dhcp6.leases permission denied

김무성 kimms at infosec.co.kr
Wed May 4 02:04:35 UTC 2011


There is no SELinux on ubuntu.
There is no /var/log/audit

If I use ipv4, it's run.
But I use ipv6, permission error.

================================================

R&D Team / Research Engineer / Mu-Sung KIM / SIS
3F~5F, Wonyung Bldg., 57-38, Nonhyeon-Dong, 
Gangnam-Gu, Seoul, 135-010, Korea
Tel : +82-2-6003-0993   Fax : +82-2-3445-0991
twitter : @kmsjlove  facebook : kmsjlove
homepage : http://snortrules.wordpress.com  http://www.infosec.co.kr
================================================

CONFIDENTIALITY NOTICE
본 메일의 내용과 첨부된 문서는 지정된 수신자만 받아볼 수 있으며, 기밀 정보 또는 관련 법규에 따라 공개되어서는 안 되는 정보가 포함되어 있을 수 있습니다. 만약 이 메일을 보는 분이 지정된 수신자가 아니라면, 본 메일의 내용 및 첨부 파일의 공개, 배포를 비롯한 어떠한 사용도 허용되지 않습니다. 이 메일을 잘못 수신하셨으면, 본 메일을 삭제하시고 발신자에게 그 사실을 즉시 알려주시기 바랍니다. 
This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. 


-----Original Message-----
From: dhcp-users-bounces+kimms=infosec.co.kr at lists.isc.org [mailto:dhcp-users-bounces+kimms=infosec.co.kr at lists.isc.org] On Behalf Of Peter Rathlev
Sent: Tuesday, May 03, 2011 3:39 PM
To: Users of ISC DHCP
Subject: Re: dhcp6.leases permission denied

On Tue, 2011-05-03 at 11:41 +0900, 김무성 wrote:
> Can't open lease database /var/lib/dhcp/dhcpd6.leases: Permission
> denied --

Could you have some kind of (misconfigured) SELinux (or equivalent)
blocking the access? I'm not familiar with Ubuntu, but SELinux would log
to something like /var/log/audit/audit.log on Redhat systems at least.

Assuming it's SELinux, what does "ls -Z /var/lib/dhcp" say? Does running
"setenforce 0" as root help you start the daemon? (Enable it again with
"setenforce 1".)

And by the way: Don't make the file world writeable (0666) unless you're
looking for security related trouble. Default 0644 is fine, and you
could even remove world read if you wanted.

-- 
Peter



_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5096 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20110504/7e5d12d1/attachment.bin>


More information about the dhcp-users mailing list