[sslh] setsockopt: Operation not permitted when using init.d
Yves Rutschle
yves at naryves.com
Sat Sep 21 21:29:29 CEST 2013
On Sat, Sep 21, 2013 at 03:45:24AM -0500, Matt Okeson-Harlow wrote:
> When attempting to run sslh using /etc/init.d/sslh on ubuntu I get the error:
> setsockopt: Operation not permitted
> soon after it launches and no connections to port 443 work.
>
> ### ps -f -U sslh -u sslh
> UID PID PPID C STIME TTY TIME CMD
> sslh 13230 1 0 02:25 ? 00:00:00 /usr/sbin/sslh-fork --user sslh --pidfile /var/run/sslh.pid -p 172.27.1.3 443 --ssh 172.27.1.3 2443 --ssl 172.27.1.3 1443 --openvpn 172.27.1.3 1195 --transparent
> sslh 13232 13230 0 02:25 ? 00:00:00 /usr/sbin/sslh-fork --user sslh --pidfile /var/run/sslh.pid -p 172.27.1.3 443 --ssh 172.27.1.3 2443 --ssl 172.27.1.3 1443 --openvpn 172.27.1.3 1195 --transparent
> ###
>
> If I run the command using sudo, it works and gives no error.
I'm guessing you haven't given the executable the capability
to bind to admin ports and to do transparent proxying, as
described in the README; as root, do:
# setcap cap_net_bind_service,cap_net_admin+pe /usr/sbin/sslh-fork
If that works and you installed from Ubuntu's package, and
the package runs sslh with --transparent, then it is a
package bug and you should report to the appropriate
authorities.
Cheers,
Y.
More information about the sslh
mailing list