schipmolder
asked on
OS X Quagga start at boot
Hi all,
I've got a Mac OS X 10.5.5 server that needs to use Quagga (zebra/bgpd) for it's routing.
Quagga itself is running fine when started by root and it's set to run as the quagga user.
The problem is that I can't get the daemons to start using LaunchDeamons and I get the following error:
bind: Permission denied
I assume this is because the daemon (in this case zebra) needs to bind to a socket, but no matter what I do it seems to have this problem.
I've tried several plist setups, but all to no avail.
Has anyone managed to get this to work?
Cheers
Skip
I've got a Mac OS X 10.5.5 server that needs to use Quagga (zebra/bgpd) for it's routing.
Quagga itself is running fine when started by root and it's set to run as the quagga user.
The problem is that I can't get the daemons to start using LaunchDeamons and I get the following error:
bind: Permission denied
I assume this is because the daemon (in this case zebra) needs to bind to a socket, but no matter what I do it seems to have this problem.
I've tried several plist setups, but all to no avail.
Has anyone managed to get this to work?
Cheers
Skip
have you tried setuid root on the binary?
ASKER
I hadn't, but just tried it and same error.
The plist I'm using now is:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs$
<plist version="1.0">
<dict>
<key>Label</key>
<string>zebra</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/sbin/ze bra</strin g>
<key>ProgramArguments</key >
<array>
<string>/usr/local/sbin/ze bra</strin g>
<string>-d</string>
</array>
</dict>
</plist>
The plist I'm using now is:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs$
<plist version="1.0">
<dict>
<key>Label</key>
<string>zebra</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/sbin/ze
<key>ProgramArguments</key
<array>
<string>/usr/local/sbin/ze
<string>-d</string>
</array>
</dict>
</plist>
/sbin/launchd is prob not running as root
otherwise you could specify
UserName <string>
This optional key specifies the user to run the job as. This key is only applicable when launchd is
running as root.
GroupName <string>
This optional key specifies the group to run the job as. This key is only applicable when launchd is
running as root. If UserName is set and GroupName is not, the the group will be set to the default
group of the user.
zebra is supposed to drop root priv on it's own and become the zebra uid after it binds the privileged port. So root should be a good choice for both.
do a 'ps' for launchd and see if its running as root or some whacked out _securityagent user
check this out for reference.
http://developer.apple.com/technotes/tn2005/tn2083.html
otherwise you could specify
UserName <string>
This optional key specifies the user to run the job as. This key is only applicable when launchd is
running as root.
GroupName <string>
This optional key specifies the group to run the job as. This key is only applicable when launchd is
running as root. If UserName is set and GroupName is not, the the group will be set to the default
group of the user.
zebra is supposed to drop root priv on it's own and become the zebra uid after it binds the privileged port. So root should be a good choice for both.
do a 'ps' for launchd and see if its running as root or some whacked out _securityagent user
check this out for reference.
http://developer.apple.com/technotes/tn2005/tn2083.html
ASKER
Yeah, well launchd is running as root and when I start zebra manually (as root) it does drop to the 'quagga' user nicely, but the plist below only causes the same permissions error as before plus the "Throttling respawn: Will start in 10 seconds" message.
I've already looked at the tech note, but as far as I can see it should all work. Apparently I'm missing something thought.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>zebra</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/sbin/ze bra</strin g>
<key>ProgramArguments</key >
<array>
<string>/usr/local/sbin/ze bra</strin g>
<string>-d</string>
</array>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
I've already looked at the tech note, but as far as I can see it should all work. Apparently I'm missing something thought.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>zebra</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/sbin/ze
<key>ProgramArguments</key
<array>
<string>/usr/local/sbin/ze
<string>-d</string>
</array>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Group
You need UID and GID
ASKER
Hi DJDecay,
Sorry for the delay, I had some other things to sort out before I could get back to this one.
Ok, I now have the following plist, but not sure what groupname to use.
With this plist I get the exact same permissions error by the way.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>zebra</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/sbin/ze bra</strin g>
<key>ProgramArguments</key >
<array>
<string>/usr/local/sbin/ze bra</strin g>
<string>-d</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
</dict>
</plist>
Sorry for the delay, I had some other things to sort out before I could get back to this one.
Ok, I now have the following plist, but not sure what groupname to use.
With this plist I get the exact same permissions error by the way.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>zebra</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/usr/local/sbin/ze
<key>ProgramArguments</key
<array>
<string>/usr/local/sbin/ze
<string>-d</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
</dict>
</plist>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.