In data giovedì 5 novembre 2020 11:40:18 CET, Carlos E. R. ha scritto:
On 05/11/2020 02.17, Stakanov wrote:
In data giovedì 5 novembre 2020 01:09:03 CET, Carlos E. R. ha scritto:
On 04/11/2020 23.46, Stakanov wrote:
In data mercoledì 4 novembre 2020 22:09:17 CET, Carlos E. R. ha scritto: Process: 6288 ExecStartPre=/usr/bin/sudo -u unbound /usr/sbin/unbound-anchor>
-a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem (code=exited, status=0/SUCCESS)
Main PID: 6301 (code=exited, status=1/FAILURE)
This is very strange to me. A system service calling sudo? Why? Using sudo needs a matching sudo configuration, and administrators change it. Mine is changed, for instance.
Nov 04 23:32:33 roadrunner systemd[1]: Starting Unbound recursive Domain Name Server... Nov 04 23:32:33 roadrunner sudo[6288]: root : TTY=unknown ; PWD=/ ; USER=unbound ; COMMAND=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key - c /etc/unbound/icannbundle.pem
I would look at the full syslog around 23:32:33.
Nov 04 23:32:33 roadrunner unbound-checkconf[6299]: unbound-checkconf: no errors in /etc/unbound/unbound.conf Nov 04 23:32:33 roadrunner systemd[1]: Started Unbound recursive Domain Name Server. Nov 04 23:32:33 roadrunner unbound[6301]: [1604529153] unbound[6301:0] error: Could not open /etc/unbound/unbound.conf: Permission denied
That seems important.
But it tries sudo.
It tries sudo because it is needed for the ancor file.
Why?
If it has to run a command as another user, the correct thing to do is use "su username -c command", not sudo, which is not guaranteed to work. This is not Ubuntu.
But even when I did set up sudo with a user unbound (which it is) in yast sudo with: user unbound, host all, RUNAS all, NOPASSWORD yes Commands all (which is if I understand terrible, then it still has the same error when starting up. Cannot read the damn conf. And I am lost. Carlos, with all the given respect. The package is original opensuse. I just followed the indications first of a manual found on an Ubuntu linked site (never used it). Blame it on missing documentation in openSUSE. I could have used Arch or any other site. I then found the original site of the project. No difference. You see, the sudo thing is something the packager of opensuse did. I did not change it, but the only the config putting to active several privacy related issues (which internal addresses to protect etc), even if it would not have been necessary if you use it as a recursive resolver on 127.0.0.1 local host for your own machine.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org