yggdrasil-network / yggdrasil-go

An experiment in scalable routing as an encrypted IPv6 overlay network

https://yggdrasil-network.github.io

Other

3.53k stars 242 forks source link

Bug Report: yggdrasilctl on macOS is owned by root, requires sudo #417

Open jasikpark opened 5 years ago

jasikpark commented 5 years ago

Steps to reproduce

Install via the .pkg installer from https://yggdrasil-network.github.io/builds.html
Follow the FAQ and run yggdrasilctl getPeers expecting myself and a list of other peers to be printed.
Get error:

2019/05/13 00:45:54 Found platform default config file /etc/yggdrasil.conf
2019/05/13 00:45:54 Using endpoint unix:///var/run/yggdrasil.sock from AdminListen
2019/05/13 00:45:54 Connecting to UNIX socket /var/run/yggdrasil.sock
2019/05/13 00:45:54 Fatal error: dial unix /var/run/yggdrasil.sock: connect: permission denied

Versions

macOS 10.14.4 yggdrasil 0.3.5 - https://880-115685026-gh.circle-artifacts.com/0/yggdrasil-0.3.5-macos-amd64.pkg

Mikaela commented 5 years ago

Is your user allowed to access /var/run/yggdrasil.sock ? Does it work with sudo?

jasikpark commented 5 years ago

that seems to be the problem. oh cool are you Mikaela from chat:privacytools.io? i'm @dan:privacytools.io on there - saw you promoting yggdrasil and finally decided to try it out

                                       bytes_recvd  bytes_sent  endpoint  port  proto  uptime  
1111yggdrasil ip address111111  0            0           (self)    0     self   00:25:04

jasikpark commented 5 years ago

how would i fix that?

ls -l /var/run/yggdrasil.sock
srwSrw----  1 root  daemon  0 May 13 00:43 /var/run/yggdrasil.sock

I would do chmod a+s /var/run/yggdrasil.sock no?

Arceliar commented 5 years ago

I would assume that chmod would work, as should running sudo yggdrasilctl. I think the correct thing to do, ideally, is to run yggdrasil as an unprivileged user (setcap the binary as needed, to let it create/use the tun/tap) and then add your user account to the same group, but I don't think the packages are set up to do that, and I'm too lazy to do it myself on my own machines, so honestly I just sudo everything 99% of the time...

jasikpark commented 5 years ago

yeah.... i'm just going to make myself use sudo all the time rather than actually figure it out. Someday maybe I'll make a PR for the mac installer and then I'll actually do it and try to make that the default.

neilalexander commented 5 years ago

Part of the problem is that macOS doesn't have setcap in the way that we do on Linux, so on macOS, Yggdrasil runs as root. The benefit it provides though is that unprivileged users can't yggdrasilctl to drop peers or change anything else, so there's that.

LimpingK commented 8 months ago

I had the same problem. I used sudo to change permissions from root to user and I could add peers to yggdrasil.conf But next problem is: k_kirill@M1-MacBook-Air ~ % yggdrasilctl getPeers 2024/02/11 13:03:24 Configuration file doesn't contain appropriate AdminListen option 2024/02/11 13:03:24 Falling back to platform default unix:///var/run/yggdrasil.sock 2024/02/11 13:03:24 Connecting to UNIX socket /var/run/yggdrasil.sock 2024/02/11 13:03:24 Fatal error: dial unix /var/run/yggdrasil.sock: connect: no such file or directory