On Mon, 14 May 2012, Siôn Lloyd wrote:
The enforcer does drop privs before creating/grabbing the lock file... Is it possible that the lock file is left from some previous process that was run as root?
that's possible, though unlikely, as no other processes then the ods-enforcerd and ods-signerd are running continiously to keep the lock. I might have run ods-hsmutil/ods-ksmutil, but those should not be keeping any lock files around? Similarly, it seems the HSM is accessed as uid or euid root, because when using AEP, the process is looking for /root/Keyper. I'm also not sure about their library properly handling HOME= or KEYPER_LIBRARY_PATH= as these seem to be ignored some times, or perhaps it gives up on a permission denied (eg in /root/) before trying other locations. Does anyone know the "machine" file syntax to pin the Keyper related files in 1 location despite userid and environment variables? Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
