Solved privoxy: Permission denied with su

[laufdi]

I (and the rc.d script) can't run www/privoxy as user privoxy. What's the problem?

(I can run it as my normal user. Does

# su -m privoxy -c /usr/local/sbin/privoxy

su: /bin/csh: Permission denied

# ls -l /usr/local/sbin/privoxy

-r-xr-xr-x 1 privoxy wheel uarch 270272 28 Sep 02:57 /usr/local/sbin/privoxy*

# ls -l /bin/csh

-r-xr-xr-x 2 root wheel 382360 4 Sep 18:58 /bin/csh*

privoxy:*:201:201:privoxy pseudo-user:/nonexistent:/sbin/nologin

P.S.: I also can't do # su -m privoxy -c /bin/csh while as normal user that works.

That makes musicpd also not working with "fatal_error: problems changing to root directory" (should run as "musicpd")

FreeBSD 10.2-STABLE #39 r287433: Thu Sep 3 16:07:49 CEST 2015

 

[junovitch@]

Hmm. Try vipw as root and just enter :wq. It sounds like the actual database files for users might be out of sync with the plain text versions.

 

[laufdi]

Thanks, but it didn't help

 

[Wozzeck]

Check the ownership of /var/run/privoxy and /var/log/privoxy (unless you have customized directories in the conf file). If a directory doesn't exist create it; for each :
chown -R privoxy:privoxy /var/.../privoxy
chmod -R 750 /var/.../privoxy

 

[laufdi]

It's all as it should be.

both /var/run and /var/log have the dir

drwxr-x--- 2 privoxy privoxy uarch 2 28 Sep 03:06 privoxy

and the log is

-rw-r--r-- 1 privoxy privoxy uarch 1090 28 Sep 02:16 logfile

It's seems more like a general su or csh problem

 

[Wozzeck]

Try to resync you plain text user file with the encrypted database

# Check master password file for error
pwd_mkdb -C /etc/master.passwd

# Create secure and insecure password databases
pwd_mkdb -p /etc/master.passwd

# Reinstall db files
pwd_mkdb /etc/master.passwd

 

[laufdi]

No, doesn't help. And it's the same thing with sudo
# sudo -u nobody ls
sudo: unable to execute /bin/ls: Permission denied


I found out that the user has to be in group "wheel" to make it work. So some file has a permissions problem. But which one?

musicpd says "problems changing to root directory", which comes from

void
daemonize_begin(bool detach)
{
   /* release the current working directory */
   if (chdir("/") < 0)
       FatalError("problems changing to root directory");

while
# su -m mpd -c "cd /"
#
is no problem.

 

[Wozzeck]

No, doesn't help. And it's the same thing with sudo
# sudo -u nobody ls
sudo: unable to execute /bin/ls: Permission denied


I found out that the user has to be in group "wheel" to make it work. So some file has a permissions problem. But which one?

In fact yes, the process must be always started by "root" and only "root", and after there is a substitution of user made by the process himself and not by sudo..

I was just intriguated by your error, because it doesn't create the same error on my system
I have privoxy in a jail, when I try to launch the process with a non administrative account :

jexec -u Regular-User8 web privoxy

it gives this error :

2015-09-28 11:57:13.681 801c06400 Fatal error: can't check configuration file '//config':  No such file or directory

Quite different, for this reason I was thinking of an account problem on your system. But In fact, the problem could be the use of "sudo". So forget it.

Privoxy is usually started by

service privoxy start

With root rights, but we can make some test, we can run privoxy directly on the foreground so with no-daemon option

Su to "root" and try this

privoxy --user privoxy --config-test /usr/local/etc/privoxy/config

(Where config is your privoxy config file, adapt accordingly with your system)

Privoxy will check the syntax of your config file, if all is correct privoxy process end up

If your config file is correct then test privoxy on the foreground

privoxy --user privoxy --no-daemon /usr/local/etc/privoxy/config

and it should display something like that :

2015-09-28 12:26:00.733 801c06400 Info: Privoxy version 3.0.23
2015-09-28 12:26:00.734 801c06400 Info: Program name: privoxy

(Just ctrl-c to shut off the process)

 

[laufdi]

# privoxy --user privoxy --config-test /usr/local/etc/privoxy/config
# privoxy --user privoxy --no-daemon /usr/local/etc/privoxy/config
2015-09-28 13:14:03.987 801c06400 Info: Privoxy version 3.0.23
2015-09-28 13:14:03.987 801c06400 Info: Program name: privoxy
2015-09-28 13:14:03.987 801c06400 Fatal error: can't check configuration file '/usr/local/etc/privoxy/config': Permission denied

 

[Wozzeck]

# privoxy --user privoxy --config-test /usr/local/etc/privoxy/config
# privoxy --user privoxy --no-daemon /usr/local/etc/privoxy/config
2015-09-28 13:14:03.987 801c06400 Info: Privoxy version 3.0.23
2015-09-28 13:14:03.987 801c06400 Info: Program name: privoxy
2015-09-28 13:14:03.987 801c06400 Fatal error: can't check configuration file '/usr/local/etc/privoxy/config': Permission denied

The error message is quite clear. Privoxy is unable to find your config file. Reinstall the package and it should reinstall a sample config file. Go to :

cd /usr/local/etc/privoxy
ls -l

-r--r--r--  1 privoxy  privoxy  61994 23 mar  2014 config
-rw-r--r--  1 root  wheel  89647 23 mai 19:27 default.action
-rw-r--r--  1 root  wheel  40438 23 mai 19:27 default.filter
-r--r--r--  1 privoxy  privoxy  627 17 mar  2014 match-all.action
-rw-r--r--  1 root  wheel  39009 23 mai 19:27 regression-tests.action
drwxr-xr-x  2 root  wheel  1536 20 sep 00:55 templates

And you should find a config file. Eventually it could be a config.sample file, in this case rename it to config. Error may also arise if you have hacked your config file with bad parameters. There is in the config file a "confdir" knob, it must be set to /usr/local/etc/privoxy.

According to the option choosed at compilation you may have a backup of config file in /usr/local/share/examples/privoxy

cp /usr/local/share/examples/privoxy/config /usr/local/etc/privoxy/

Eventually, a specific instance of privoxy may be started by a third party application, so this application may use his own config file stored elsewhere, so the issue is not privoxy but this third party application which gives bad directives. In some cases privoxy can also be run in "chroot" environment if the knob "--chroot" is enabled at startup, in this case things becomes more complicated.

 

[laufdi]

The error message is quite clear. Privoxy is unable to find your config file.

No, from the result of the first command it is clear that there is no problem with the config file.

 

[Wozzeck]

No, from the result of the first command it is clear that there is no problem with the config file.

I have checked on my system, the config-test doesn't seems to work well, it doesn't report some errors.

you should try to backup your config and make a test with the default config file provided in examples.

The second command show you clearly there is an issue with the config file. Normally there is no need to chown user "privoxy" with config file but you can.

 

[laufdi]

I have had very much deeper problems than a config file. The other daemons also didn't work, as I told above.
Now I completely cleaned the root partition and installed from scratch. Everything works again with all the old config files, including privoxy.