# ddclient: damned if you do, damned if you don't

## Gentree

Hi,

after updating world last (ie most of last week) I notice that ddclient is displaying a message during boot and is not starting. 

I ran /etc/init.d/ddclient start  and could see the message was saying ddclient.conf should not be world readable and exiting without starting the client. 

```
bash-4.2#/etc/init.d/ddclient start

 * /etc/ddclient/ddclient.conf must not be world or group readable. Try:

 *     chmod 600 /etc/ddclient/ddclient.conf

 *     chown ddclient:ddclient /etc/ddclient/ddclient.conf

 * ERROR: ddclient failed to start

```

This is new. It is not clear why this is a show stopper. 

So I followed the suggestion 

```
 chmod 600 /etc/ddclient/ddclient.conf

```

But now it fails to start because it can't read it !!

```

bash-4.2#/etc/init.d/ddclient start

 * Making /run/ddclient ...                                                                               [ ok ]

 * Changing permissions of /run/ddclient ...                                                              [ ok ]

 * Starting ddclient ...

WARNING:  file /etc/ddclient/ddclient.conf: Cannot open file '/etc/ddclient/ddclient.conf'. (Permission denied)

stat() on closed filehandle FD at /usr/sbin/ddclient line 986.

Use of uninitialized value $mode in bitwise and (&) at /usr/sbin/ddclient line 987.

readline() on closed filehandle FD at /usr/sbin/ddclient line 999.

WARNING:  file /etc/ddclient/ddclient.conf: Cannot open file '/etc/ddclient/ddclient.conf'. (Permission denied)

stat() on closed filehandle FD at /usr/sbin/ddclient line 986.

Use of uninitialized value $mode in bitwise and (&) at /usr/sbin/ddclient line 987.

readline() on closed filehandle FD at /usr/sbin/ddclient line 999.

WARNING:  file /var/cache/ddclient/ddclient.cache, line 1: program version mismatch; ignoring /var/cache/ddclient/ddclient.cache

 * start-stop-daemon: failed to start `/usr/sbin/ddclient'                                                [ !! ]

 * ERROR: ddclient failed to start

```

So what's the game? Should it be group readable like it was before or not ?

TIA, Gentree.   :Cool: 

----------

## khayyam

 *Gentree wrote:*   

> 
> 
> ```
> bash-4.2#/etc/init.d/ddclient start
> 
> ...

 

Gentree ... you omited change owner ...

```
chown ddclient:ddclient /etc/ddclient/ddclient.conf
```

best ... khay

----------

## PaulBredbury

Haha, I remember this farce. I'm flabbergasted that this is still an issue  :Shocked: 

Seems that someone decided to drop my reasonable security patch.

ddclient has strange security behaviour, as default. I run it as user ddclient, group ddclient (not in Gentoo).

This is the patch I'm using:

```
diff -Naur ddclient-3.8.1.orig/ddclient ddclient-3.8.1/ddclient

--- ddclient-3.8.1.orig/ddclient   2011-07-12 04:04:21.000000000 +0700

+++ ddclient-3.8.1/ddclient   2012-06-28 16:02:32.676981665 +0700

@@ -982,16 +982,6 @@

    # fatal("Cannot open file '%s'. ($!)", $file);

    warning("Cannot open file '%s'. ($!)", $file);

     }

-    # Check for only owner has any access to config file

-    my ($dev, $ino, $mode, @statrest) = stat(FD);

-    if ($mode & 077) {                          

-   if (-f FD && (chmod 0600, $file)) {

-       warning("file $file must be accessible only by its owner (fixed).");

-   } else {

-       # fatal("file $file must be accessible only by its owner.");

-       warning("file $file must be accessible only by its owner.");

-   }

-    }

 

     local $lineno       = 0;

     my    $continuation = '';

@@ -2497,7 +2487,6 @@

       

       } elsif (exists $errors{$status}) {

           if ($status eq 'nochg') {

-         warning("updating %s: %s: %s", $h, $status, $errors{$status});

          $config{$h}{'ip'}     = $ip;

              $config{$h}{'mtime'}  = $now;

          $config{$h}{'status'} = 'good';
```

----------

## Gentree

thanks khay, having spent most of my time this week trying to update this system my attention to detail is showing signs of fatigue.

----------

