[quagga-users 11300] Re: Solaris 10 and zprivs_caps_init error

Olsen, Jason jolsen at devry.com
Fri Jan 8 17:11:54 GMT 2010


I figured out my mistake - I was trying to start the bgpd as user
"quagga," instead of starting it as user root and letting the program
automatically handle the privileges itself.

 

Once I figured that out, putting the lines I deleted out of
bgpd/bgp_main.c back in and recompiling fixed my binding issue.

 

Apologies for the noise on the list, all.

 

(Now I just have to figure out how to do the routing table dump!)

 

-JFO

 

From: quagga-users-bounces at lists.quagga.net
[mailto:quagga-users-bounces at lists.quagga.net] On Behalf Of Olsen, Jason
Sent: Friday, January 08, 2010 10:43 AM
To: quagga-users at lists.quagga.net
Subject: [quagga-users 11299] Solaris 10 and zprivs_caps_init error

 

Howdy all,

 

My goal is to create a route server that can monitor routing tables on
my WAN via BGP feeds from various routers throughout the system.  It
should take BGP data and never announce anything.  I plan to use Quagga
to occasionally dump the routing tables to disk for comparison purposes.


 

To that end I downloaded, compiled and installed Quagga 0.99.15 on
Solaris 10 according to the instructions in the "/solaris/README.txt"
file and have run into a problem.  When I try to start bgpd and have it
bind to an IP address that's on the box, I get the now-infamous
"zprivs_caps_init: error setting permitted set!, Not owner" message.

 

To be clear, bgpd/zebra/etc were all compiled to run as the quagga user,
quagga group.

 

EG:

---------------------------

quagga at dc1-u-netmgt1p  [/export/home/quagga]

$ /usr/local/sbin/bgpd -P 2605 -A 10.154.2.4

zprivs_caps_init: error setting permitted set!, Not owner

 

Last return status: 1

quagga at dc1-u-netmgt1p  [/export/home/quagga]

$

----------------------------

 

I did a bit of Googling around and saw a few messages about this sort of
thing from Paul Jakma, circa 2005 and 2007 on this list.  In it was
there was a recommendation to remove a line from bgpd/bgp_main.c, which
I did.  Which works great for starting bgpd without actually attaching
to the IP (eg I can run the VTY) but I still am seeing this message when
trying to get a port 179 listener up.  And without the ability to bind
bgpd to the network so that my routers can talk to it, I'm not going to
be able to do very much with it! ;)

 

Solaris 10 on a blade server, not a zone.  It's a brand-new install from
late 2009 but I am unsure of the exact version, uname -a returns:  SunOS
dc1-u-netmgt1p 5.10 Generic_141414-10 sun4u sparc SUNW,SPARC-Enterprise

 

Compilation command:

 

$ ./configure --prefix=/usr/local/quagga --localstatedir=/var/run/quagga
--enable-gcc-rdynamic --disable-bgp-announce --enable-opaque-lsa
--enable-ospf-te --enable-multipath=64 --enable-user=quagga
--enable-ospfclient=yes --enable-ospfapi=yes --enable-group=quagga
--enable-nssa --enable-opaque-lsa

 

As mentioned, I did go into /bgpd/bgp_main.c and pull out the
ZCAP_NET_RAW as mentioned in Paul's email to this list back in 2007
(reference
http://lists.quagga.net/pipermail/quagga-users/2007-September/008935.htm
l)

 

Any help or thoughts are much appreciated.

 

Thanks,

-JFO

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-users/attachments/20100108/b038edcc/attachment.html>


More information about the Quagga-users mailing list