racoon init script fairs poorly when using an unpriv user

Bug #261326 reported by Matt LaPlante on 2008-08-26
6
Affects Status Importance Assigned to Milestone
ipsec-tools (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: racoon

Racoon offers the option to run as an unprivileged user (See "Privilege separation" in racoon.conf(5)). When attempting to enable these options, the init script has some problems.

1) The unprivileged process attempts to read the .pid file, but fails since it's root owned.
2) Potentially related to #1, the init script fails to stop the racoon daemon using "stop" and "restart."

racoon 1:0.6.7-1.1ubuntu1

Chuck Short (zulcss) wrote :

Thanks for the bug report. Ill consider it for karmic+1.

Regards
chuck

Changed in ipsec-tools (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Stefan Bauer (stefan-bauer) wrote :

Chuck,

usually you use the user user; stanza from racoon.conf in combination with chroot path; so the unprivileged user gets chrooted into a clean environment with limited privilegs. i dont think this is a bug.

Stefan
(debian ipsec-tools maintainer)

Simon Déziel (sdeziel) wrote :

I cannot reproduce this using racoon and privilege separation on Oneiric. Here is my privsep configuration section (no chroot) :

privsep
{
  user "racoon";
  group "racoon";
}

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers