...making Linux just a little more fun!
kathik kumar [karthikgiri1984 at gmail.com]
Hi,
I have installed my ipsec tools in my linux-server. I am observing some issues while testing.
These are the steps, i done:
============================ http://ipsec-tools.sourceforge.net http://ipsec-tools.sourceforge.net for installation (tar file location) a. Copy the file *.tar.gz to your linux machine b. Untar the file tar xvzf *.tar.gz c. Then issue ./bootstrap d. Issue ./Configure e. Go to src directory. Setkey is installed f. Setkey is available in the /sbin directory. so i changed the name and Copy the setkey directory to /sbin. g. Then created set-key file. [root@linux scripts]$ cat set-key #!/sbin/setkey -f flush; spdflush; add 10.0.0.1 11.0.0.2 ah 500 -A hmac-md5 0xabcd1234abcd1234abcd1234abcd1234; add 11.0.0.2 10.0.0.1 ah 600 -A hmac-md5 0xabcd1234abcd1234abcd1234abcd1234; #add 10.0.0.1 11.0.0.2 ah 500 -A hmac-sha1 0xabcd1234abcd1234abcd1234abcd1234abcd1234; #add 11.0.0.2 10.0.0.1 ah 600 -A hmac-sha1 0xabcd1234abcd1234abcd1234abcd1234abcd1234; add 10.0.0.1 11.0.0.2 esp 500 -E 3des-cbc 0x1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd -A hmac-md5 0x1234abcd1234abcd1234abcd1234abcd; add 11.0.0.2 10.0.0.1 esp 600 -E 3des-cbc 0x1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd -A hmac-md5 0x1234abcd1234abcd1234abcd1234abcd; spdadd 10.0.0.1/32[any] 11.0.0.2/32[any] any -P out ipsec ah/transport//require esp/transport//require; spdadd 11.0.0.2/32[any] 10.0.0.1/32[any] any -P in ipsec ah/transport//require esp/transport//require; spdadd 10.0.0.1/32[any] 11.0.0.2/32[any] any -P out ipsec ah/tunnel/10.0.0.1-11.0.0.2/require; spdadd 11.0.0.2/32[any] 10.0.0.1/32[any] any -P in ipsec ah/tunnel/11.0.0.2-10.0.0.1/require; h. The issue is, The file has full permission, but it says permission denied. -rwxrwxrwx 1 root root 1054 Feb 26 04:44 set-key [root@linux scripts]$ ./set-key ./set-key: Permission denied. -------------->>>>>>>>>>ISSUE [root@linux scripts]$
Could you please let me know about this issue?
Thanks -Karthik
Thomas Adam [thomas.adam22 at gmail.com]
2009/2/26 kathik kumar <karthikgiri1984@gmail.com>:
> g. Then created set-key file.
... and them promptly didn't make it executable. Marvellous.
chmod +x set-key
-- Thomas Adam
Neil Youngman [ny at youngman.org.uk]
On Thursday 26 February 2009 12:56:18 kathik kumar wrote: <SNIP >
> [root@linux scripts]$ cat set-key > #!/sbin/setkey -f > flush;
<SNIP >
> h. The issue is, The file has full permission, but it says permission > denied. > > -rwxrwxrwx 1 root root 1054 Feb 26 04:44 set-key > [root@linux scripts]$ ./set-key > ./set-key: Permission denied. -------------->>>>>>>>>>ISSUE > [root@linux scripts]$
That "#!/sbin/setkey -f" could be the source of the problem. What does ls -l /sbin/setkey tell you?
HTH
Neil Youngman
Neil Youngman [ny at youngman.org.uk]
On Thursday 26 February 2009 13:01:33 Thomas Adam wrote:
> 2009/2/26 kathik kumar <karthikgiri1984@gmail.com>: > > g. Then created set-key file. > > ... and them promptly didn't make it executable. Marvellous. > > `` > chmod +x set-key > ''
If you read a bit further, Kathik says
h. The issue is, The file has full permission, but it says permission denied. -rwxrwxrwx 1 root root 1054 Feb 26 04:44 set-key
That looks executable to me, unless I'm more confused than usual.
Neil
Neil Youngman [ny at youngman.org.uk]
On Thursday 26 February 2009 14:13:55 you wrote:
> Hi, > > #!/sbin/setkey is a dirctory, which has some tools related to ipsec.
I'm pretty sure that's the problem. A first line starting with #! is known as a sha-bang. It tells Linux that the script should be interpreted by the command given, e.g. "#!/bin/bash" requires the bash shell.
In this case you are telling Linux that it should run "/sbin/setkey -f" to interpret the set-key script. As /sbin/setkey is not an executable file it will fail, as you have observed.
Neil
P.S. Please direct your replies to the list, so that others can assist and the answer is available to publish in the Gazette.
kathik kumar [karthikgiri1984 at gmail.com]
Hi,
Thanks for your quick reply, Then can i use "#!/bin/setkey" in first line of the set-key file.
Regards -Karthik
Neil Youngman [ny at youngman.org.uk]
On Thursday 26 February 2009 15:04:42 kathik kumar wrote:
> Hi, > > Thanks for your quick reply, Then can i use "#!/bin/setkey" in first line > of the set-key file.
Possibly.
If /bin/setkey is a binary capable of interpreting the set-key file correctly, than that should work.
Neil
kathik kumar [karthikgiri1984 at gmail.com]
Hi,
Still am facing the issue.
[root@linux /bin]$ ls -ltr setkey total 372 -rwxrwxrwx 1 root root 1812 Feb 26 07:00 vchar.h -rwxrwxrwx 1 root root 10242 Feb 26 07:00 token.l -rwxrwxrwx 1 root root 88539 Feb 26 07:00 token.c -rwxrwxrwx 1 root root 15946 Feb 26 07:00 test-pfkey.c -rwxrwxrwx 1 root root 18557 Feb 26 07:00 setkey.c -rwxrwxrwx 1 root root 20213 Feb 26 07:00 setkey.8 -rwxrwxrwx 1 root root 1206 Feb 26 07:00 scriptdump.pl -rwxrwxrwx 1 root root 862 Feb 26 07:00 sample-policy02.cf -rwxrwxrwx 1 root root 342 Feb 26 07:00 sample-policy01.cf -rwxrwxrwx 1 root root 9000 Feb 26 07:00 sample.cf -rwxrwxrwx 1 root root 34679 Feb 26 07:00 parse.y -rwxrwxrwx 1 root root 4491 Feb 26 07:00 parse.h -rwxrwxrwx 1 root root 89135 Feb 26 07:00 parse.c -rwxrwxrwx 1 root root 17950 Feb 26 07:00 Makefile.in -rwxrwxrwx 1 root root 448 Feb 26 07:00 Makefile.am -rwxrwxrwx 1 root root 17961 Feb 26 07:00 Makefile -rwxrwxrwx 1 root root 637 Feb 26 07:00 extern.h [root@linux /bin]$ [root@linux scripts]$ cat set-key #!/bin/setkey -f flush; spdflush; add 10.0.0.1 11.0.0.2 ah 500 -A hmac-md5 0xabcd1234abcd1234abcd1234abcd1234; add 11.0.0.2 10.0.0.1 ah 600 -A hmac-md5 0xabcd1234abcd1234abcd1234abcd1234; #add 10.0.0.1 11.0.0.2 ah 500 -A hmac-sha1 0xabcd1234abcd1234abcd1234abcd1234abcd1234; #add 11.0.0.2 10.0.0.1 ah 600 -A hmac-sha1 0xabcd1234abcd1234abcd1234abcd1234abcd1234; add 10.0.0.1 11.0.0.2 esp 500 -E 3des-cbc 0x1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd -A hmac-md5 0x1234abcd1234abcd1234abcd1234abcd; add 11.0.0.2 10.0.0.1 esp 600 -E 3des-cbc 0x1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd -A hmac-md5 0x1234abcd1234abcd1234abcd1234abcd; spdadd 10.0.0.1/32[any] 11.0.0.2/32[any] any -P out ipsec ah/transport//require esp/transport//require; spdadd 11.0.0.2/32[any] 10.0.0.1/32[any] any -P in ipsec ah/transport//require esp/transport//require; spdadd 10.0.0.1/32[any] 11.0.0.2/32[any] any -P out ipsec ah/tunnel/10.0.0.1-11.0.0.2/require; spdadd 11.0.0.2/32[any] 10.0.0.1/32[any] any -P in ipsec ah/tunnel/11.0.0.2-10.0.0.1/require; [root@linux scripts]$ ./set-key ./set-key: Permission denied. [root@linux scripts]$
Thanks -Karthik
Neil Youngman [ny at youngman.org.uk]
On Thursday 26 February 2009 15:15:14 kathik kumar wrote:
> Hi, > > Still am facing the issue.
<SNIP>
> [root@linux scripts]$ cat set-key > #!/bin/setkey -f
<SNIP>
What do you get from "ls -l /bin/setkey"?
Neil
kathik kumar [karthikgiri1984 at gmail.com]
Hi,
[root@mcpisic-linux /bin]$ ls -l /bin/setkey total 372 -rwxrwxrwx 1 root root 637 Feb 26 07:00 extern.h -rwxrwxrwx 1 root root 17961 Feb 26 07:00 Makefile -rwxrwxrwx 1 root root 448 Feb 26 07:00 Makefile.am -rwxrwxrwx 1 root root 17950 Feb 26 07:00 Makefile.in -rwxrwxrwx 1 root root 89135 Feb 26 07:00 parse.c -rwxrwxrwx 1 root root 4491 Feb 26 07:00 parse.h -rwxrwxrwx 1 root root 34679 Feb 26 07:00 parse.y -rwxrwxrwx 1 root root 9000 Feb 26 07:00 sample.cf -rwxrwxrwx 1 root root 342 Feb 26 07:00 sample-policy01.cf -rwxrwxrwx 1 root root 862 Feb 26 07:00 sample-policy02.cf -rwxrwxrwx 1 root root 1206 Feb 26 07:00 scriptdump.pl -rwxrwxrwx 1 root root 20213 Feb 26 07:00 setkey.8 -rwxrwxrwx 1 root root 18557 Feb 26 07:00 setkey.c -rwxrwxrwx 1 root root 15946 Feb 26 07:00 test-pfkey.c -rwxrwxrwx 1 root root 88539 Feb 26 07:00 token.c -rwxrwxrwx 1 root root 10242 Feb 26 07:00 token.l -rwxrwxrwx 1 root root 1812 Feb 26 07:00 vchar.h [root@mcpisic-linux /bin]$
Thanks -karthik
Kapil Hari Paranjape [kapil at imsc.res.in]
Hello,
On Thu, 26 Feb 2009, kathik kumar wrote:
> Still am facing the issue.
I think you missed the content of the previous messages.
> [root@linux /bin]$ ls -ltr setkey
The output of this shows that "setkey" is a directory. What you need to show is a listing of the output of
ls -l /bin/setkey
It is /sbin/setkey which is invoked by the script
> [root@linux scripts]$ cat set-key > #!/bin/setkey -f > etc.
Finally, from your command-line:
> [root@linux scripts]$ ./set-key
... I deduce that you are trying to execute this script as an ordinary user (not super-user). Since /bin/setkey changes some network parameters it is extremely unlikely that anyone other than the super user is allowed to use this command in the way that you are using it.
Regards,
Kapil. --
Lew Pitcher [lew.pitcher at digitalfreehold.ca]
[text rearranged to show continuity of thread]
On February 26, 2009 10:40:52 kathik kumar wrote:
> Hi, > > On Thu, Feb 26, 2009 at 9:09 PM, Neil Youngman <ny@youngman.org.uk> wrote: > > On Thursday 26 February 2009 15:15:14 kathik kumar wrote: > > > Hi, > > > > > > Still am facing the issue. > > > > <SNIP> > > > > > [root@linux scripts]$ cat set-key > > > #!/bin/setkey -f > > > > <SNIP> > > > > What do you get from "ls -l /bin/setkey"? > > [root@mcpisic-linux /bin]$ ls -l /bin/setkey > total 372 > -rwxrwxrwx 1 root root 637 Feb 26 07:00 extern.h
[snip]
OK, that proves it.
Your problem is that you've replaced the /bin/setkey program with a directory. Directories are not "executable", and cannot be the target of a hash-bang, so your script, which starts with
#!/bin/setkey -fcannot execute the /bin/setkey program (because it doesn't exist), and fails on a "permission error".
I have no easy way to fix this. The only way is to back out your changes: remove the /bin/setkey directory and put back the /bin/setkey program. Then, see what else has been trashed as part of this install, and fix it as well.
HTH
-- Lew Pitcher Master Codewright & JOAT-in-training | Registered Linux User #112576 http://pitcher.digitalfreehold.ca/ | GPG public key available by request ---------- Slackware - Because I know what I'm doing. ------
Neil Youngman [ny at youngman.org.uk]
On Thursday 26 February 2009 15:40:52 kathik kumar wrote:
> Hi, > > [root@mcpisic-linux /bin]$ ls -l /bin/setkey > total 372 > -rwxrwxrwx 1 root root 637 Feb 26 07:00 extern.h > -rwxrwxrwx 1 root root 17961 Feb 26 07:00 Makefile
<SNIP>
It seems /bin/setkey is a directory, not an executable, so there's little point in trying to use /bin/setkey in the sha-bang. You need to work out where the setkey executable is and use that path. "locate setkey" might find some likely candidates if you have locate set up?
I would also consider moving the setkey directory to someplace other than /bin. It's intended to hold binaries, not directories. I would be inclined to put it under /usr/local/src or in a suitable user's home directory.
Neil
Kapil Hari Paranjape [kapil at imsc.res.in]
Hello
Oops many mistakes in this one!
On Thu, 26 Feb 2009, Kapil Hari Paranjape wrote:
> On Thu, 26 Feb 2009, kathik kumar wrote: > > [root@linux /bin]$ ls -ltr setkey > > The output of this shows that "setkey" is a directory. What you need > to show is a listing of the output of > ls -l /bin/setkey
In fact you have given us the output of "ls -l setkey" from the /bin directory so this is the same as "ls -l /bin/setkey". This proves that /bin/setkey is a directory.
Directories are not commands to be run.
> It is /sbin/setkey which is invoked by the script
^^^^^^^^^^^^
> > [root@linux scripts]$ cat set-key > > #!/bin/setkey -f > > etc.
That was also a mistake on my part. I should have said that it is /bin/setkey which is invoked by the script. Since that is a directory it cannot be invoked as a command and hence the "permission denied" message.
Regards, Kapil. --
Neil Youngman [ny at youngman.org.uk]
On Thursday 26 February 2009 16:06:33 kathik kumar wrote:
> Hi , > > I have tried with /usr/local/logs
<SNIP>
> [root@linux scripts]$ ls -ltr /usr/local/logs/setkey > total 372 > -rwxr-xr-x 1 root root 1812 Feb 26 07:57 vchar.h
<SNIP>
> Still am facing the issues... Can you please?
That's obviously a directory as well. In fact it looks like the same directory? Just moving the directory around won't help.
Is there a /usr/local/bin/setkey? If not and locate isn't working, you could use "find / -name setkey -executable -print" to find the executable.
I think you also need to take some time to learn to recognise the differences between files and directories.
HTH
Neil