Bug #2572
closed
bgpd[30274]: /var/etc/openbgpd/bgpd.conf: owner not root or current user
100%
Description
I think I may have hit a condition where the openbgpd daemon is started as root but the bgpd.conf file is set to be owned by _bgp.
The bgpd.conf looks like this:
rw------ 1 _bgpd _bgpd 486 Aug 2 17:57 bgpd.conf
The bgpd daemon looks like this when it starts from the GUI:
[2.0.1-RELEASE][root@pfsense]/root(23): ps xawwwu | grep bgpd
root 63205 0.0 0.1 3524 1256 1 S+ 5:59PM 0:00.00 grep bgpd
From command line without altering the config file:
[2.0.1-RELEASE][root@pfsense]/var/etc/openbgpd(70): /usr/local/sbin/bgpd -d -v -f bgpd.conf
startup
bgpd.conf: owner not root or current user
config file bgpd.conf has errors, not reloading
Terminating
Changing ownership on the file:
[2.0.1-RELEASE][root@pfsense]/var/etc/openbgpd(71): chown root bgpd.conf
[2.0.1-RELEASE][root@pfsense]/var/etc/openbgpd(72): ls la bgpd.conf 1 root _bgpd 486 Aug 2 17:57 bgpd.conf
-rw------
Then command line:
[2.0.1-RELEASE][root@pfsense]/var/etc/openbgpd(74): /usr/local/sbin/bgpd -d -v -f bgpd.conf
startup
route decision engine ready
no kernel support for PF_KEY
session engine ready
new ktable rdomain_0 for rtableid 0
RDE reconfigured
listening on XXXXXXX
SE reconfigured
neighbor XXXXXX (DC2 6509): state change None -> Idle, reason: None
.....
^Cneighbor XXXXXX (DC2 6509): state change Active -> Idle, reason: Stop
neighbor XXXXX (DC1 6509): state change Active -> Idle, reason: Stop
session engine exiting
route decision engine exiting
kernel routing table 0 (Loc-RIB) decoupled
freeing ktable Loc-RIB rtableid 0
Terminating
Changing the permissions on the bgpd.conf isn't a work around as some process comes along and resets its permissions.
For reference here the sanitised bgpd.conf as generated by GUI:
- This file was created by the package manager. Do not edit!
AS 65402
fib-update yes
holdtime 90
listen on XXX.30.16.244
neighbor XXX.30.16.242 {
descr "DC1 6509"
remote-as 65401
set localpref 120
set nexthop self
announce none
}
neighbor XXX.30.16.243 {
descr "DC2 6509"
remote-as 65401
set nexthop self
announce none
set localpref 80
}
deny from any
deny to any
allow from XXX.30.16.242
allow to XXX.30.16.242
allow from XXX.30.16.243
allow to XXX.30.16.243
Updated by Mark B almost 13 years ago
Altering /usr/local/pkg/openbgpd.inc like this:
/*
$pkg_login = "_bgpd";
$pkg_uid = "130";
*/
$pkg_login = "root";
$pkg_uid = "0";
Allowed the bgpd daemon to start.
Updated by Jim Pingle almost 13 years ago
I've had a note here that it needs work but haven't had time to fix it yet. That might be an OK workaround, though I had something else in mind.
Updated by Jim Pingle almost 13 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset commit:c4cb635d11cd82e98be9d16d9abf4fc8b4a35c84.
Updated by Chris Buechler over 12 years ago
- Status changed from Feedback to Resolved