Why is dhclient saying: "SIOCSIFADDR: Permission denied"?
Solution 1
Based on the stack trace at http://silenzio.dk/pi/dhc.strace the first
SIOCSIFADDR: Permission denied
error occurs at line 735, during
execution of process 26092: ifconfig eth2 inet 0 up
. Now only
root
can ifconfig
something up, so let's trace the chain of
fork()
/exec()
and look for UID changes. It turns out that:
- process 26092 is a child of 26090 (line 689)
- process 26090 runs with UID 101 and GID 102 (lines 355--358)
- process 26090 tries to set its UID/GID back to 0, but fails (line 310)
- process 26090 is a child of 26089 (line 286)
- process 26089 switched its UID:GID to 101:102 (lines 282--283)
So, the errors occur because the executing child process does not have
the necessary root privileges. Why does this happen? The
debian/changelog
file in the dhcp3-3.0.6.dfsg
sources says:
dhcp3 (3.0.1-2ubuntu4) breezy; urgency=low
Derooted the DHCP client:
* Added debian/patches/deroot-client.patch:
- client/dhclient.c: After initialization, dro privileges to dhcp:dhcp and
only keep CAP_NET_RAW and CAP_NET_BIND_SERVICE.
- Add a setuid wrapper call-dhclient-script to call
/etc/dhcp3/dhclient-script as root.
- Install call-dhclient-script into /lib/dhcp3-client/.
My guess is that call-dhclient-script
has lost its set-UID bit, and
is thus not executing with root privileges as it should. (According to
the debian/dhcp3-client.postinst
file in the sources, it should
be owned by root:dhcp
and mode 4754
)
Solution 2
What does your "dmesg" output show when you run dhclient?
If you're running Hardy, AppArmor is part of the default install. It's possible that the dhclient profile has gone haywire. Check "sudo aa-status" to see what is happening there.
Additionally how does your /etc/network/interfaces file read? Perhaps you have conflicting addresses, routes, etc that dhclient doesn't want to play with?
Solution 3
I would try installing nscd if that package is missing, and if it does not work with this, install also libnss-db.
Not sure if that will solve your problem, however, those are the things that your trace is trying to find and it fails.
Solution 4
This is actually a bug in Ubuntu 8.04. For several use cases you NEED to have nscd installed (e.g. when using openvpn) or dhclient won't work. This doesn't happen in newer Ubuntu releases.
Solution 5
Please run sudo dpkg --configure -a
just to make sure it's not a repetition of the situation in https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/19740/comments/67
Related videos on Youtube
LassePoulsen
Updated on September 17, 2022Comments
-
LassePoulsen over 1 year
I have encountered a very weird error on ubuntu-server (8.04), I have no idea why dhclient is not allowed to set the network settings! I'm not the one who installed the server in the first place, so i don't know much about the setup. The server is only used as a firewall/gateway (custom iptables script) it's got three nic's one for internet, one for LAN and one for DMZ. Now the ISP have changed settings from static ip to "static" ip assigned through dhcp, and i cant really use it.
Sadly I can't just set the IP statically since the ISP closes my connection when the dhcp lease ends :o
This is the error i get: (and then it just hangs there..)
root@fw:~# dhclient eth2 Internet Systems Consortium DHCP Client V3.0.6 Copyright 2004-2007 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ SIOCSIFADDR: Permission denied SIOCSIFFLAGS: Permission denied SIOCSIFFLAGS: Permission denied Listening on LPF/eth2/00:50:52:c1:a1:32 Sending on LPF/eth2/00:50:52:c1:a1:32 Sending on Socket/fallback DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 8 DHCPOFFER of 2.10.56.19 from 93.87.36.42 DHCPREQUEST of 2.10.56.19 on eth2 to 255.255.255.255 port 67 DHCPACK of 2.10.56.19 from 93.87.36.42 SIOCSIFADDR: Permission denied SIOCSIFFLAGS: Permission denied SIOCSIFNETMASK: Permission denied SIOCSIFBRDADDR: Permission denied SIOCSIFFLAGS: Permission denied SIOCADDRT: Operation not permitted
for now i've fixed it by running
killall dhclient; dhclient eth2
every hour and then setting static IP settings for the interface, this is enough to keep the connection live! but it's a pretty ugly hack in my opinion..-
Admin over 13 years
strace -o /tmp/dhc$$ dhclient -d eth2
should yield valuable information about what calls are failing. Yes, I know all of them, but seeing the arguments may help. I'd suspect some oddment with the eth2 driver, perhaps the module is out of sync with the kernel. -
Admin over 13 yearsstrace: paste.ubuntu.com/506269
-
Admin over 13 yearsbtw: the nic is a "VT6102 [Rhine-II]" using the via_rhine kernel module.
-
Admin over 13 yearsYour strace was interrupted right before getting to the good part. Let it run a while longer before hitting ctrl-c, or maybe add the
-1
option and wait for it to exit on its own. -
Admin over 13 yearsAfter it has been running for 5 minutes i interrupted it, here is the strace but it looks like the same to me. paste.ubuntu.com/509022
-
Admin over 13 yearsIs this a machine or a virtual (kvm, xen, vmware, openvz) machine?
-
Admin over 13 yearsIt is a physical machine
-
Admin over 13 yearsThe strace is almost the same, but this time there's a fork() at the end. You need to
strace -f
to see what the child process does and why it gets an error. -
Admin over 13 yearsDo you have selinux and/or apparmor enabled? Does the problem occurs when you disable them?
-
Admin over 13 yearsi don't use apparmor or selinux.. Here is a strace with the
-f
option turned on: silenzio.dk/pi/dhc.strace -
Admin over 13 yearsTry the following: "trace -f -e trace=open,ioctl dhclient -d eth2" if you want to reduce the noise of other syscalls.
-
Admin over 13 yearsStick £5 router in front of it and forward inbound traffic. Would work and bypass this issue.
-
-
LassePoulsen over 13 yearsNo luck!
dpkg --configure -a
did nothing at all (no packages that needed configuring) -
LassePoulsen over 13 yearsThis doesn't make a difference! installing nscd makes no difference to that dhclient does not set the ip address, netmask etc.
-
LassePoulsen over 13 yearsinstalling nscd and libnss-db doesn't help.
-
LassePoulsen over 13 yearsThere is no app-armor installed on the machine. And the NIC is setup with static IP in the /etc/network/interfaces file. This should be no problem for dhclient to overwrite when it is called. But it doesn't matter because it makes no difference if i set it as dhcp in the /etc/network/interfaces file. If i do the interface just keeps being "unconfigured".
-
LassePoulsen over 13 yearsSuch complicated error and such a simple solution!
chmod u+s /lib/dhcp3-client/call-dhclient-script
did the trick! -
Kees Cook over 13 yearsIf you can, send links to pastebins of "sudo aa-status" and "cat /etc/network/interfaces"