grsecurity forums


https://forums.grsecurity.net./

problems with oidentd

https://forums.grsecurity.net./viewtopic.php?f=3&t=308

Page 1 of 1

problems with oidentd

PostPosted: Thu Feb 20, 2003 9:03 pm
by mastah
Is there some kind of workaround for oidentd in order to have nat (masquerade) support when running oidentd as user nobody with a grsecurity patched kernel ?

Cause I am having problems with oidentd when I run it as user nobody
' oidentd -m -u 99 ' --> masquerade request doesnt work :

Feb 21 01:50:53 amidala oidentd[778]: Connection from blablal.fancydomain.com (xx.xx.xxx.xx):0
Feb 21 01:50:53 amidala oidentd[778]: [blablal.fancydomain.com] 1802 , 10001 : ERROR : NO-USER

However when I run oidentd as root , I have no problems.

And when I dont use the grsecurity kernel patch at all , "oidentd -m -u 99" works just fine with nat requests

PostPosted: Thu Feb 20, 2003 11:21 pm
by TGKx
Sounds like oident needs access to some /proc stuff that is restricted by grsec. You may need to create a semi privaledged group that has access to this like root does and add the oidentd to that group so it can read this information.

PostPosted: Thu Feb 20, 2003 11:22 pm
by spender
You need to re-read the configuration help for /proc restrictions, since it discusses this very issue directly.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/