[Packetfence-users] pfcmd node edit fails because libiptc handle requires root permissions

Mon, 17 Oct 2011 13:51:00 -0700 

Hi

pf: 3.0.1
platform: slackware 13.1, perl 5.10.1
pf type: inline enforcement

When unregistering a node I get this message below in the webui. I 
suppose firewall rules don't get changed.
It is clear that I have to be root when changing iptables rules.
httpd runs with user & group pf.
pfcmd is ug+s and belongs to root.

Can you give me a hint where to start looking?

thanks,
Philipp

Error: Problems executing 'PFCMD node edit xx:xx:xx:xx:xx:xx 
pid="psnizek", category="", status="unreg", bypass_vlan="", voip="no", 
detect_date="2011-10-17 13:27:05", regdate="2011-10-17 21:34:09", 
unregdate="2011-10-17 22:04:54", last_arp="", last_dhcp="2011-10-17 
21:39:10", lastskip="", notes=""'

syslog: level must be given at 
/usr/lib/perl5/site_perl/5.10.1/Log/Log4perl/Appender.pm line 197
        Cannot init libiptc handle: "Permission denied (you must be root)" at 
/usr/local/pf/lib/pf/iptables.pm line 335
  at /usr/local/pf/lib/IPTables/Interface.pm line 81
        IPTables::Interface::new('mangle') called at 
/usr/local/pf/lib/pf/iptables.pm line 335
        pf::iptables::iptables_unmark_node('xx:xx:xx:xx:xx:xx', 1) called at 
/usr/local/pf/lib/pf/iptables.pm line 401
        pf::iptables::update_mark('00:26:18:9e:f9:3a', 1, 0) called at 
/usr/local/pf/lib/pf/inline.pm line 62
        
pf::inline::performInlineEnforcement('pf::inline::custom=HASH(0x99a8258)', 
'xx:xx:xx:xx:xx:xx') called at /usr/local/pf/lib/pf/enforcement.pm line 77
        pf::enforcement::reevaluate_access('xx:xx:xx:xx:xx:xx', 'node_modify') 
called at /var/home/pf/bin/pfcmd line 2033
        main::command_param('node') called at /usr/local/pf/bin/pfcmd line 251

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to