Bug 253858 - security/trousers ERROR: TCSD config file (/usr/local/etc/tcsd.conf) must be user/group root/_tss
Summary: security/trousers ERROR: TCSD config file (/usr/local/etc/tcsd.conf) must be ...
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Hiroki Sato
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-26 01:38 UTC by unitrunker
Modified: 2021-06-12 05:47 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (hrs)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description unitrunker 2021-02-26 01:38:11 UTC
tcsd reports the following error at boot:

Feb 25 19:45:15 thinkpad TCSD[972]: TrouSerS ERROR: TCSD config file (/usr/local/etc/tcsd.conf) must be user/group root/_tss

ls -la /usr/local/etc/tcsd.conf reports:

-rw------  1 _tss  _tss  7031 Aug 21  2020 /usr/local/etc/tcsd.conf

I applied 'chown root: /usr/local/etc/tcsd.conf' and rebooted. The same error message appears.

Checking /usr/local/etc/rc.d/tcsd I see the following line:

/usr/sbin/chown _tss:_tss /usr/local/etc/tcsd.conf

This leaves tcsd unusable.
Comment 1 unitrunker 2021-02-26 01:58:10 UTC
A possible work-around in /usr/local/etc/rc.d/tcsd:

tcsd_precmd()
{
	/usr/bin/install -d -m 0700 -o root -g _tss \
	    /var/run/tpm /var/run/ima /usr/local/var/lib/tpm
	/usr/sbin/chown root:_tss \
	    /usr/local/etc/tcsd.conf
	/bin/chmod 0640 \
	    /usr/local/etc/tcsd.conf
}
Comment 2 unitrunker 2021-02-26 02:45:43 UTC
Above work-around seems to work. However, I see the following error when starting tcsd:

Feb 25 21:40:34 thinkpad TCSD[TDDL]: - TrouSerS ioctl: (25) Inappropriate ioctl for device
Comment 3 Holger Kipp 2021-02-28 20:57:29 UTC
I encounter exactly the same problem with tics (which is unable to start).

This is on FreeBSD 12.2-RELEASE with up-to-date Ports-Tree (27th of February 2021).

trying to switch file owner to root and setting file mode to 640 then gives other problems with accessing a device, etc.

Anything else I can try?

This is within VM (Parallels on MacOS)


Best regards,
Holger
Comment 4 Holger Kipp 2021-02-28 20:58:12 UTC
(In reply to Holger Kipp from comment #3)

tcsd. I hate autocorrect...
Comment 5 William FRANCK 2021-06-12 05:47:53 UTC
(In reply to unitrunker from comment #1)
Same issue,
Same solution in /usr/local/etc/rc.d/tcsd

Works for me :-)