[Opendnssec-user] ods-ksmutil and /var/opendnssec/kasp.db.our_lock

Paul Wouters paul at nohats.ca
Mon May 14 17:08:49 UTC 2012


On Mon, 14 May 2012, Siôn Lloyd wrote:

> The enforcer does drop privs before creating/grabbing the lock file...
> Is it possible that the lock file is left from some previous process
> that was run as root?

that's possible, though unlikely, as no other processes then the
ods-enforcerd and ods-signerd are running continiously to keep
the lock. I might have run ods-hsmutil/ods-ksmutil, but those
should not be keeping any lock files around?

Similarly, it seems the HSM is accessed as uid or euid root, because
when using AEP, the process is looking for /root/Keyper. I'm also
not sure about their library properly handling HOME= or
KEYPER_LIBRARY_PATH= as these seem to be ignored some times, or
perhaps it gives up on a permission denied (eg in /root/) before
trying other locations.

Does anyone know the "machine" file syntax to pin the Keyper related
files in 1 location despite userid and environment variables?

Paul



More information about the Opendnssec-user mailing list