[casper] NFS setup: TFTP permissions problem
Dear all, The problem seems to be specific to Red Hat... I'm seeing a lot of forum posts complaining about dnsmasq being started as root then immediately dropping down to 'nobody' privileges, which is why it can't access /srv/roach_boot/boot. I'm speaking with a red hat engineer who is quite reluctant to tell me how to make such a fundamental change as to allow dnsmasq to run as root, but given SELinux runs in basically the same way, has anyone been able to find a workaround for it? BW MIchael
Re: [casper] NFS setup: TFTP permissions problem
Hi, I got troubles when trying to setup the NFS server on CentOS and finally I decided to switch to UBUNTU. I have reported all failures in this wiki page if this can help. http://wiki.med.ira.inaf.it/nfs:nfs Cheers, Andrea 2014-12-03 16:44 GMT+01:00 Michael D'Cruze michael.dcr...@postgrad.manchester.ac.uk: Dear all, The problem seems to be specific to Red Hat... I'm seeing a lot of forum posts complaining about dnsmasq being started as root then immediately dropping down to 'nobody' privileges, which is why it can't access /srv/roach_boot/boot. I'm speaking with a red hat engineer who is quite reluctant to tell me how to make such a fundamental change as to allow dnsmasq to run as root, but given SELinux runs in basically the same way, has anyone been able to find a workaround for it? BW MIchael -- Andrea Mattana I.N.A.F. - Istituto di Radioastronomia Radiotelescopi di Medicina Via Fiorentina, 3513 - 40059 Medicina (Bo) Tel. 051/6965834 Fax. 051/6965810
Re: [casper] NFS setup: TFTP permissions problem
Also, make sure that if /srv/... is nfs mounted you take care of the rootsquashing... Hi, I got troubles when trying to setup the NFS server on CentOS and finally I decided to switch to UBUNTU. I have reported all failures in this wiki page if this can help. http://wiki.med.ira.inaf.it/nfs:nfs Cheers, Andrea 2014-12-03 16:44 GMT+01:00 Michael D'Cruze michael.dcr...@postgrad.manchester.ac.uk: Dear all, The problem seems to be specific to Red Hat... I'm seeing a lot of forum posts complaining about dnsmasq being started as root then immediately dropping down to 'nobody' privileges, which is why it can't access /srv/roach_boot/boot. I'm speaking with a red hat engineer who is quite reluctant to tell me how to make such a fundamental change as to allow dnsmasq to run as root, but given SELinux runs in basically the same way, has anyone been able to find a workaround for it? BW MIchael -- Andrea Mattana I.N.A.F. - Istituto di Radioastronomia Radiotelescopi di Medicina Via Fiorentina, 3513 - 40059 Medicina (Bo) Tel. 051/6965834 Fax. 051/6965810
[casper] NFS setup: TFTP permissions problem
Hi everyone I'm following the NFS setup guide, and have come across a problem with the /srv/roach_boot/boot directory permissions. I restart the dnsmasq service and receive the following error: Starting dnsmasq: dnsmasq: TFTP directory /srv/roach_boot/boot inaccessible: Permission denied [FAILED] The output of ls -l from /srv/roach_boot is [root@roach-workstation roach_boot]# ls -l total 8 drwxrwxrwx. 2 root root 4096 Dec 1 16:31 boot drwxrwxrwx. 23 root root 4096 Feb 2 2009 etch and from within /boot is [root@roach-workstation boot]# ls -l total 1360 -rwxrwxrwx. 1 michael michael 1390149 Dec 1 15:35 uImage-20110812-mmcomitfix The output of ls --context from within /boot is [root@roach-workstation boot]# ls --context -rwxrwxrwx. michael michael unconfined_u:object_r:tftpdir_t:s0 uImage-20110812-mmcomitfix All of these permissions and contexts look correct according to the guideso I'm at a bit of a loss. Has anyone seen this problem before, given all of the above conditions? Does the /boot directory have to have the same context as the uImage file within it? Suggestions or guidance greatly appreciated. Michael
Re: [casper] NFS setup: TFTP permissions problem
Hi Michael, Do you have SELinux running? I've just checked and I get a similar permissions error if I reactivate SELinux on my Centos 6 server. On Tue Dec 02 2014 at 14:07:45 Michael D'Cruze michael.dcr...@postgrad.manchester.ac.uk wrote: Hi everyone I'm following the NFS setup guide, and have come across a problem with the /srv/roach_boot/boot directory permissions. I restart the dnsmasq service and receive the following error: Starting dnsmasq: dnsmasq: TFTP directory /srv/roach_boot/boot inaccessible: Permission denied [FAILED] The output of ls -l from /srv/roach_boot is [root@roach-workstation roach_boot]# ls -l total 8 drwxrwxrwx. 2 root root 4096 Dec 1 16:31 boot drwxrwxrwx. 23 root root 4096 Feb 2 2009 etch and from within /boot is [root@roach-workstation boot]# ls -l total 1360 -rwxrwxrwx. 1 michael michael 1390149 Dec 1 15:35 uImage-20110812-mmcomitfix The output of ls --context from within /boot is [root@roach-workstation boot]# ls --context -rwxrwxrwx. michael michael unconfined_u:object_r:tftpdir_t:s0 uImage-20110812-mmcomitfix All of these permissions and contexts look correct according to the guideso I'm at a bit of a loss. Has anyone seen this problem before, given all of the above conditions? Does the /boot directory have to have the same context as the uImage file within it? Suggestions or guidance greatly appreciated. Michael
Re: [casper] NFS setup: TFTP permissions problem
Hi, Michael, In addition to the other suggestions, you should check whether you are running dnsmasq in tftp-secure more. That might impose ownership and/or permission restrictions. See man dnsmasq for more details. Dave On Dec 2, 2014, at 6:07 AM, Michael D'Cruze wrote: Hi everyone I'm following the NFS setup guide, and have come across a problem with the /srv/roach_boot/boot directory permissions. I restart the dnsmasq service and receive the following error: Starting dnsmasq: dnsmasq: TFTP directory /srv/roach_boot/boot inaccessible: Permission denied [FAILED] The output of ls -l from /srv/roach_boot is [root@roach-workstation roach_boot]# ls -l total 8 drwxrwxrwx. 2 root root 4096 Dec 1 16:31 boot drwxrwxrwx. 23 root root 4096 Feb 2 2009 etch and from within /boot is [root@roach-workstation boot]# ls -l total 1360 -rwxrwxrwx. 1 michael michael 1390149 Dec 1 15:35 uImage-20110812-mmcomitfix The output of ls --context from within /boot is [root@roach-workstation boot]# ls --context -rwxrwxrwx. michael michael unconfined_u:object_r:tftpdir_t:s0 uImage-20110812-mmcomitfix All of these permissions and contexts look correct according to the guideso I'm at a bit of a loss. Has anyone seen this problem before, given all of the above conditions? Does the /boot directory have to have the same context as the uImage file within it? Suggestions or guidance greatly appreciated. Michael
