ngircd runs well but generates an error when run as a service
Hello, I am running ngircd on Debian stable. It is SSL enabled via Gnu_TLS and runs fine when run from the command line. However, attempting to start the server with service ngircd start or /etc/init.d/ngircd start generates an SSL error (see below). Any suggestions on how to get more debug data? I installed it as a binary package. Note that I have been running ngircd for years on FreeBSD (thanks!) but am new to running this on Debian. Note also that I am only running an SSL server at the moment, not a “plain” one. Error output is below. Should I take this up with the package maintainer? Thanks! John service ngircd start: Jan 11 13:59:18 boogie ngircd[9566]: ngircd 19.2-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-x86_64/pc/linux-gnu started. Jan 11 13:59:18 boogie ngircd[9566]: Using configuration file "/etc/ngircd/ngircd.conf" ... Jan 11 13:59:18 boogie ngircd[9566]: Warning: Error during SSL initialization, continuing ... Jan 11 13:59:18 boogie ngircd[9567]: Running as user irc(39), group irc(39), with PID 9567. Jan 11 13:59:18 boogie ngircd[9567]: Not running with changed root directory. Jan 11 13:59:18 boogie ngircd[9567]: IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 4). Jan 11 13:59:18 boogie ngircd[9567]: Created pre-defined channel "#syborg" Jan 11 13:59:18 boogie ngircd[9567]: Now listening on [192.168.1.120]:2431 (socket 8). command line: Jan 11 14:00:29 boogie ngircd[9714]: ngircd 19.2-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-x86_64/pc/linux-gnu started. Jan 11 14:00:29 boogie ngircd[9714]: Using configuration file "/etc/ngircd/ngircd.conf" ... Jan 11 14:00:29 boogie ngircd[9714]: gnutls 2.12.20 initialized. Jan 11 14:00:29 boogie ngircd[9715]: Running as user irc(39), group irc(39), with PID 9715. Jan 11 14:00:29 boogie ngircd[9715]: Not running with changed root directory. Jan 11 14:00:29 boogie ngircd[9715]: IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 4). Jan 11 14:00:29 boogie ngircd[9715]: Created pre-defined channel "#syborg" Jan 11 14:00:29 boogie ngircd[9715]: Now listening on [192.168.1.120]:2431 (socket 8). ------------------------------------------------------------------------------ John Bleichert - syborg@earthlink.net The heat from below can burn your eyes out!
Hi John! Am 11.01.2014 um 20:12 schrieb John Bleichert <syborg@earthlink.net>:
I am running ngircd on Debian stable. It is SSL enabled via Gnu_TLS and runs fine when run from the command line. However, attempting to start the server with
service ngircd start
or
/etc/init.d/ngircd start
generates an SSL error (see below). Any suggestions on how to get more debug data? I installed it as a binary package.
Most probably you can't without recompiling.
Note that I have been running ngircd for years on FreeBSD (thanks!) but am new to running this on Debian. Note also that I am only running an SSL server at the moment, not a “plain” one.
Ok, but this should make no difference and not result in different start behaviour ...
Error output is below. Should I take this up with the package maintainer?
I think we should try to get some more information first. You are using the traditional SysV init that is the default on Debian?
Jan 11 13:59:18 boogie ngircd[9566]: ngircd 19.2-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-x86_64/pc/linux-gnu started. Jan 11 13:59:18 boogie ngircd[9566]: Using configuration file "/etc/ngircd/ngircd.conf" ... Jan 11 13:59:18 boogie ngircd[9566]: Warning: Error during SSL initialization, continuing ...
Hm? I would have xpected some more detailed error message here. You are using absolute path names for your keys etc. in ngircd.conf, right? And the permissions do make sense?
Jan 11 13:59:18 boogie ngircd[9567]: Running as user irc(39), group irc(39), with PID 9567. Jan 11 13:59:18 boogie ngircd[9567]: Not running with changed root directory. Jan 11 13:59:18 boogie ngircd[9567]: IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 4). Jan 11 13:59:18 boogie ngircd[9567]: Created pre-defined channel "#syborg" Jan 11 13:59:18 boogie ngircd[9567]: Now listening on [192.168.1.120]:2431 (socket 8).
command line:
Jan 11 14:00:29 boogie ngircd[9714]: ngircd 19.2-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-x86_64/pc/linux-gnu started. Jan 11 14:00:29 boogie ngircd[9714]: Using configuration file "/etc/ngircd/ngircd.conf" ... Jan 11 14:00:29 boogie ngircd[9714]: gnutls 2.12.20 initialized. Jan 11 14:00:29 boogie ngircd[9715]: Running as user irc(39), group irc(39), with PID 9715. Jan 11 14:00:29 boogie ngircd[9715]: Not running with changed root directory. Jan 11 14:00:29 boogie ngircd[9715]: IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 4). Jan 11 14:00:29 boogie ngircd[9715]: Created pre-defined channel "#syborg" Jan 11 14:00:29 boogie ngircd[9715]: Now listening on [192.168.1.120]:2431 (socket 8).
Strange ... Could you show (Pastebin?) your configuration? And does "ngircd --configtest" show something "interesting"? Thanks Alex
Alexander and Christoph, Thank you for the prompt replies. Sorry for the delay, we were very busy last night.
Jan 11 13:59:18 boogie ngircd[9566]: ngircd 19.2-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-x86_64/pc/linux-gnu started. Jan 11 13:59:18 boogie ngircd[9566]: Using configuration file "/etc/ngircd/ngircd.conf" ... Jan 11 13:59:18 boogie ngircd[9566]: Warning: Error during SSL initialization, continuing ...
Hm? I would have xpected some more detailed error message here.
You are using absolute path names for your keys etc. in ngircd.conf, right? And the permissions do make sense?
Yes, absolute path names. I didn’t realize it but the certtool-generated key allowed only root to read it. I fixed the permissions on the key and it seems to work fine now. Again, thanks for the replies - I should have seen this yesterday! Thanks also for ngircd! John ------------------------------------------------------------------------------ John Bleichert - syborg@earthlink.net The heat from below can burn your eyes out!
John Bleichert wrote...
Should I take this up with the package maintainer?
No need for that, I'm also here.
Jan 11 13:59:18 boogie ngircd[9566]: ngircd 19.2-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-x86_64/pc/linux-gnu started. Jan 11 13:59:18 boogie ngircd[9566]: Using configuration file "/etc/ngircd/ngircd.conf" ...
I'd expect the "gnutls 2.12.20 initialized." here, just as below.
Jan 11 13:59:18 boogie ngircd[9566]: Warning: Error during SSL initialization, continuing ... Jan 11 13:59:18 boogie ngircd[9567]: Running as user irc(39), group irc(39), with PID 9567.
So, can you please check whether more lines got lost by coincidence? Wild guessing, the x509 private key file isn't readable by the irc user ngircd runs as. But that will result in an error message, too. How do things look if ngircd is started as the irc user, i.e. "su -c /usr/sbin/ngircd irc"? The init scripts does quite the same, that could explain the different behaviour to ngircd called from command line (as root). Christoph
Teilnehmer (3)
-
Alexander Barton -
Christoph Biedl -
John Bleichert