M BUZZ CRAZE NEWS
// general

Why is dhclient saying: "SIOCSIFADDR: Permission denied"?

By Emma Johnson

I have encountered a very weird error on ubuntu-server (8.04), I have no idea why dhclient is not allowed to set the network settings! I'm not the one who installed the server in the first place, so i don't know much about the setup. The server is only used as a firewall/gateway (custom iptables script) it's got three nic's one for internet, one for LAN and one for DMZ. Now the ISP have changed settings from static ip to "static" ip assigned through dhcp, and i cant really use it.

Sadly I can't just set the IP statically since the ISP closes my connection when the dhcp lease ends :o

This is the error i get: (and then it just hangs there..)

root@fw:~# dhclient eth2
Internet Systems Consortium DHCP Client V3.0.6
Copyright 2004-2007 Internet Systems Consortium.
All rights reserved.
For info, please visit
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
SIOCSIFFLAGS: Permission denied
Listening on LPF/eth2/00:50:52:c1:a1:32
Sending on LPF/eth2/00:50:52:c1:a1:32
Sending on Socket/fallback
DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 8
DHCPOFFER of 2.10.56.19 from 93.87.36.42
DHCPREQUEST of 2.10.56.19 on eth2 to 255.255.255.255 port 67
DHCPACK of 2.10.56.19 from 93.87.36.42
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
SIOCSIFNETMASK: Permission denied
SIOCSIFBRDADDR: Permission denied
SIOCSIFFLAGS: Permission denied
SIOCADDRT: Operation not permitted

for now i've fixed it by running killall dhclient; dhclient eth2 every hour and then setting static IP settings for the interface, this is enough to keep the connection live! but it's a pretty ugly hack in my opinion..

12

5 Answers

Based on the stack trace at the firstSIOCSIFADDR: Permission denied error occurs at line 735, during execution of process 26092: ifconfig eth2 inet 0 up. Now onlyroot can ifconfig something up, so let's trace the chain offork()/exec() and look for UID changes. It turns out that:

  1. process 26092 is a child of 26090 (line 689)
  2. process 26090 runs with UID 101 and GID 102 (lines 355--358)
  3. process 26090 tries to set its UID/GID back to 0, but fails (line 310)
  4. process 26090 is a child of 26089 (line 286)
  5. process 26089 switched its UID:GID to 101:102 (lines 282--283)

So, the errors occur because the executing child process does not have the necessary root privileges. Why does this happen? Thedebian/changelog file in the dhcp3-3.0.6.dfsg sources says:

dhcp3 (3.0.1-2ubuntu4) breezy; urgency=low Derooted the DHCP client: * Added debian/patches/deroot-client.patch: - client/dhclient.c: After initialization, dro privileges to dhcp:dhcp and only keep CAP_NET_RAW and CAP_NET_BIND_SERVICE. - Add a setuid wrapper call-dhclient-script to call /etc/dhcp3/dhclient-script as root. - Install call-dhclient-script into /lib/dhcp3-client/.

My guess is that call-dhclient-script has lost its set-UID bit, and is thus not executing with root privileges as it should. (According to the debian/dhcp3-client.postinst file in the sources, it should be owned by root:dhcp and mode 4754)

1

What does your "dmesg" output show when you run dhclient?

If you're running Hardy, AppArmor is part of the default install. It's possible that the dhclient profile has gone haywire. Check "sudo aa-status" to see what is happening there.

Additionally how does your /etc/network/interfaces file read? Perhaps you have conflicting addresses, routes, etc that dhclient doesn't want to play with?

2

I would try installing nscd if that package is missing, and if it does not work with this, install also libnss-db.

Not sure if that will solve your problem, however, those are the things that your trace is trying to find and it fails.

1

Please run sudo dpkg --configure -a just to make sure it's not a repetition of the situation in

1

This is actually a bug in Ubuntu 8.04. For several use cases you NEED to have nscd installed (e.g. when using openvpn) or dhclient won't work. This doesn't happen in newer Ubuntu releases.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in general

"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"

"Absolutely my pleasure, mate. It is a really incredible piece, and if it’s not featured in Substack Reads I will immediately raise a militia and….uh….then we’ll stand around grumbling and handing out leaflets (I’m British, this is how we do over here). Magically well done. And…"