Solved Step-Ca port: Privileged Port (433) configured: cannot run as step

F

Ferocious1881

After installing the port in a jail with:
Code: 
pkg -j acme install step-certificates step-cli
jexec acme rm -r /usr/local/etc/step
jexec acme service step-ca configure
And filing the form. Note that the value of "What IP and port will your new CA bind to?" was set to 192.168.0.5:433.
After which running jexec acme service step-ca start get me the error
Code: 
Privileged Port (433) configured: cannot run as step
 
Only root can open ports below 1024. As this software is supposed to run on a 'user' account (step) it cannot use 443.
 
SirDice said:
Only root can open ports below 1024. As this software is supposed to run on a 'user' account (step) it cannot use 443.
Click to expand...
Reading with more attention the port documentation it says that the user running the application can be changed with sysrc step_ca_user=root to the root user. Which I did, and also did the allow.reserved_ports in the jail config and also get basically the same error:
Code: 
Privileged Port (443) configured: cannot run as root
 
I tried installing this in a jail today and I encountered some difficulties.
I found this thread here and also a post on github that helped a bit, but still no joy.
https://github.com/smallstep/certificates/discussions/572#discussioncomment-751271

I followed the instructions on github, using port 8443 but the service still fails to start.

Looking in /var/log/messages I find...
Nov 8 16:49:16 ca pkg[72562]: step-certificates-0.27.2_1 installed
Nov 8 16:53:24 ca step_ca[79637]: open /usr/local/etc/step/ca/contexts.json failed: permission denied
Click to expand...

A simple check on contexts.json shows that it is missing...
root@ca:~ # ls -la /usr/local/etc/step/ca/contexts.json
ls: /usr/local/etc/step/ca/contexts.json: No such file or directory
root@ca:~ # find / -name "*contexts.json*" -print
root@ca:~ #
Click to expand...
 
You must log in or register to reply here.
Back
Top