3 Zář
2012
3 Zář
'12
17:13
Hi!
I run Knot with option
apn@knot-test:/home/apn>grep user /usr/local/etc/knot/knot.conf
user bind.dns;
apn@knot-test:/home/apn>ps uaxww | grep knot
bind 9925 0.0 0.8 33760 8736 ?? Ss 4:03PM 0:00.07
/usr/local/sbin/knotd -d -c /usr/local/etc/knot/knot.conf
apn@knot-test:/home/apn>knotc -V
Knot DNS, version 1.1.0-rc2
apn@knot-test:/home/apn>uname -a
FreeBSD knot-test.local 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3
07:46:30 UTC 2012
root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
Everything is fine except for one: I can't control Knot via knotc
under my account and have to raise my privileges.
apn@knot-test:/home/apn>knotc running
2012-09-03T17:33:20.801730+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:33:20.802876+04:00 Server PID not found, probably not running.
2012-09-03T17:33:20.803099+04:00 [warning] PID file is stale.
apn@knot-test:/home/apn>knotc reload
2012-09-03T17:57:01.706820+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:01.707934+04:00 [warning] Server PID not found,
probably not running.
apn@knot-test:/home/apn>knotc refresh
2012-09-03T17:57:11.314605+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:11.315736+04:00 [warning] Server PID not found,
probably not running.
I believe that is because of using of kill(2) in pid_running(). So I'm
wondering how unprivileged user can send commands to Knot?
Thanks in advance.
--
AP
3 Zář
3 Zář
17:30
Hi Peter,
to be honest, the knotc tool is limited by using kill(2) to control
the running daemon,
therefore you cannot send signals to a process without appropriate privileges.
This is a known limitation and at the moment, I'm working on a new tool with
key-based authentication that also allows controlling from a remote host.
It will be in the next release, but as of now, you have to have
privileges for the
process you want to control or control as a root.
I can send you a patched version when the new tool is usable enough.
Kind regards,
Marek
On 3 September 2012 17:13, Peter Andreev <andreev.peter(a)gmail.com> wrote:
Hi!
I run Knot with option
apn@knot-test:/home/apn>grep user /usr/local/etc/knot/knot.conf
user bind.dns;
apn@knot-test:/home/apn>ps uaxww | grep knot
bind 9925 0.0 0.8 33760 8736 ?? Ss 4:03PM 0:00.07
/usr/local/sbin/knotd -d -c /usr/local/etc/knot/knot.conf
apn@knot-test:/home/apn>knotc -V
Knot DNS, version 1.1.0-rc2
apn@knot-test:/home/apn>uname -a
FreeBSD knot-test.local 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3
07:46:30 UTC 2012
root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
Everything is fine except for one: I can't control Knot via knotc
under my account and have to raise my privileges.
apn@knot-test:/home/apn>knotc running
2012-09-03T17:33:20.801730+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:33:20.802876+04:00 Server PID not found, probably not running.
2012-09-03T17:33:20.803099+04:00 [warning] PID file is stale.
apn@knot-test:/home/apn>knotc reload
2012-09-03T17:57:01.706820+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:01.707934+04:00 [warning] Server PID not found,
probably not running.
apn@knot-test:/home/apn>knotc refresh
2012-09-03T17:57:11.314605+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:11.315736+04:00 [warning] Server PID not found,
probably not running.
I believe that is because of using of kill(2) in pid_running(). So I'm
wondering how unprivileged user can send commands to Knot?
Thanks in advance.
--
AP
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
4462
days inactive
4462
days old
1 comments
2 participants
participants (2)
-
Marek Vavruša -
Peter Andreev