Project

General

Profile

Actions

Bug #4936

closed

dhcpd sets wrong permissions on leases files

Added by Stefan Tollkühn over 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Category:
DHCP (IPv4)
Target version:
Start date:
08/14/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

Hi,

I hope this is not a duplicate, at least I didn't found an issue which matches our problem.

We upgraded our pfSense instance from 2.1.5 to 2.2.4. Everytime I change something on our dhcp service apply those changes or just restart the dhcp services, the leases files gets the wrong permissions, which leads into "no free leases" error in the logs. We do only use IPv4.

This is what the permission look like:

[2.2.4-RELEASE][admin@ro0001.local]/var/dhcpd/var/db: ls -al
total 8
drwxr-xr-x 2 dhcpd _dhcp 512 Aug 14 12:51 .
drwxr-xr-x 4 dhcpd _dhcp 512 Jan 12 2015 ..
-rw-r--r-- 1 root _dhcp 670 Aug 14 12:51 dhcpd.leases
-rw-r--r-- 1 dhcpd _dhcp 670 Aug 14 12:48 dhcpd.leases~
-rw-r--r-- 1 dhcpd _dhcp 0 Jan 12 2015 dhcpd6.leases

and this is what it should look like (I checked this on another pfSense instance, which was setup from scratch):

[2.2.4-RELEASE][admin@ro0201.local]/root: ls -lah /var/dhcpd/var/db/
total 16
drwxr-xr-x 2 dhcpd _dhcp 512B Aug 14 11:50 .
drwxr-xr-x 4 dhcpd _dhcp 512B May 10 2014 ..
-rw-r--r-- 1 dhcpd _dhcp 3.0K Aug 14 11:50 dhcpd.leases
-rw-r--r-- 1 root _dhcp 3.0K Aug 14 11:50 dhcpd.leases~
-rw-r--r-- 1 dhcpd _dhcp 0B May 10 2014 dhcpd6.leases

Notice the ownership of the dhcpd.leases file.

Any hints on how to solve this issue are highly appreciated.

Thanks in advance

Stefan


Files

issue_fixed.png (57 KB) issue_fixed.png Screenshot of fixed issue sebastian nielsen, 02/16/2016 04:57 PM
Actions #1

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Feedback
  • Affected Version deleted (2.2.4)

Our code doesn't set permissions on dhcpd.leases anywhere I see. I can't find any system that has it wrong, and a huge number of people would be screaming if the DHCP server didn't work at all (which would be the end result there). Even rare edge cases would have popped up multiple times by now.

you have something non-stock on there?

Actions #2

Updated by James Brechtel over 8 years ago

Chris Buechler wrote:

Our code doesn't set permissions on dhcpd.leases anywhere I see. I can't find any system that has it wrong, and a huge number of people would be screaming if the DHCP server didn't work at all (which would be the end result there). Even rare edge cases would have popped up multiple times by now.

you have something non-stock on there?

Hmm, I just ran into this on a fresh install of 2.2.5-RELEASE. Out of the box dhcpd.leases is owned by root and I'm getting "no free leases" in the DHCPD logs.

chowning the file and restarting the dhcpd server results in the file being owned by root again.

Nothing non-stock. I used the latest live-cd/installer ISO and chose quick install then just configured subnets, hostnames, dns.

[2.2.5-RELEASE][admin@tamika.sodosopa]/var/dhcpd/var/db: ls -latrh
total 20
-rw-r--r--  1 dhcpd  _dhcp     0B Nov  8 11:32 dhcpd6.leases~
drwxr-xr-x  4 dhcpd  _dhcp   512B Nov  8 11:32 ..
-rw-r--r--  1 dhcpd  _dhcp   189B Nov  8 11:34 dhcpd6.leases
-rw-r--r--  1 dhcpd  _dhcp   189B Nov  8 11:58 dhcpd.leases~
-rw-r--r--  1 root   _dhcp   189B Nov  8 12:04 dhcpd.leases
drwxr-xr-x  2 dhcpd  _dhcp   512B Nov  8 12:04 .

Nov 8 12:04:27     pfSense dhcpd: exiting.
Nov 8 17:04:40     pfSense dhcpd: DHCPDISCOVER from 4c:34:88:85:33:f6 via em0: network 192.168.10.0/24: no free leases
Nov 8 17:04:44     pfSense dhcpd: DHCPDISCOVER from 40:b8:37:bc:bd:91 via em0: network 192.168.10.0/24: no free leases
Actions #3

Updated by Chris Buechler about 8 years ago

  • Subject changed from pfSense 2.2.4 after update dhcpd sets wrong permissions on leases files to dhcpd sets wrong permissions on leases files
  • Assignee set to Chris Buechler
  • Target version set to 2.3
  • Affected Architecture All added
  • Affected Architecture deleted (amd64)

seems this is some unusual edge case from a recent change in dhcpd. But now I'm seeing it on 2.3 systems that have no problems handing out leases, updating their leases file and otherwise work just fine. Adding a chown dhcpd after where we touch dhcpd.leases if it doesn't exist doesn't change anything, as soon as dhcpd starts the permissions on dhcpd.leases go back to root:_dhcpd.

2.3 has the same dhcpd version as 2.2.6 though. Unless this also stopped in 2.2.6, there is probably some issue here.

Anyone still replicate this on 2.2.6?

Actions #4

Updated by Jorge Eduardo Birck about 8 years ago

Same error when upgrade from 2.2.2 i386 to 2.2.6 AMD64:

network 10.0.100.0/22: no free leases

I changed the LAN to 10.0.100.254/21 for more leases but dhcpd output 10.0.100.0/22 @ log.

Actions #5

Updated by Chris Buechler about 8 years ago

We're now on dhcpd 4.3. This is an issue in dhcpd, so may be fixed. I don't have a replicable test case.

Actions #6

Updated by sebastian nielsen about 8 years ago

You can set this to fixed.

Actions #7

Updated by sebastian nielsen about 8 years ago

Forgot to say that the screenshotted machine is running 2.2.6 if you want to specify like "fixed in version" or whatever.

Actions #8

Updated by Chris Buechler about 8 years ago

sebastian nielsen wrote:

You can set this to fixed.

Did you have a circumstance where this was reliably replicable before, and now isn't? That's a version prior to 2.3 since it has a System>Firmware menu item, so wouldn't have the dhcpd 4.3 update that we're hoping fixed whatever edge case happened here on occasion. It's something that happened only rarely.

Actions #9

Updated by sebastian nielsen about 8 years ago

aha so this is a intermittient bug?
I have never had this bug, so I tought it was fixed.

Actions #10

Updated by Chris Buechler about 8 years ago

  • Status changed from Feedback to Resolved

It's very intermittent. I believe this was fixed by dhcpd 4.3 upgrade in 2.3, no has seen it happen on 2.3.

Actions #11

Updated by Chris Buechler almost 8 years ago

  • Affected Version set to All
Actions

Also available in: Atom PDF