How to use ncdns with RPC cookie on Linux?

Post Reply
redblade7
Posts: 3
Joined: Mon Mar 12, 2018 7:09 pm
os: linux

How to use ncdns with RPC cookie on Linux?

Post by redblade7 » Mon Mar 12, 2018 8:25 pm

Hi,

I am trying to set up ncdns on Linux with RPC cookie authentication (as on Windows), but am unable to:

1. Let's call the user/group of the Namecoin Core user nmcuser:nmcuser
2. I created a separate user/group for ncdns, let's call it ncdns:ncdns
3. I added user nmcuser to group ncdns
4. I created an /etc/ncdns folder, belonging to ncdns:ncdns, permissions 770.
5. The ncdns.conf is in this folder.
6. When running Namecoin Core with cookie authentication, the cookie is /etc/ncdns/.cookie

However, ncdns will not work, as the .cookie belongs to nmcuser:nmcuser and is marked 600.
It will work properly if ncdns is run as nmcuser:nmcuser, but I'd imagine that wouldn't be a good idea.

Is there someplace I need to put the cookie for this setup to work on Linux, or do I have to use username/password authentication instead?

Thank you!

biolizard89
Posts: 1971
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: How to use ncdns with RPC cookie on Linux?

Post by biolizard89 » Thu Mar 15, 2018 3:19 pm

redblade7 wrote:
Mon Mar 12, 2018 8:25 pm
Hi,

I am trying to set up ncdns on Linux with RPC cookie authentication (as on Windows), but am unable to:

1. Let's call the user/group of the Namecoin Core user nmcuser:nmcuser
2. I created a separate user/group for ncdns, let's call it ncdns:ncdns
3. I added user nmcuser to group ncdns
4. I created an /etc/ncdns folder, belonging to ncdns:ncdns, permissions 770.
5. The ncdns.conf is in this folder.
6. When running Namecoin Core with cookie authentication, the cookie is /etc/ncdns/.cookie

However, ncdns will not work, as the .cookie belongs to nmcuser:nmcuser and is marked 600.
It will work properly if ncdns is run as nmcuser:nmcuser, but I'd imagine that wouldn't be a good idea.

Is there someplace I need to put the cookie for this setup to work on Linux, or do I have to use username/password authentication instead?

Thank you!
This sounds like an issue in upstream Bitcoin Core. Can you check whether this issue exists in Bitcoin Core (and please include the version of Bitcoin Core that you test with)?
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

redblade7
Posts: 3
Joined: Mon Mar 12, 2018 7:09 pm
os: linux

Re: How to use ncdns with RPC cookie on Linux?

Post by redblade7 » Thu Mar 15, 2018 10:50 pm

biolizard89 wrote:
Thu Mar 15, 2018 3:19 pm
redblade7 wrote:
Mon Mar 12, 2018 8:25 pm
Hi,

I am trying to set up ncdns on Linux with RPC cookie authentication (as on Windows), but am unable to:

1. Let's call the user/group of the Namecoin Core user nmcuser:nmcuser
2. I created a separate user/group for ncdns, let's call it ncdns:ncdns
3. I added user nmcuser to group ncdns
4. I created an /etc/ncdns folder, belonging to ncdns:ncdns, permissions 770.
5. The ncdns.conf is in this folder.
6. When running Namecoin Core with cookie authentication, the cookie is /etc/ncdns/.cookie

However, ncdns will not work, as the .cookie belongs to nmcuser:nmcuser and is marked 600.
It will work properly if ncdns is run as nmcuser:nmcuser, but I'd imagine that wouldn't be a good idea.

Is there someplace I need to put the cookie for this setup to work on Linux, or do I have to use username/password authentication instead?

Thank you!
This sounds like an issue in upstream Bitcoin Core. Can you check whether this issue exists in Bitcoin Core (and please include the version of Bitcoin Core that you test with)?
I don't understand, you mean see if Bitcoin Core creates a cookie that's 600 and owned by the Bitcoin-Core-running user? What permissions should it have?

biolizard89
Posts: 1971
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: How to use ncdns with RPC cookie on Linux?

Post by biolizard89 » Tue Mar 20, 2018 10:23 am

redblade7 wrote:
Thu Mar 15, 2018 10:50 pm
biolizard89 wrote:
Thu Mar 15, 2018 3:19 pm
This sounds like an issue in upstream Bitcoin Core. Can you check whether this issue exists in Bitcoin Core (and please include the version of Bitcoin Core that you test with)?
I don't understand, you mean see if Bitcoin Core creates a cookie that's 600 and owned by the Bitcoin-Core-running user?
Yes. The cookie authentication code is part of Bitcoin Core; Namecoin Core doesn't have any patches against that code (as far as I'm aware). If Bitcoin Core's cookie file is always only accessible by the Bitcoin Core user, that seems like a bug that should be filed against Bitcoin Core.
redblade7 wrote:
Thu Mar 15, 2018 10:50 pm
What permissions should it have?
I don't know exactly what the "correct" behavior should be, but it seems to me that it should definitely be possible to configure Bitcoin Core to allow a subset of the users besides the user running Bitcoin Core to read the cookie file. The exact choice of how to configure this and what its behavior is, would be chosen by the Bitcoin Core developers, not us. (And I suspect they'll come up with a better policy than we would, since they have many more people doing peer review.)
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply