[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
isakmpd privsep
- To: misc@openbsd.org
- Subject: isakmpd privsep
- From: jared r r spiegel <jrrs@ice-nine.org>
- Date: Wed, 10 Sep 2003 01:41:29 -0600
- Content-Disposition: inline
- User-Agent: Mutt/1.5.4i
i've noticed isakmpd running as root ever since i added
the _isakmpd user/group as per the upg-minifaq when it
went in there. so, i tried to get some privsep action tonight.
i found 'privsep' commented out in /usr/src/sbin/isakmpd/Makefile,
so uncommented it and remaked/sudo make installed isakmpd.
when i ran it ( whether 'sudo isakmpd' or '# isakmpd -d -n -p5000
-f/tmp/isakmpd.fifo -i /tmp/isakmpd.pid -R /tmp/isakmpd.report',
thinking it was a 'writable file' permissions issue ) i got:
021544.197611 Default mm_send_fd: sendmsg(-1): Bad file descriptor [priv]
021544.198847 Default m_priv_getfd: read/write operation failed: Bad file descriptor [priv]
and none of my normal VPN action was usable ( no flows negotiated,
i suppose; 192.168.VPN.IPs weren't pingable, etc ).
i did 'chown -R _isakmpd: *' in /etc/isakmpd, and then when that
didn't matter, did the chown to :_isakmpd group as well. same.
( normally they're all root:wheel with various default-compliant
permissions ).
google and marc.theaimsgroup for 'isakmpd privsep' gave me a bunch
of cvs logs, and also grepping the README, TO-DO, BUGS and QUESTIONS
files didn't seem to yield privsep info.
is there a faq/readme or otherwise useful info page i should be
reading to get the privsep to function successfully?
thank you for the time,
jared.
--
[ openbsd 3.4-beta GENERIC ( sept 9 ) // i386 ]