[Nfd-dev] Starting NFD locally from compiled sources.

Steve DiBenedetto dibenede at cs.colostate.edu
Fri May 15 08:41:37 PDT 2015 

On Fri, May 15, 2015 at 8:21 AM, Anil Jangam <anilj.mailing at gmail.com>
wrote:

> Attached it here Steve.
>
> Its the same one I get which is available when you installed nfd from
> precompiled binary (sudo apt-get install nfd). So when I compile nfd from
> sources, its the latest code, and I am not sure which version precompiled
> binary is. Does configuration different between the two?
>

They are. Specifically, the binary release's config expects the some
pre-authorized certificates to live /etc/ndn/certs (this is specified in in
the nfd.conf with a relative path).

I think I can reproduce your original directory permissions problem: fresh
install with the NFD 0.3.2 ubuntu package seems to create the ~/.ndn
directory as belonging to root. The package's nfd.conf tells NFD to drop
permissions at runtime to the "ndn" user and group. This then blows up with
your original error when you try to start NFD. However, if you change the
config file to specify "root" as the user and group (or just comment out
the entire general section), it should get past that problem.

I'm less certain about your second problem: "Error in setting interest
filter (/localhost/nfd/rib): Unauthorized command". That's coming from the
rib management portion that I'm less familiar with.


> My next step is to run the nfd in debug mode. Can you please also suggest
> steps for the same? Preferably debug nfd in Eclipse.
>

You're using CDT, correct?

>From your original question, it should be possible to run NFD without
root/sudo. You need to make a few changes to your config files:

nfd.conf:
1. change the default unix socket path to something you have access to
(e.g. /tmp/nfd.sock)
2. comment out the entire "ether" subsection
3. comment out the entire general section (there's no need to drop
permissions anymore)

client.conf:
1. update unix socket path to whatever you did in #1 of nfd.conf


> /anil.
>
>
> On Fri, May 15, 2015 at 5:47 AM, Steve DiBenedetto <
> dibenede at cs.colostate.edu> wrote:
>
>> From your original message, it looks like you're trying to run NFD with a
>> custom configuration file. Could you please post it? I'm wondering if
>> there's a problem with the security/authorization settings.
>>
>> On Thu, May 14, 2015 at 11:29 PM, Anil Jangam <anilj.mailing at gmail.com>
>> wrote:
>>
>>> Or is it the case that nfd-start internally starts the nfd as superuser
>>> (sudo), and it is expecting the group and ownership accordingly. All the
>>> files under /home/anilj1/.ndn belongs to different user and group than
>>> root.
>>>
>>> /anil.
>>>
>>> On Thu, May 14, 2015 at 10:26 PM, Anil Jangam <anilj.mailing at gmail.com>
>>> wrote:
>>>
>>>> Well, just to be sure, I gave 777 as follows..
>>>>
>>>> anilj1 at insp5521:~/sandbox/NFD$ ls -Rl /home/anilj1/.ndn
>>>> /home/anilj1/.ndn:
>>>> total 32
>>>> -rwxrwxrwx 1 anilj1 anilj1   985 May 14 22:22 client.conf
>>>> -rwxrwxrwx 1 anilj1 anilj1 18432 May  5 00:17 ndnsec-public-info.db
>>>> drwxrwxrwx 2 anilj1 anilj1  4096 May  5 00:17 ndnsec-tpm-file
>>>>
>>>> /home/anilj1/.ndn/ndnsec-tpm-file:
>>>> total 20
>>>> -rwxrwxrwx 1 anilj1 anilj1 1643 Apr 26 12:35
>>>> %JAmVmylSjFZutfeCI1dUvGgM+kOffJmUp3kLgktBVQ=.pri
>>>> -rwxrwxrwx 1 anilj1 anilj1  398 Apr 26 12:35
>>>> %JAmVmylSjFZutfeCI1dUvGgM+kOffJmUp3kLgktBVQ=.pub
>>>> -rwxrwxrwx 1 anilj1 anilj1  208 May  5 00:17 mapping.txt
>>>> -rwxrwxrwx 1 anilj1 anilj1 1643 May  5 00:17
>>>> rkDt+b7SPQxsx4yL3t%bB4fou2FT1DzhKcpYWfe6Hwo=.pri
>>>> -rwxrwxrwx 1 anilj1 anilj1  398 May  5 00:17
>>>> rkDt+b7SPQxsx4yL3t%bB4fou2FT1DzhKcpYWfe6Hwo=.pub
>>>>
>>>>
>>>> But still the same error.
>>>>
>>>> 1431667575.326153 INFO: [RemoteRegistrator] Load remote_register
>>>> section in rib section
>>>> 1431667575.326258 INFO: [RibManager] Listening on: /localhost/nfd/rib
>>>> 1431667575.334410 INFO: [RibManager] Start monitoring face
>>>> create/destroy events
>>>> 1431667575.345949 FATAL: [NFD] Error in setting interest filter
>>>> (/localhost/nfd/rib): Unauthorized command
>>>>
>>>>
>>>> /anil.
>>>>
>>>>
>>>>
>>>> On Thu, May 14, 2015 at 10:13 PM, Lan Wang (lanwang) <
>>>> lanwang at memphis.edu> wrote:
>>>>
>>>>>  What about adding w permission to the user and r permission to group
>>>>> and other?
>>>>>
>>>>> Lan
>>>>>
>>>>>  On May 15, 2015, at 12:10 AM, Anil Jangam <anilj.mailing at gmail.com>
>>>>>  wrote:
>>>>>
>>>>>  Hi Prof Wang,
>>>>>
>>>>>  Ok.. it was: -r-------- 1 anilj1 anilj1 1643 Apr 26 12:35
>>>>> %JAmVmylSjFZutfeCI1dUvGgM+kOffJmUp3kLgktBVQ=.pri
>>>>>
>>>>>  After added READ permissions to all, it is now throwing following
>>>>> errorr.
>>>>>
>>>>>  1431666355.351034 INFO: [RemoteRegistrator] Load remote_register
>>>>> section in rib section
>>>>> 1431666355.351254 INFO: [RemoteRegistrator] Load remote_register
>>>>> section in rib section
>>>>> 1431666355.351316 INFO: [RibManager] Listening on: /localhost/nfd/rib
>>>>> 1431666355.358148 INFO: [RibManager] Start monitoring face
>>>>> create/destroy events
>>>>> 1431666355.370436 FATAL: [NFD] Error in setting interest filter
>>>>> (/localhost/nfd/rib): Unauthorized command
>>>>>
>>>>>  Ideally, I am trying to run the 'nfd' in debug mode, either from
>>>>> Eclipse or from command line gdb, to do a step wise execution. I want to
>>>>> understand certain part of the code. Any pointers for this case will help.
>>>>>
>>>>>  /anil.
>>>>>
>>>>>
>>>>> On Thu, May 14, 2015 at 9:57 PM, Lan Wang (lanwang) <
>>>>> lanwang at memphis.edu> wrote:
>>>>>
>>>>>> What are the permissions of the .ndn directory and the files in it?
>>>>>>
>>>>>> Lan
>>>>>>
>>>>>>  On May 14, 2015, at 11:45 PM, Anil Jangam <anilj.mailing at gmail.com>
>>>>>>  wrote:
>>>>>>
>>>>>>   Hi,
>>>>>>
>>>>>>  I am attempting to run 'nfd' from compiled binary. However, I am
>>>>>> running into a following problem. (see the last line).
>>>>>>
>>>>>>  sudo ./build/bin/nfd --config ./ndn_conf/nfd.conf
>>>>>> 1431664563.044290 INFO: [StrategyChoice] setDefaultStrategy
>>>>>> /localhost/nfd/strategy/best-route/%FD%03
>>>>>> 1431664563.044910 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/fib
>>>>>> 1431664563.045027 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/faces
>>>>>> 1431664563.045111 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/strategy-choice
>>>>>> 1431664563.045207 INFO: [InternalFace] registering callback for
>>>>>> /localhost/nfd/status
>>>>>> 1431664563.045289 INFO: [FaceTable] Added face id=1
>>>>>> remote=internal:// local=internal://
>>>>>> 1431664563.049813 INFO: [CommandValidator] Giving privilege "faces"
>>>>>> to identity /localhost/daemons/nfd/ksk-1430084088432
>>>>>> 1431664563.049861 INFO: [CommandValidator] Giving privilege "fib" to
>>>>>> identity /localhost/daemons/nfd/ksk-1430084088432
>>>>>> 1431664563.049886 INFO: [CommandValidator] Giving privilege
>>>>>> "strategy-choice" to identity /localhost/daemons/nfd/ksk-1430084088432
>>>>>> 1431664563.049917 WARNING: [CommandValidator] Wildcard identity is
>>>>>> intended for demo purpose only and SHOULD NOT be used in production
>>>>>> environment
>>>>>> 1431664563.049943 INFO: [CommandValidator] Giving privilege "faces"
>>>>>> to identity wildcard
>>>>>> 1431664563.049969 INFO: [CommandValidator] Giving privilege
>>>>>> "strategy-choice" to identity wildcard
>>>>>> 1431664563.050159 INFO: [TablesConfigSection] Setting CS max packets
>>>>>> to 65536
>>>>>> 1431664563.050738 INFO: [MulticastUdpFace] [id=-1,local=udp4://
>>>>>> 10.0.0.37:56363,remote=udp4://224.0.23.170:56363] Creating face
>>>>>> 1431664563.050818 INFO: [FaceTable] Added face id=256 remote=udp4://
>>>>>> 224.0.23.170:56363 local=udp4://10.0.0.37:56363
>>>>>> 1431664563.053394 INFO: [EthernetFace] [id=-1,local=
>>>>>> dev://wlan0,remote=ether://[01:00:5e:00:17:aa]] Creating face on
>>>>>> wlan0/60:36:dd:a8:11:73
>>>>>> 1431664563.081330 INFO: [FaceTable] Added face id=257 remote=
>>>>>> ether://[01:00:5e:00:17:aa] local=dev://wlan0
>>>>>> 1431664563.090395 INFO: [EthernetFace] [id=-1,local=
>>>>>> dev://eth0,remote=ether://[01:00:5e:00:17:aa]] Creating face on
>>>>>> eth0/e0:db:55:d6:eb:e3
>>>>>> 1431664563.105145 INFO: [FaceTable] Added face id=258 remote=
>>>>>> ether://[01:00:5e:00:17:aa] local=dev://eth0
>>>>>> 1431664563.115727 INFO: [CommandValidator] Giving privilege "faces"
>>>>>> to identity /localhost/daemons/nfd/ksk-1430084088432
>>>>>> 1431664563.116162 INFO: [CommandValidator] Giving privilege "fib" to
>>>>>> identity /localhost/daemons/nfd/ksk-1430084088432
>>>>>> 1431664563.116575 INFO: [CommandValidator] Giving privilege
>>>>>> "strategy-choice" to identity /localhost/daemons/nfd/ksk-1430084088432
>>>>>> 1431664563.116942 WARNING: [CommandValidator] Wildcard identity is
>>>>>> intended for demo purpose only and SHOULD NOT be used in production
>>>>>> environment
>>>>>> 1431664563.117065 INFO: [CommandValidator] Giving privilege "faces"
>>>>>> to identity wildcard
>>>>>> 1431664563.117297 INFO: [CommandValidator] Giving privilege
>>>>>> "strategy-choice" to identity wildcard
>>>>>> 1431664563.117670 INFO: [FaceTable] Added face id=255 remote=null://
>>>>>> local=null://
>>>>>> 1431664563.122135 INFO: [FaceTable] Added face id=254
>>>>>> remote=contentstore:// local=contentstore://
>>>>>> 1431664563.124781 INFO: [PrivilegeHelper] dropped to effective
>>>>>> uid=116 gid=126
>>>>>> 1431664563.127378 INFO: [UnixStreamFace] [id=-1,local=
>>>>>> unix:///run/nfd.sock,remote=fd://25] Creating face
>>>>>> 1431664563.127473 INFO: [FaceTable] Added face id=259 remote=fd://25
>>>>>> local=unix:///run/nfd.sock
>>>>>> 1431664563.127904 FATAL: [NFD] FileStore: error opening file for
>>>>>> reading:
>>>>>> /home/anilj1/.ndn/ndnsec-tpm-file/%JAmVmylSjFZutfeCI1dUvGgM+kOffJmUp3kLgktBVQ=.pri
>>>>>>
>>>>>>  I also tried after changing the grp and owner of
>>>>>> the /home/anilj1/.ndn to 'root' but yet it did not help. Is something
>>>>>> missing here?
>>>>>>
>>>>>>  One thing I am not sure when the .ndn folder is created? Is it
>>>>>> created first time by the nfd process after it is started? What if I remove
>>>>>> this folder before I start nfd locally?
>>>>>>
>>>>>>  Also is it possible to run nfd from a local user and not with sudo
>>>>>> proviledges?
>>>>>>
>>>>>>  /anil.
>>>>>>
>>>>>>    _______________________________________________
>>>>>> Nfd-dev mailing list
>>>>>> Nfd-dev at lists.cs.ucla.edu
>>>>>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> Nfd-dev mailing list
>>> Nfd-dev at lists.cs.ucla.edu
>>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150515/bf095caf/attachment.html>

More information about the Nfd-dev mailing list