Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 765
  • Last Modified:

OS X Quagga start at boot

Hi all,

I've got a Mac OS X 10.5.5 server that needs to use Quagga (zebra/bgpd) for it's routing.
Quagga itself is running fine when started by root and it's set to run as the quagga user.

The problem is that I can't get the daemons to start using LaunchDeamons and I get the following error:

bind: Permission denied

I assume this is because the daemon (in this case zebra) needs to bind to a socket, but no matter what I do it seems to have this problem.

I've tried several plist setups, but all to no avail.

Has anyone managed to get this to work?

Cheers
Skip
0
schipmolder
Asked:
schipmolder
  • 4
  • 4
1 Solution
 
DJDecayCommented:
have you tried setuid root on the binary?
0
 
schipmolderAuthor Commented:
I hadn't, but just tried it and same error.

The plist I'm using now is:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs$
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>zebra</string>
        <key>OnDemand</key>
        <false/>
        <key>Program</key>
        <string>/usr/local/sbin/zebra</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/sbin/zebra</string>
                <string>-d</string>
        </array>
</dict>
</plist>

0
 
DJDecayCommented:
/sbin/launchd is prob not running as root
otherwise you could specify

UserName <string>
     This optional key specifies the user to run the job as. This key is only applicable when launchd is
     running as root.

GroupName <string>
     This optional key specifies the group to run the job as. This key is only applicable when launchd is
     running as root. If UserName is set and GroupName is not, the the group will be set to the default
     group of the user.

zebra is supposed to drop root priv on it's own and become the zebra uid after it binds the privileged port. So root should be a good choice for both.

do a 'ps' for launchd and see if its running as root or some whacked out _securityagent  user
check this out for reference.

http://developer.apple.com/technotes/tn2005/tn2083.html


0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
schipmolderAuthor Commented:
Yeah, well launchd is running as root and when I start zebra manually (as root) it does drop to the 'quagga' user nicely, but the plist below only causes the same permissions error as before plus the "Throttling respawn: Will start in 10 seconds" message.

I've already looked at the tech note, but as far as I can see it should all work. Apparently I'm missing something thought.


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
      <key>Label</key>
      <string>zebra</string>
      <key>OnDemand</key>
      <false/>
      <key>Program</key>
      <string>/usr/local/sbin/zebra</string>
      <key>ProgramArguments</key>
      <array>
            <string>/usr/local/sbin/zebra</string>
            <string>-d</string>
      </array>
      <key>UserName</key>
      <string>root</string>
</dict>
</plist>

0
 
DJDecayCommented:
Group
0
 
DJDecayCommented:
You need UID and GID
0
 
schipmolderAuthor Commented:
Hi DJDecay,

Sorry for the delay, I had some other things to sort out before I could get back to this one.

Ok, I now have the following plist, but not sure what groupname to use.
With this plist I get the exact same permissions error by the way.
   

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>zebra</string>
        <key>OnDemand</key>
        <false/>
        <key>Program</key>
        <string>/usr/local/sbin/zebra</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/sbin/zebra</string>
                <string>-d</string>
        </array>
        <key>UserName</key>
        <string>root</string>
        <key>GroupName</key>
        <string>wheel</string>
</dict>
</plist>

0
 
schipmolderAuthor Commented:
Does anyone have any ideas?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now