Page 1 of 1
[SOLVED] ssl with root only
Posted: July 1st, 2009, 3:56 pm
by splususer
I know that running sabnzbd on embedded device is not supported but I try anyway. I am trying to run sabnzbd in WD TV HD media player. If I run sabnzd under root with SSL enabled , it's OK . But I want to run it under normal user acct sabuser I got
there isn't anything helpful in log file. run sanbzd under sabuser without SSL is OK too. Is there anything I should check ?
TIA
Re: ssl with root only
Posted: July 2nd, 2009, 1:46 am
by shypike
On Linux systems the lower port numbers require root privileges.
You should use a higher port number.
So 80 is off-limits for a user account, but apparently 443 is not.
(I'm not sure at which port the separation is.)
Re: ssl with root only
Posted: July 2nd, 2009, 10:46 am
by splususer
I wasn't clear in my first post . I can connect with port 119 under normal user but not SSL ports 443 or 563.
Re: ssl with root only
Posted: July 2nd, 2009, 2:01 pm
by shypike
I mistook your complaint as a problem with SABnzbd webserver.
(Should have known, since 0.4.x does not support a https web-server).
Are you sure your system has OpenSSL and PyOpenSSL correctly installed?
We rely on that for SSL communication.
The port permissions that I mentioned do not apply for communicating with the Usenet servers.
Re: ssl with root only
Posted: July 2nd, 2009, 5:46 pm
by switch
When you run SABnzbd as your desired user, does it says SSL is disabled on the config>servers page. Check your startup logging to see if it sees pyOpenSSL like it does when you run it as root.
Re: ssl with root only
Posted: July 6th, 2009, 12:17 pm
by splususer
switch wrote:
When you run SABnzbd as your desired user, does it says SSL is disabled on the config>servers page.
no, there is SSL box that I can check.
Check your startup logging to see if it sees pyOpenSSL like it does when you run it as root.
same as root .
Code: Select all
2009-07-06 10:07:17,578::INFO::All processes started
2009-07-06 10:07:17,633::INFO::_yenc module... found!
2009-07-06 10:07:17,646::INFO::celementtree module... found!
2009-07-06 10:07:17,659::INFO::par2 binary... found (/opt/bin/par2)
2009-07-06 10:07:17,672::INFO::unrar binary... found (/opt/bin/unrar)
2009-07-06 10:07:17,686::INFO::unzip binary... found (/bin/unzip)
2009-07-06 10:07:17,704::INFO::nice binary... found (/bin/nice)
2009-07-06 10:07:17,717::INFO::ionice binary... NOT found!
2009-07-06 10:07:17,731::INFO::pyOpenSSL... found (True)
2009-07-06 10:07:17,786::INFO::Web dir is /opt/share/SABnzbd/interfaces/Default
2009-07-06 10:07:18,342::INFO::Starting SABnzbd.py-0.4.11
2009-07-06 10:07:18,382::INFO::Starting web-interface on :8080
2009-07-06 10:07:18,371::INFO::[nzbqueue] Saving queue
Is there a python script that I can test SSL connection ? I saw /opt/lib/python2.5/site-packages/OpenSSL/test/test_ssl.py but I am not sure if it the one or how to use it.
TIA
Re: ssl with root only
Posted: July 6th, 2009, 1:04 pm
by splususer
problem is not from sabnzbd but I don't know python so I ask here if any developer can give me a hint .
I found a script to test.
Code: Select all
#!/opt/bin/python2.5 -OO
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('ssl.example.com', 443))
sslSocket = socket.ssl(s)
print repr(sslSocket.server())
print repr(sslSocket.issuer())
sslSocket.write('Hello secure socket\n')
s.close()
run as root it prints out the cert but run as normal user give me a traceback.
Code: Select all
Traceback (most recent call last):
File "./test.py", line 6, in <module>
sslSocket = socket.ssl(s)
File "/opt/lib/python2.5/socket.py", line 79, in ssl
return _realssl(sock, keyfile, certfile)
socket.sslerror: (8, 'EOF occurred in violation of protocol')
TIA
Re: [SOLVED] ssl with root only
Posted: July 6th, 2009, 4:55 pm
by splususer
there is permission problem with /dev/random (default setup with wdlxtv firmware). normal user doesn't have read permission .
Re: [SOLVED] ssl with root only
Posted: July 6th, 2009, 7:07 pm
by splususer
(note to myself)
and /dev/null without read permission will not let sabnzbd run as daemon.
Re: [SOLVED] ssl with root only
Posted: July 7th, 2009, 2:02 am
by switch
Glad you got the issue sorted out.