[Opendnssec-user] zone fetcher can't bind udp/ipv4 socket: Permission denied
Markus Lauer
mlauer at key-systems.net
Thu Dec 16 11:07:16 UTC 2010
Hi Rickard,
The code is very clear and straight forward.
I tried trunk again, but unfortunatly ports do not listen...
Am Donnerstag 16 Dezember 2010, 11:57:07 schrieben Sie:
> On 16 dec 2010, at 11.42, Rick van Rein wrote:
> >> Can anyone confirm this is fixed and zonefetcher can be run as non-root
> >> (while listing on port 53).
> >
> > Non-root processes cannot listen to ports < 1024 on UNIX systems.
>
> It first binds to the socket:
> http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/tools/zone_f
> etcher.c#L1425
>
> Then drop privileges:
> http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/tools/zone_f
> etcher.c#L1438
>
> The process must be started with root privileges and will then drop to the
> user / group specified in conf.xml
>
> // Rickard
More information about the Opendnssec-user
mailing list