----- 
From: "Charles M. Gerungan" <charles@nednieuws.com>
To: <supervision@list.skarnet.org>
Sent: Friday, May 20, 2005 5:04 AM
Subject: dnscache runs under daemontools, unable to bind
(access denied) using runit


> This starts up dnscache and it responds to queries:
>
> # cat run.daemontools
> #!/bin/sh
> exec 2>&1
> exec <seed
> exec envdir ./env sh -c '
>    exec envuidgid Gdnscache softlimit -o250 -d
"$DATALIMIT" /usr/
> local/bin/dnscache
> '
>
> This does not start up (an adapted version of
http://www.skarnet.org:
> 80/lists/archive.cgi?2:msp:1046:midfmaimamejgmijfagg -- 
the content
> of the env dir wasn't given so I hope I interpreted the
manual
> correctly):
>
> # cat run
> #!/bin/sh
> exec 2>&1
> exec <seed
> exec chpst -v -u Gdnscache:Gnofiles -e ./env -o 250
/usr/local/bin/
> dnscache
>
> The error I'm getting when invoking:
>
> # ./run
> dnscache: fatal: unable to bind UDP socket: access denied
>
>
> Why am I getting the error and how do I solve it?
>
> -- 
> Regards, Charles.


Charles--

The "-u" option in chpst changes dnscache to an unprivileged
user before it executes, so it isn't able to bind the UPD
socket.  If you use "-U" instead, dnscache will be able to
complete this before it changes to Gdnscache.

Gregg



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
  2005-05-20 16:03 ` Gregg Howe
@ 2005-05-20 17:18   ` Charles M. Gerungan
  2005-05-20 17:22     ` Charlie Brady
  0 siblings, 1 reply; 6+ messages in thread
From: Charles M. Gerungan @ 2005-05-20 17:18 UTC (permalink / raw)


Op 20-mei-2005, om 18:03 heeft Gregg Howe het volgende geschreven:

> The "-u" option in chpst changes dnscache to an unprivileged
> user before it executes, so it isn't able to bind the UPD
> socket.  If you use "-U" instead, dnscache will be able to
> complete this before it changes to Gdnscache.

Oh, man, I think it's time to modify the manpage as -- at least to me  
-- what you said wasn't obvious:

OPTIONS
        -u user[:group]
               setuidgid.   Set uid and gid to the user's uid and  
gid.  If user
               is followed by a colon and a group, set the gid to   
group's  gid
               instead of user's gid.  All supplementary groups are  
removed.

        -U user[:group]
               envuidgid.   Set  the environment variables $UID and  
$GID to the
               user's uid and gid.  If user is followed by a colon  
and a group,
               set $GID to the group's gid instead of user's gid.

So the difference is that -u drops privileges before the program is  
invoked and -U after?

Thanks for your help. Next step: tinydns.

-- 
Regards, Charles.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
  2005-05-20 17:18   ` Charles M. Gerungan
@ 2005-05-20 17:22     ` Charlie Brady
  2005-05-20 17:31       ` Charles M. Gerungan
  0 siblings, 1 reply; 6+ messages in thread
From: Charlie Brady @ 2005-05-20 17:22 UTC (permalink / raw)
  Cc: supervision


On Fri, 20 May 2005, Charles M. Gerungan wrote:

> -U user[:group]
>              envuidgid.   Set  the environment variables $UID and $GID to the
>              user's uid and gid.  If user is followed by a colon and a  group,
>              set $GID to the group's gid instead of user's gid.
>
> So the difference is that -u drops privileges before the program is invoked 
> and -U after?

-U doesn't do anything with privileges. It does exactly what the 
documentation says it does - it sets environment variables.

Read dnscache documentation for effect of any environment variable 
settings.

---
Charlie


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: dnscache runs under daemontools, unable to bind (access denied) using runit
  2005-05-20 17:22     ` Charlie Brady
@ 2005-05-20 17:31       ` Charles M. Gerungan
  0 siblings, 0 replies; 6+ messages in thread
From: Charles M. Gerungan @ 2005-05-20 17:31 UTC (permalink / raw)


Op 20-mei-2005, om 19:22 heeft Charlie Brady het volgende geschreven:

> -U doesn't do anything with privileges. It does exactly what the  
> documentation says it does - it sets environment variables.

Found it. Thanks for pointing that out.

-- 
Regards, Charles.



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2005-05-20 17:31 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-05-20 12:04 dnscache runs under daemontools, unable to bind (access denied) using runit Charles M. Gerungan
2005-05-20 12:10 ` Charles M. Gerungan
2005-05-20 16:03 ` Gregg Howe
2005-05-20 17:18   ` Charles M. Gerungan
2005-05-20 17:22     ` Charlie Brady
2005-05-20 17:31       ` Charles M. Gerungan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).