NFD

ERROR: [Main] Error: Failed to read configuration file: /usr/local/etc/nfd/nfd.conf

Traditionally, configuration files are placed in /etc/, not in /usr/local/etc.

So the default configuration path should be /etc/ndn/nfd.conf.

I don't currently have any objections to requiring root to install NFD and placing the sample configuration under /etc/ndn. However, the default configuration should not require root to run. My understanding is this requirement comes from:

• /private/var/run/nfd.sock
• Ethernet faces/channels

Can we move nfd.sock to /tmp and comment out the ether section by default?

20140313 conference call decides:

• If NFD is installed by package manager,
  • NFD is started by ndn user, created during installation
  • NFD binary is granted CAP_NET_RAW privilege
  • UNIX socket is in /var/run/ndn/nfd.sock; the directory /var/run/ndn is owned by ndn user
• If NFD is installed by ./waf install
  • NFD can be started by any user
  • NFD binary is granted CAP_NET_RAW privilege
  • UNIX socket is in /tmp/nfd.sock
• /etc/ndn/client.conf contains the UNIX socket path, which is read by client libraries

Junxiao Shi wrote:

NFD binary is granted SOCK_RAW privilege

File capabilities might not be available on every system. In case they're not available at install time, we must fallback to running nfd as root (and possibly drop privileges later).

UNIX socket is in /var/run/ndn/nfd.sock; the directory /var/run/ndn is owned by ndn user

Who creates the ndn dir in /var/run?

• If NFD is installed by ./waf install
  • NFD can be started by any user
  • NFD binary is granted SOCK_RAW privilege

Again, file caps might not be available...

Both ndn user and /var/run/ndn directory are created by installation script.

File capabilities is only needed on linux, and is supported by Ubuntu 12.04 (the only required platform).

Junxiao Shi wrote:

Both ndn user and /var/run/ndn directory are created by installation script.

That won't work. On modern linux distros /var/run is a symlink to /run, which is a tmpfs. This means that the ndn directory will be gone after the first reboot. Therefore either the init script or nfd itself must create it. If nfd creates it, this implies that it must be started as root, create the dir, and only then drop its privileges.

File capabilities is only needed on linux, and is supported by Ubuntu 12.04 (the only required platform).

File caps rely on extended attributes (xattr), and not all file systems support extended attributes.

If setcap is not guaranteed to be available, it's better to require starting nfd process with root.

During initialization, nfd process should:

1. process configuration file: create UNIX listener in /var/run/nfd.sock, and open pcap sessions
2. if configuration file specifies UID to change into, seteuid to that UID
   (setuid is not feasible, because a future version may allow creating new pcap sessions when additional NIC is enabled)

I think we are conflicting different things here. We can do whatever we need when NFD is installed as a package (including dependency on setcap) and uses upstart. We will be root during startup, can create everything that we need and then drop privileges.

The "problem" comes from a non-packaged install, for which we can just write a README.

Sure NFD can require setcap command to exist.

However, as note-8 said, if the filesystem on which NFD is installed (/usr/local) does not support extended attributes, setcap will not work on this filesystem, so that NFD would not get CAP_NET_RAW.

NFD should always start as root.

Package manager can create a ndn user, and the configuration would make NFD seteuid(ndn).

Manually installation cannot create new users, so NFD will continue to run as root.

Under this proposal, UNIX listener can sit in /var/run, and setcap isn't needed.

ok.. that would simplify things

Junxiao Shi wrote:

Manually installation cannot create new users, so NFD will continue to run as root.

You still can (and should) fallback to user nobody, which exists on all linux distros and on OS X.

Manually installation cannot create new users, so NFD will continue to run as root.

Under this proposal, UNIX listener can sit in /var/run, and setcap isn't needed.

Requiring the default configuration to run as root should not be considered a valid option.

To look at this another way "manual installation" means "anything other than Ubuntu >= 12.04 or OS X >= 10.8 (via macports)", right? My group's lab is finishing a transition to CentOS. My department's lab machines are Fedora. This is going to cause problems for us, and I have to imagine other institutions, when it comes to using NFD for research and course projects due to security policy.

What's going to happen when it comes time for the government labs and others to run NFD as part of the atmospheric science project?

I'm concerned the number manual installations is being grossly underestimated. The socket should stay under /tmp.

Ethernet support should also be commented out by default. I understand that the face manager gracefully handles ethernet face creation failures, but it is not user friendly to generate error messages during startup. This will cause people to seek support and has already happened locally when trying to get others started on NFD development.

Manual installation still means installation on a supported platform.
Anything other than listed platforms are not supported.

/var/run is the proper place for UNIX listeners on these supported platforms.

NFD is system software (like bind, nginx, etc), so it should start as root.

Junxiao Shi wrote:

Manual installation still means installation on a supported platform.
Anything other than listed platforms are not supported.

That was not the original story we were told before the first January NFD meeting at UCLA. "Supported" meant "has pre-built packages" and everything else, within reason, could compile from source.

This is a research project and people will be modifying/extending NFD to test new ideas. That implies manual installation even though the platform may be "supported." Research code should not be running as root.

/var/run is the proper place for UNIX listeners on these supported platforms.

NFD is system software (like bind, nginx, etc), so it should start as root.

nginx/bind etc. need to start up as root because they need to bind to a port < 1024. They are also well established, production quality, applications and were probably not designed for research.

20140316 conference call decides:

• UNIX listener is /var/run/nfd.sock
• Ethernet is enabled by default
• nfd program is installed with SetUID-root
• nfd program can be started by regular user
• nfd program should seteuid(ndn_user) after initialization