I compiled quagga 0.99.24.1 and 1.0.20160315 with the same parameters
and on the same host; the group is correctly set with 0.99.24.1 but
not on 1.0.20160315.
Here is the ./configure used:
./configure --enable-exampledir=/usr/share/doc/quagga/examples/
--localstatedir=/var/run/quagga --sbindir=/usr/lib/quagga
--sysconfdir=/etc/quagga --enable-snmp --enable-vtysh --enable-isisd
--enable-watchquagga --enable-ospf-te --enable-opaque-lsa
--enable-ipv6 --enable-ospfclient=yes --enable-ospfapi=yes
--enable-multipath=64 --enable-user=quagga --enable-group=quagga
--enable-vty-group=quaggavty --enable-configfile-mask=0640
--enable-logfile-mask=0640 --enable-rtadv --enable-gcc-rdynamic
--with-libpam
My server is running Debian Jessie.
Here is what I see running strace:
- 0.99.24.1:
chown("/var/run/quagga/ospf6d.vty", 4294967295, 118) = 0
- 1.0.20160315:
chown("/var/run/quagga/ospf6d.vty", 4294967295, 118) = -1 EPERM
(Operation not permitted)
Early on:
- 0.99.24.1:
open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
lseek(4, 0, SEEK_CUR) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=843, ...}) = 0
mmap(NULL, 843, PROT_READ, MAP_SHARED, 4, 0) = 0x7fdf0e423000
lseek(4, 843, SEEK_SET) = 843
munmap(0x7fdf0e423000, 843) = 0
close(4) = 0
setgroups(1, [118])
- 1.0.20160315:
open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
lseek(4, 0, SEEK_CUR) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=843, ...}) = 0
mmap(NULL, 843, PROT_READ, MAP_SHARED, 4, 0) = 0x7fbdc2187000
lseek(4, 843, SEEK_SET) = 843
munmap(0x7fbdc2187000, 843) = 0
close(4) = 0
setgroups(1, [1004]) = 0
118 is quaggavty's group, 1004 is quagga's group.
Here is the full traces:
- 0.99.24.1: http://www.pastefile.com/W26wof
- 1.0.20160915: http://www.pastefile.com/1kfxiG
I'm looking at lib/privs.c now and will send an email if I found
something (I'm not a developer so it could take me some time).
2016-04-08 10:20 GMT+02:00 Thomas Martin <[email protected]>:
> Hello Donald,
>
> Thanks for this confirmation; I will do more digging on my side.
>
> HAVE_GETGROUPLIST is set to 1; here are the files:
> - config.h: http://www.pastefile.com/7PKksc
> - config.log: http://www.pastefile.com/u6Z2DK
>
>
> Thank you.
>
> Thomas
>
> 2016-04-07 13:46 GMT+02:00 Donald Sharp <[email protected]>:
>> Thomas -
>>
>> It is working for me:
>>
>> root@Robot:/work/robot/sharpd/official# ls -altr /var/run/quagga
>> total 16
>> srwx------ 1 quagga quagga 0 Mar 24 07:54 zserv.api
>> -rw-r--r-- 1 quagga quagga 5 Mar 24 07:54 zebra.pid
>> srwxrwx--- 1 quagga quaggavty 0 Mar 24 07:54 zebra.vty
>> srwxrwx--- 1 quagga quaggavty 0 Mar 24 07:54 bgpd.vty
>> -rw-r--r-- 1 quagga quagga 5 Mar 24 07:54 bgpd.pid
>> srwxrwx--- 1 quagga quaggavty 0 Mar 24 07:54 pimd.vty
>> -rw-r--r-- 1 quagga quagga 5 Mar 24 07:54 pimd.pid
>> -rw-r--r-- 1 root root 5 Mar 24 07:54 watchquagga.pid
>> drwxr-xr-x 2 quagga quagga 200 Mar 24 07:54 .
>> drwxr-xr-x 24 root root 1060 Apr 6 22:01 ..
>> root@Robot:/work/robot/sharpd/official# vtysh -c "show ver"
>> Quagga 1.0.20160315 ().
>> Copyright 1996-2005 Kunihiro Ishiguro, et al.
>> configured with:
>> --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include
>> --mandir=${prefix}/share/man --infodir=${prefix}/share/info
>> --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/quagga
>> --disable-maintainer-mode --enable-dependency-checking
>> --enable-exampledir=/usr/share/doc/quagga/examples/
>> --localstatedir=/var/run/quagga --sbindir=/usr/lib/quagga
>> --sysconfdir=/etc/quagga --enable-vtysh --enable-isisd --enable-watchquagga
>> --enable-ospf-te --enable-opaque-lsa --enable-ipv6 --enable-ospfclient=yes
>> --enable-ospfapi=yes --enable-multipath=64 --enable-user=quagga
>> --enable-group=quagga --enable-vty-group=quaggavty
>> --enable-configfile-mask=0640 --enable-logfile-mask=0640 --enable-rtadv
>> --enable-werror --enable-gcc-rdynamic --with-libpam
>> build_alias=x86_64-linux-gnu --no-create --no-recursion
>> root@Robot:/work/robot/sharpd/official# ps -ef | grep quagga
>> quagga 3553 1 0 Apr02 ? 00:00:10 /usr/lib/quagga/zebra
>> --daemon -A 127.0.0.1
>> quagga 3562 1 0 Apr02 ? 00:00:26 /usr/lib/quagga/bgpd
>> --daemon -A 127.0.0.1
>> quagga 3569 1 0 Apr02 ? 00:00:06 /usr/lib/quagga/pimd
>> --daemon -A 127.0.0.1
>> root 3576 1 0 Apr02 ? 00:00:23 /usr/lib/quagga/watchquagga
>> -adz -r /usr/sbin/servicebBquaggabBrestartbB%s -s
>> /usr/sbin/servicebBquaggabBstartbB%s -k /usr/sbin/servicebBquaggabBstopbB%s
>> -b bB -t 30 zebra bgpd pimd
>> root 6307 6298 0 07:44 pts/1 00:00:00 grep quagga
>> root@Robot:/work/robot/sharpd/official#
>>
>>
>> What does your config.h have for HAVE_GETGROUPLIST? Can you point us at
>> your config.log and config.h files?
>>
>> Something strange has happened.
>>
>> donald
>>
>> On Thu, Apr 7, 2016 at 3:15 AM, Thomas Martin <[email protected]> wrote:
>>>
>>> Hello,
>>>
>>> I'm having issues with enable-vty-group with Quagga 1.0.20160315 (all
>>> daemons).
>>>
>>> I complied it with "--enable-vty-group=quaggavty", as usual, but the
>>> correct group is not set on vty:
>>> # ls -l /var/run/quagga/*vty
>>> srwxrwx--- 1 quagga quagga 0 Apr 7 09:08 /var/run/quagga/bgpd.vty
>>> srwxrwx--- 1 quagga quagga 0 Apr 7 09:08 /var/run/quagga/ospf6d.vty
>>> srwxrwx--- 1 quagga quagga 0 Apr 7 09:08 /var/run/quagga/ospfd.vty
>>> srwxrwx--- 1 quagga quagga 0 Apr 7 09:08 /var/run/quagga/zebra.vty
>>>
>>> I checked and the group quaggavty is correctly defined on my servers:
>>> # grep quaggavty /etc/group
>>> quaggavty:x:118:
>>>
>>>
>>> Am I the only one to have this issue or am I missing something ?
>>>
>>> Please note that I don't had this issue with Quagga 0.99.24.1 on the
>>> same servers.
>>>
>>>
>>> Thanks!
>>>
>>> FIY here is an "ospf6d -v":
>>> # /usr/lib/quagga/ospf6d -v
>>> ospf6d version 1.0.20160315
>>> Copyright 1996-2005 Kunihiro Ishiguro, et al.
>>> configured with:
>>> --build=x86_64-linux-gnu --prefix=/usr
>>> --includedir=${prefix}/include --mandir=${prefix}/share/man
>>> --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var
>>> --disable-silent-rules --libexecdir=${prefix}/lib/quagga
>>> --disable-maintainer-mode --disable-dependency-tracking
>>> --enable-exampledir=/usr/share/doc/quagga/examples/
>>> --localstatedir=/var/run/quagga --sbindir=/usr/lib/quagga
>>> --sysconfdir=/etc/quagga --enable-snmp --enable-vtysh --enable-isisd
>>> --enable-watchquagga --enable-ospf-te --enable-opaque-lsa
>>> --enable-ipv6 --enable-ospfclient=yes --enable-ospfapi=yes
>>> --enable-multipath=64 --enable-user=quagga --enable-group=quagga
>>> --enable-vty-group=quaggavty --enable-configfile-mask=0640
>>> --enable-logfile-mask=0640 --enable-rtadv --enable-gcc-rdynamic
>>> --with-libpam CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat
>>> -Werror=format-security CPPFLAGS=-D_FORTIFY_SOURCE=2 CXXFLAGS=-g -O2
>>> -fPIE -fstack-protector-strong -Wformat -Werror=format-security
>>> FCFLAGS=-g -O2 -fPIE -fstack-protector-strong FFLAGS=-g -O2 -fPIE
>>> -fstack-protector-strong GCJFLAGS=-g -O2 -fPIE
>>> -fstack-protector-strong LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now
>>> OBJCFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat
>>> -Werror=format-security OBJCXXFLAGS=-g -O2 -fPIE
>>> -fstack-protector-strong -Wformat -Werror=format-security
>>>
>>> _______________________________________________
>>> Quagga-users mailing list
>>> [email protected]
>>> https://lists.quagga.net/mailman/listinfo/quagga-users
>>
>>
_______________________________________________
Quagga-users mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-users
