Ubuntu
ipsec-tools package

racoon init script fairs poorly when using an unpriv user

Bug #261326 reported by Matt LaPlante on 2008-08-26

Affects		Status	Importance	Assigned to	Milestone
	ipsec-tools (Ubuntu)	Triaged	Wishlist	Unassigned

Bug Description

Binary package hint: racoon

Racoon offers the option to run as an unprivileged user (See "Privilege separation" in racoon.conf(5)). When attempting to enable these options, the init script has some problems.

1) The unprivileged process attempts to read the .pid file, but fails since it's root owned.
2) Potentially related to #1, the init script fails to stop the racoon daemon using "stop" and "restart."

racoon 1:0.6.7-1.1ubuntu1

Revision history for this message

Chuck Short (zulcss) wrote on 2009-09-15:

Thanks for the bug report. Ill consider it for karmic+1.

Regards
chuck

Changed in ipsec-tools (Ubuntu):
importance:	Undecided → Wishlist
status:	New → Triaged

Revision history for this message

Stefan Bauer (stefan-bauer) wrote on 2010-07-19:

Chuck,

usually you use the user user; stanza from racoon.conf in combination with chroot path; so the unprivileged user gets chrooted into a clean environment with limited privilegs. i dont think this is a bug.

Stefan
(debian ipsec-tools maintainer)

Revision history for this message

Simon Déziel (sdeziel) wrote on 2012-01-09:

I cannot reproduce this using racoon and privilege separation on Oneiric. Here is my privsep configuration section (no chroot) :

privsep
{
user "racoon";
group "racoon";
}

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuipsec-tools package

racoon init script fairs poorly when using an unpriv user

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
ipsec-tools package