Core MASQNode 0.8.0 beta1 can not drop privileges (installing MASQNode as a systemd on debian Linux) | Voters

Core MASQNode 0.8.0 beta1 can not drop privileges (installing MASQNode as a systemd on debian Linux)
under review
stevang
I created a script wich helps me to install a systemd service for MASQNode on a Debian Linux VPS. It is working just fine with MASQNode 0.7.3 and when finished, MASQNode 0.7.3 is running as a non-root user.
If i try to do the same thing with 0.8.0 beta1, i get this error when i first try to start it with this unit file
=====================
[Unit]
Description=MASQNode service
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/MASQNode --data-directory /home/masq/test1/node-files/
Restart=always
RestartSec=5
WorkingDirectory=/home/masq/test1/node-files/
[Install]
WantedBy=multi-user.target
=====================
_____ ______  ________   ________   _______          Node Version: 0.8.0
/   _  | _   /|/  __   /|/  ______/|/   __   /|        Database Schema Version: 9
/  / /__///  / /  /|/  / /  /|_____|/  /|_/  / /        OS: linux
/  / |__|//  / /  __   / /_____   /|/  / '/  / /         client_request_payload::MIGRATIONS (0.1)
/  / /    /  / /  / /  / |_____/  / /  /__/  / /          client_response_payload::MIGRATIONS (0.1)
/__/ /    /__/ /__/ /__/ /________/ /_____   / /           dns_resolve_failure::MIGRATIONS (0.1)
|__|/     |__|/|__|/|__|/|________|/|____/__/ /            gossip::MIGRATIONS (0.1)
|__|/             gossip_failure::MIGRATIONS (0.1)
node_record_inner::MIGRATIONS (0.1)
2024-02-06 20:49:20.319 Thd1: ERROR: PanicHandler: src/privilege_drop.rs:83:17 - Attempt to drop group privileges failed: still root
2024-02-06 20:49:20.330 Thd1: ERROR: PanicHandler:    0: <node_lib::server_initializer::LoggerInitializerWrapperReal as node_lib::server_initi
alizer::LoggerInitializerWrapper>::init::{{closure}}
1: std::panicking::rust_panic_with_hook
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:702:17
2: std::panicking::begin_panic_handler::{{closure}}
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:586:13
3: std::sys_common::backtrace::__rust_end_short_backtrace
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/sys_common/backtrace.rs:138:18
4: rust_begin_unwind
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:584:5
5: core::panicking::panic_fmt
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/core/src/panicking.rs:142:14
6: <node_lib::privilege_drop::PrivilegeDropperReal as node_lib::privilege_drop::PrivilegeDropper>::drop_privileges
7: <node_lib::server_initializer::ServerInitializerReal as node_lib::run_modes_factories::ServerInitializer>::go
8: <node_lib::run_modes::RunnerReal as node_lib::run_modes::Runner>::run_node
9: node_lib::run_modes::RunModes::go
10: node_lib::sub_lib::main_tools::main_with_args
11: MASQNode::main
12: std::sys_common::backtrace::__rust_begin_short_backtrace
13: std::rt::lang_start::{{closure}}
14: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/core/src/ops/function.rs:280:13
std::panicking::try::do_call
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:492:40
std::panicking::try
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:456:19
std::panic::catch_unwind
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panic.rs:137:14
std::rt::lang_start_internal::{{closure}}
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/rt.rs:128:48
std::panicking::try::do_call
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:492:40
std::panicking::try
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:456:19
std::panic::catch_unwind
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panic.rs:137:14
std::rt::lang_start_internal
at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/rt.rs:128:20
15: main
16: <unknown>
17: __libc_start_main
18: _start
==========================
the config.toml that is used looks like that (variables are replaced when it is written by the script):
real-user="${REALUSER}"
dns-servers="${DNS_SERVERS}"
db-password="${DB_PASSWD}"
chain="${CHAIN}"
clandestine-port="${CLANDESTINE_PORT}"
log-level="${LOG_LEVEL}"
blockchain-service-url="${BLOCKCHAIN_SERVICE_URL}"
neighborhood-mode="zero-hop"
gas-price="50"
==========================
note: after configuration is done, there will be used a more complete config.toml, but it crashes with the privilege drop error here already.
February 6, 2024
KauriHero
marked this post as
under review