pksd deamon/service start and then stop after few seconds

[TomKi]

Hello,

I have installed security/pks on FreeBSD and I think I have configured the installation correct.... and maybe not.
I have added pksd_enable to /etc/rc.conf and I can see on startup screen that pksd is starting (Starting pksd).
But after I have login to the system I can see the service/deamon is not running:

# service pksd status
pksd is not running

I try:

# service pksd restart
pksd not running? (check /var/run/pksd.pid)
Starting pksd
# service pksd status
pksd is not running

And I can't find pksd.pid anywhere.

Can any of you tell me what logfile I can see what the problem is, please?
Or do I have to enable some log before I can see anything about my problem?
Or can I test /usr/local/etc/pksd.conf for errors by a command?

Thanks in advance.

 

[SirDice]

DATABASE ADMINISTRATION
       pksd  uses the locking, logging,	and transaction	facilities of Berkeley
       DB.  This provides for added safety in the event	of a server crash, and
       also  allows for	multiple pksd and/or pksclient processes to access the
       database	at the same time.

       This does make management of a key server a  little  more  complicated.
       The  Berkeley  DB reference section on Berkeley DB Transactional	Access
       Methods Applications
       <http://www.sleepycat.com/docs/ref/toc.html#transapp>
       describes the procedures	and commands which are used for	checkpointing,
       archive	(backup),  and recovery.  You should familiarize yourself with
       this information	before running a key server.

Taken from pks-intro(8).

 

[TomKi]

Thanks for a quick answer.
Yes I can see that, about the database administration from pks-intro.
But I have created a database file with following command:

# pksclient /var/db/pks/db create

Isn't that enough to run a pks server?

 

[TomKi]

I have found out another thing.
If I uncomment pksd_enable in /etc/rc.conf, restart FreeBSD, login through ssh to the server and run following command in the ssh section:

# service pksd onestart
Starting pksd

....and if I look at the server output it says:

pksd[992]: pksd: pks_socket_init: failed removing old socket: 1

Does anyone know what this means?

 

[SirDice]

Isn't that enough to run a pks server?

I don't know. Besides the manual pages I can't find the documentation. So I have no idea what's required to get it up and running.

Does anyone know what this means?

That's fairly common for failing services. It starts, creates the sockets and PID file, then crashes. Without cleaning up those files. So when you start it again it's going to find the 'old' files and complain about it.

 

[ShelLuser]

Make sure your permissions are all in check. This also applies to /var/run/pks for example (which you have to create yourself; be sure to use the right uid/gid).

It's been a while since I wrote this but maybe this can help:

https://forums.freebsd.org/threads/setting-up-your-own-openpgp-keyserver-why-how.59920/

 

[TomKi]

I have followed your guide
The only thing I'm not sure about is the userrights on the folders and files.
I have created user "pksuser"
root@pks1:/usr/local/bin # id pksuser
uid=1040(pksuser) gid=1050(pksuser) groups=1050(pksuser)

I have set the rights as follow:

root@pks1:~ # ls -al /var/run/pks/
total 10
drwxrwx--- 3 pksuser pksuser 3 Nov 29 22:18 .
drwxr-xr-x 7 root wheel 23 Dec 12 22:12 ..
drwxrwx--- 2 pksuser pksuser 2 Nov 29 22:18 pks.socket

root@pks1:~ # ls -al /var/db/pks/db/
total 198
drwxrwx--- 2 pksuser pksuser 12 Nov 28 22:40 .
drwxrwx--- 5 pksuser pksuser 5 Nov 19 15:36 ..
-rwxrwx--- 1 pksuser pksuser 303104 Dec 11 21:45 __db.001
-rwxrwx--- 1 pksuser pksuser 851968 Dec 11 21:45 __db.002
-rwxrwx--- 1 pksuser pksuser 550440 Dec 11 21:45 __db.003
-rwxrwx--- 1 pksuser pksuser 24576 Nov 28 22:40 keydb000
-rwxrwx--- 1 pksuser pksuser 24576 Nov 28 22:40 keydb001
-rwxrwx--- 1 pksuser pksuser 24576 Nov 28 22:40 keydb002
-rwxrwx--- 1 pksuser pksuser 10485760 Dec 11 21:45 log.0000000001
-rwxrwx--- 1 pksuser pksuser 2 Nov 28 22:40 num_keydb
-rwxrwx--- 1 pksuser pksuser 49152 Nov 28 22:40 timedb
-rwxrwx--- 1 pksuser pksuser 24576 Nov 28 22:40 worddb

root@pks1:~ # ls -al /var/db/pks/
total 19
drwxrwx--- 5 pksuser pksuser 5 Nov 19 15:36 .
drwxr-xr-x 13 root wheel 21 Nov 29 01:08 ..
drwxrwx--- 2 pksuser pksuser 12 Nov 28 22:40 db
drwxrwx--- 2 pksuser pksuser 2 Nov 19 12:29 incoming
drwxrwx--- 2 pksuser pksuser 2 Nov 19 15:36 pksd_socket

root@pks1:~ # ls -al /usr/local/bin/pks*
-rwxrwx--- 1 pksuser pksuser 2275 Nov 19 12:04 /usr/local/bin/pks-mail.sh
-rwxrwx--- 1 pksuser pksuser 2552 Nov 19 12:04 /usr/local/bin/pks-queue-run.sh
-rwxrwx--- 1 pksuser pksuser 100880 Nov 19 12:04 /usr/local/bin/pksclient
-rwxrwx--- 1 pksuser pksuser 8000 Nov 19 12:04 /usr/local/bin/pksdctl

root@pks1:~ # ls -al /usr/local/share/doc/pks/
total 122
drwxrwx--- 2 pksuser pksuser 19 Nov 19 12:04 .
drwxr-xr-x 24 root wheel 24 Nov 19 18:23 ..
-rwxrwx--- 1 pksuser pksuser 2330 Nov 19 12:04 EMAIL
-rwxrwx--- 1 pksuser pksuser 8540 Nov 19 12:04 README
-rwxrwx--- 1 pksuser pksuser 8368 Nov 19 12:04 pks_help.cz
-rwxrwx--- 1 pksuser pksuser 7457 Nov 19 12:04 pks_help.de
-rwxrwx--- 1 pksuser pksuser 6258 Nov 19 12:04 pks_help.dk
-rwxrwx--- 1 pksuser pksuser 6731 Nov 19 12:04 pks_help.en
-rwxrwx--- 1 pksuser pksuser 7548 Nov 19 12:04 pks_help.es
-rwxrwx--- 1 pksuser pksuser 6318 Nov 19 12:04 pks_help.fi
-rwxrwx--- 1 pksuser pksuser 6601 Nov 19 12:04 pks_help.fr
-rwxrwx--- 1 pksuser pksuser 6357 Nov 19 12:04 pks_help.hr
-rwxrwx--- 1 pksuser pksuser 7085 Nov 19 12:04 pks_help.ja
-rwxrwx--- 1 pksuser pksuser 7506 Nov 19 12:04 pks_help.kr
-rwxrwx--- 1 pksuser pksuser 6152 Nov 19 12:04 pks_help.no
-rwxrwx--- 1 pksuser pksuser 7770 Nov 19 12:04 pks_help.pl
-rwxrwx--- 1 pksuser pksuser 7483 Nov 19 12:04 pks_help.pt
-rwxrwx--- 1 pksuser pksuser 6905 Nov 19 12:04 pks_help.se
-rwxrwx--- 1 pksuser pksuser 7149 Nov 19 12:04 pks_help.tw

root@pks1:~ # ls -al /usr/local/share/pks/
total 27
drwxrwx--- 2 pksuser pksuser 5 Nov 19 12:04 .
drwxr-xr-x 29 root wheel 29 Nov 19 18:23 ..
-rwxrwx--- 1 pksuser pksuser 416 Nov 19 12:04 mail_intro
-rwxrwx--- 1 pksuser pksuser 4641 Nov 19 12:04 pks-commands.html
-rwxrwx--- 1 pksuser pksuser 9138 Nov 19 12:04 pks-commands.php

And my /usr/local/etc/pksd.conf:

root@pks1:~ # cat /usr/local/etc/pksd.conf
pks_bin_dir /usr/local/bin
pid_dir /var/run/pks
### Set chroot_dir to make pksd chroot itself. Must be an absolute path.
#chroot_dir /usr/local
### uid and gid for pksd to run as. Leave unset, or set to 0 to disable
### ideally only www_dir should be writeable to pksd. it is recommended
### that pksd run with its own uid and gid.
pksd_uid 1040
pksd_gid 1050
db_dir /var/db/pks/db
www_dir /var/db/pks
### Set www_port to the port on which HTTP requests should be accepted.
### If you do not want to process HTTP requests, set this to 0.
www_port 11371
### Set www_readonly to 0 if you want to allow ADD requests over HTTP
# www_readonly 0
socket_name /var/run/pks/pks.socket
### Specify the envelope sender address as the -f argument to
### sendmail. This is the address which will receive any bounces.
### If you don't use sendmail, then change this to an equivalent command.
### If you do not want to process mail requests, leave this unset.
mail_delivery_client /usr/sbin/sendmail -t -oi -fmailer-daemon
### Set this to the address which should be displayed as the From:
### address in all outgoing email, and as the maintainer in the body
### of each message.
maintainer_email PGP Key Server Administrator <nobody>
mail_intro_file /usr/local/share/pks/mail_intro
help_dir /usr/local/share/doc/pks
mail_dir /var/db/pks/incoming
### If you change this, make sure to put a corresponding help file in
### the help_dir named above
default_language EN
### This is the email address of this site. It will be inserted in all
### outgoing incremental messages, so it should match whatever the
### downstream sites use as syncsite in their pksd.conf files.
# this_site pgp-public-keys@your-site
### Include a syncsite line for each site with which you are exchanging
### incremental requests.
# syncsite pgp-public-keys@pgp-server-1
# syncsite pgp-public-keys@pgp-server-2
### Set this to 0 to disable mailserver LAST requests completely, to a
### positive integer to limit LAST requests to that many days, or -1
### to allow any argument to LAST.
max_last -1
### Set this to the maximum number of keys to return in the reply to
### a last query. Setting it to -1 will allow any size reply.
max_last_reply_keys -1
### Set this to the maximum number of keys to return in the reply to
### an index, verbose index, or get query. Setting it to -1
### will allow any size reply.
max_reply_keys -1


And thank you for your respond

 

[ShelLuser]

Check /var/log/messages, that's where it'll dump its output to. It should tell you what went wrong. Glimpsed over the config file but can't notice anything out of the ordinary.

 

[TomKi]

When I have set pksd_enable="YES" in /etc/rc.conf the system writes in /var/log/messages:

Dec 14 13:55:13 pks1 pksd[581]: pksd: pks_socket_init: failed removing old socket: 1

And I don't know what it means

And I don't know what the number 581 means