dhcp3-server init script fails to show problem in configuration file

Thank you!

 dhcp3 (3.0.4-12ubuntu4) feisty; urgency=low
 .
   * debian/dhclient-script.linux: Set a direct route to the gateway if subnet
     mask is 255.255.255.255, so that it gets actually reachable. This mask
     happens on PPP connections and other scenarios where all traffic should go
     through one host. (LP: #33382)
   * debian/dhcp3-server.init.d: Fix test_config() to actually display the
     error in the config file. Thanks to Diego Torres Milano! (LP: #94804)

From gutsy
no error displayed

/etc/init.d/dhcp3-server
file already contains
/usr/sbin/dhcpd3 -t -cf $CONFIG_FILE 2>&1| sed '1,4d'

reverting to
/usr/sbin/dhcpd3 -t -q -cf $CONFIG_FILE

displayed error
"The error was:
drop_privileges: could not set group id: Operation not permitted"

In gutsy, no error displayed.

After configuring dhcp and restarting the service, I started a thin client which booted ok and ran several applications. After a server reboot, shcp had not restarted.

I attempted to start it manually thus:
"/etc/init.d/dhcp-server start" (noquotes)

The response:
"dhcpd self-test failed. Please fix the config file.
The error was: " (noquotes and no actuall error)

no entries were generated in syslog by this event.

/etc/init.d/dhcp3-server already contains
"/usr/sbin/dhcpd3 -t -cf $CONFIG_FILE 2>&1| sed '1,4d'" (noquotes)

reverted to :
"/usr/sbin/dhcpd3 -t -q -cf $CONFIG_FILE" (noquotes)

Displayed error:
"The error was:
drop_privileges: could not set group id: Operation not permitted" (noquotes)

Thus a perfect reproduction of dougfractal's result

SneakyWho_am_i wrote:
> In gutsy, no error displayed.
>
> After configuring dhcp and restarting the service, I started a thin
> client which booted ok and ran several applications. After a server
> reboot, shcp had not restarted.
>
> I attempted to start it manually thus:
> "/etc/init.d/dhcp-server start" (noquotes)
>
> The response:
> "dhcpd self-test failed. Please fix the config file.
> The error was: " (noquotes and no actuall error)
>
> no entries were generated in syslog by this event.
>
> /etc/init.d/dhcp3-server already contains
> "/usr/sbin/dhcpd3 -t -cf $CONFIG_FILE 2>&1| sed '1,4d'" (noquotes)
>
> reverted to :
> "/usr/sbin/dhcpd3 -t -q -cf $CONFIG_FILE" (noquotes)
>
> Displayed error:
> "The error was:
> drop_privileges: could not set group id: Operation not permitted" (noquotes)
>
> Thus a perfect reproduction of dougfractal's result
>
>
Can you please post your config file ?

--
Diego Torres Milano
CULT http://cult-thinclient.sf.net
PXES Universal Linux Thin Client http://pxes.org
Have you read my blog ? http://dtmilano.blogspot.com

My pleasure sir.

From dhcpd.conf:

##Config file starts##
authoritative;
subnet 10.1.1.0 netmask 255.255.255.0 {
  range 10.1.1.3 10.1.1.250;
  option domain-name "sneakywhoami.biz";
 option domain-name-servers 127.0.0.1, 202.27.158.40, 202.27.156.72, 208.67.222.222;
  option broadcast-address 10.1.1.255;
  option routers 10.1.1.1;
# next-server 192.168.0.254;
# get-lease-hostnames true;
  option subnet-mask 255.255.255.0;
    option root-path "/opt/ltsp/i386";
    if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
        filename "/ltsp/i386/pxelinux.0";
    } else {
        filename "/ltsp/i386/nbi.img";
    }
}
##Config file ends##

My last message lacked crucial detail though.
On further inspection I find something more interesting. There are two obvious ways to generate an error message (or no error message)

My blank error message was caused by not having root privilege at the moment that I called dhcp3-server and it started successfully when I did sudo it. As I stated in my last message, it only stated the error after I had reverted your edit to the script dhcp3-server
BUT
Fixing the error output for permissions problems breaks the output for config file problems..

So your fix perfectly solved the problem, but there seems to be some other problem, perhaps this should be in a different bug report..?
To put it differently:

"/usr/sbin/dhcpd3 -t -q -cf $CONFIG_FILE" only prints an error WITHOUT sudo
"/usr/sbin/dhcpd3 -t -cf $CONFIG_FILE 2>&1| sed '1,4d'" only prints an error WITH sudo

I still don't feel that's very clear. Sorry for any confusion.

SneakyWho_am_i wrote:
> My pleasure sir.
>
> >From dhcpd.conf:
>
> ##Config file starts##
> authoritative;
> subnet 10.1.1.0 netmask 255.255.255.0 {
> range 10.1.1.3 10.1.1.250;
> option domain-name "sneakywhoami.biz";
> option domain-name-servers 127.0.0.1, 202.27.158.40, 202.27.156.72, 208.67.222.222;
> option broadcast-address 10.1.1.255;
> option routers 10.1.1.1;
> # next-server 192.168.0.254;
> # get-lease-hostnames true;
> option subnet-mask 255.255.255.0;
> option root-path "/opt/ltsp/i386";
> if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
> filename "/ltsp/i386/pxelinux.0";
> } else {
> filename "/ltsp/i386/nbi.img";
> }
> }
> ##Config file ends##
>
Of course the configuration is fine.
> My last message lacked crucial detail though.
> On further inspection I find something more interesting. There are two obvious ways to generate an error message (or no error message)
>
> My blank error message was caused by not having root privilege at the moment that I called dhcp3-server and it started successfully when I did sudo it. As I stated in my last message, it only stated the error after I had reverted your edit to the script dhcp3-server
> BUT
> Fixing the error output for permissions problems breaks the output for config file problems..
>
> So your fix perfectly solved the problem, but there seems to be some other problem, perhaps this should be in a different bug report..?
> To put it differently:
>
> "/usr/sbin/dhcpd3 -t -q -cf $CONFIG_FILE" only prints an error WITHOUT sudo
> "/usr/sbin/dhcpd3 -t -cf $CONFIG_FILE 2>&1| sed '1,4d'" only prints an error WITH sudo
>
> I still don't feel that's very clear. Sorry for any confusion.
>
>
Yes, it's clear.
The idea of having a line like:

/usr/sbin/dhcpd3 -t -cf $CONFIG_FILE 2>&1| sed '1,4d'

is to test the configuration file syntax, mainly in the event of a restart in a production environment.
If you've introduced and error in your config you don't want that your server stops and never restarts (leaving you running to fix the config and start again), you want instead that the new config syntax is checked before stopping the server.
Personally, I think that the problem is in dhcpd3 (and perhaps the fix too). To only test the syntax (-t) of a config file you have read access there's no need to drop privileges.
From dhcpd3 man page:

"If the -t flag is specified, the server will simply
test the configuration file for correct syntax, but will not attempt to
perform any network operations."

--
Diego Torres Milano
CULT http://cult-thinclient.sf.net
PXES Universal Linux Thin Client http://pxes.org
Have you read my blog ? http://dtmilano.blogspot.com