# pksd deamon/service start and then stop after few seconds



## TomKi (Dec 11, 2018)

Hello,

I have installed security/pks on FreeBSD and I think I have configured the installation correct.... and maybe not.
I have added `pksd_enable` to /etc/rc.conf and I can see on startup screen that pksd is starting (Starting pksd).
But after I have login to the system I can see the service/deamon is not running:

```
# service pksd status
pksd is not running
```
I try:

```
# service pksd restart
pksd not running? (check /var/run/pksd.pid)
Starting pksd
# service pksd status
pksd is not running
```
And I can't find pksd.pid anywhere.

Can any of you tell me what logfile I can see what the problem is, please?
Or do I have to enable some log before I can see anything about my problem?
Or can I test /usr/local/etc/pksd.conf for errors by a command?

Thanks in advance.


----------



## SirDice (Dec 11, 2018)

```
DATABASE ADMINISTRATION
       pksd  uses the locking, logging,	and transaction	facilities of Berkeley
       DB.  This provides for added safety in the event	of a server crash, and
       also  allows for	multiple pksd and/or pksclient processes to access the
       database	at the same time.

       This does make management of a key server a  little  more  complicated.
       The  Berkeley  DB reference section on Berkeley DB Transactional	Access
       Methods Applications
       <http://www.sleepycat.com/docs/ref/toc.html#transapp>
       describes the procedures	and commands which are used for	checkpointing,
       archive	(backup),  and recovery.  You should familiarize yourself with
       this information	before running a key server.
```
Taken from pks-intro(8).


----------



## TomKi (Dec 11, 2018)

Thanks for a quick answer.
Yes I can see that, about the database administration from pks-intro.
But I have created a database file with following command:

# pksclient /var/db/pks/db create

Isn't that enough to run a pks server?


----------



## TomKi (Dec 11, 2018)

I have found out another thing.
If I uncomment pksd_enable in /etc/rc.conf, restart FreeBSD, login through ssh to the server and run following command in the ssh section:

```
# service pksd onestart
Starting pksd
```
....and if I look at the server output it says:

```
pksd[992]: pksd: pks_socket_init: failed removing old socket: 1
```
Does anyone know what this means?


----------



## SirDice (Dec 12, 2018)

TomKi said:


> Isn't that enough to run a pks server?


I don't know. Besides the manual pages I can't find the documentation. So I have no idea what's required to get it up and running.



TomKi said:


> Does anyone know what this means?


That's fairly common for failing services. It starts, creates the sockets and PID file, then crashes. Without cleaning up those files. So when you start it again it's going to find the 'old' files and complain about it.


----------



## ShelLuser (Dec 12, 2018)

Make sure your permissions are all in check. This also applies to /var/run/pks for example (which you have to create yourself; be sure to use the right uid/gid).

It's been a while since I wrote this but maybe this can help:

https://forums.freebsd.org/threads/setting-up-your-own-openpgp-keyserver-why-how.59920/


----------



## TomKi (Dec 12, 2018)

I have followed your guide
The only thing I'm not sure about is the userrights on the folders and files.
I have created user "pksuser"
root@pks1:/usr/local/bin # id pksuser
uid=1040(pksuser) gid=1050(pksuser) groups=1050(pksuser)

I have set the rights as follow:

root@pks1:~ # ls -al /var/run/pks/
total 10
drwxrwx---  3 pksuser  pksuser   3 Nov 29 22:18 .
drwxr-xr-x  7 root     wheel    23 Dec 12 22:12 ..
drwxrwx---  2 pksuser  pksuser   2 Nov 29 22:18 pks.socket

root@pks1:~ # ls -al /var/db/pks/db/
total 198
drwxrwx---  2 pksuser  pksuser        12 Nov 28 22:40 .
drwxrwx---  5 pksuser  pksuser         5 Nov 19 15:36 ..
-rwxrwx---  1 pksuser  pksuser    303104 Dec 11 21:45 __db.001
-rwxrwx---  1 pksuser  pksuser    851968 Dec 11 21:45 __db.002
-rwxrwx---  1 pksuser  pksuser    550440 Dec 11 21:45 __db.003
-rwxrwx---  1 pksuser  pksuser     24576 Nov 28 22:40 keydb000
-rwxrwx---  1 pksuser  pksuser     24576 Nov 28 22:40 keydb001
-rwxrwx---  1 pksuser  pksuser     24576 Nov 28 22:40 keydb002
-rwxrwx---  1 pksuser  pksuser  10485760 Dec 11 21:45 log.0000000001
-rwxrwx---  1 pksuser  pksuser         2 Nov 28 22:40 num_keydb
-rwxrwx---  1 pksuser  pksuser     49152 Nov 28 22:40 timedb
-rwxrwx---  1 pksuser  pksuser     24576 Nov 28 22:40 worddb

root@pks1:~ # ls -al /var/db/pks/
total 19
drwxrwx---   5 pksuser  pksuser   5 Nov 19 15:36 .
drwxr-xr-x  13 root     wheel    21 Nov 29 01:08 ..
drwxrwx---   2 pksuser  pksuser  12 Nov 28 22:40 db
drwxrwx---   2 pksuser  pksuser   2 Nov 19 12:29 incoming
drwxrwx---   2 pksuser  pksuser   2 Nov 19 15:36 pksd_socket

root@pks1:~ # ls -al /usr/local/bin/pks*
-rwxrwx---  1 pksuser  pksuser    2275 Nov 19 12:04 /usr/local/bin/pks-mail.sh
-rwxrwx---  1 pksuser  pksuser    2552 Nov 19 12:04 /usr/local/bin/pks-queue-run.sh
-rwxrwx---  1 pksuser  pksuser  100880 Nov 19 12:04 /usr/local/bin/pksclient
-rwxrwx---  1 pksuser  pksuser    8000 Nov 19 12:04 /usr/local/bin/pksdctl

root@pks1:~ # ls -al /usr/local/share/doc/pks/
total 122
drwxrwx---   2 pksuser  pksuser    19 Nov 19 12:04 .
drwxr-xr-x  24 root     wheel      24 Nov 19 18:23 ..
-rwxrwx---   1 pksuser  pksuser  2330 Nov 19 12:04 EMAIL
-rwxrwx---   1 pksuser  pksuser  8540 Nov 19 12:04 README
-rwxrwx---   1 pksuser  pksuser  8368 Nov 19 12:04 pks_help.cz
-rwxrwx---   1 pksuser  pksuser  7457 Nov 19 12:04 pks_help.de
-rwxrwx---   1 pksuser  pksuser  6258 Nov 19 12:04 pks_help.dk
-rwxrwx---   1 pksuser  pksuser  6731 Nov 19 12:04 pks_help.en
-rwxrwx---   1 pksuser  pksuser  7548 Nov 19 12:04 pks_help.es
-rwxrwx---   1 pksuser  pksuser  6318 Nov 19 12:04 pks_help.fi
-rwxrwx---   1 pksuser  pksuser  6601 Nov 19 12:04 pks_help.fr
-rwxrwx---   1 pksuser  pksuser  6357 Nov 19 12:04 pks_help.hr
-rwxrwx---   1 pksuser  pksuser  7085 Nov 19 12:04 pks_help.ja
-rwxrwx---   1 pksuser  pksuser  7506 Nov 19 12:04 pks_help.kr
-rwxrwx---   1 pksuser  pksuser  6152 Nov 19 12:04 pks_help.no
-rwxrwx---   1 pksuser  pksuser  7770 Nov 19 12:04 pks_help.pl
-rwxrwx---   1 pksuser  pksuser  7483 Nov 19 12:04 pks_help.pt
-rwxrwx---   1 pksuser  pksuser  6905 Nov 19 12:04 pks_help.se
-rwxrwx---   1 pksuser  pksuser  7149 Nov 19 12:04 pks_help.tw

root@pks1:~ # ls -al /usr/local/share/pks/
total 27
drwxrwx---   2 pksuser  pksuser     5 Nov 19 12:04 .
drwxr-xr-x  29 root     wheel      29 Nov 19 18:23 ..
-rwxrwx---   1 pksuser  pksuser   416 Nov 19 12:04 mail_intro
-rwxrwx---   1 pksuser  pksuser  4641 Nov 19 12:04 pks-commands.html
-rwxrwx---   1 pksuser  pksuser  9138 Nov 19 12:04 pks-commands.php

And my /usr/local/etc/pksd.conf:

root@pks1:~ # cat /usr/local/etc/pksd.conf
pks_bin_dir /usr/local/bin
pid_dir /var/run/pks
### Set chroot_dir to make pksd chroot itself. Must be an absolute path.
#chroot_dir /usr/local
### uid and gid for pksd to run as. Leave unset, or set to 0 to disable
### ideally only www_dir should be writeable to pksd. it is recommended
### that pksd run with its own uid and gid.
pksd_uid 1040
pksd_gid 1050
db_dir /var/db/pks/db
www_dir /var/db/pks
### Set www_port to the port on which HTTP requests should be accepted.
### If you do not want to process HTTP requests, set this to 0.
www_port 11371
### Set www_readonly to 0 if you want to allow ADD requests over HTTP
# www_readonly 0
socket_name /var/run/pks/pks.socket
### Specify the envelope sender address as the -f argument to
###   sendmail.  This is the address which will receive any bounces.
### If you don't use sendmail, then change this to an equivalent command.
### If you do not want to process mail requests, leave this unset.
mail_delivery_client /usr/sbin/sendmail -t -oi -fmailer-daemon
### Set this to the address which should be displayed as the From:
###   address in all outgoing email, and as the maintainer in the body
###   of each message.
maintainer_email PGP Key Server Administrator <nobody>
mail_intro_file /usr/local/share/pks/mail_intro
help_dir /usr/local/share/doc/pks
mail_dir /var/db/pks/incoming
### If you change this, make sure to put a corresponding help file in
### the help_dir named above
default_language EN
### This is the email address of this site.  It will be inserted in all
###   outgoing incremental messages, so it should match whatever the
###   downstream sites use as syncsite in their pksd.conf files.
# this_site pgp-public-keys@your-site
### Include a syncsite line for each site with which you are exchanging
### incremental requests.
# syncsite pgp-public-keys@pgp-server-1
# syncsite pgp-public-keys@pgp-server-2
### Set this to 0 to disable mailserver LAST requests completely, to a
### positive integer to limit LAST requests to that many days, or -1
### to allow any argument to LAST.
max_last -1
### Set this to the maximum number of keys to return in the reply to
### a last query.  Setting it to -1 will allow any size reply.
max_last_reply_keys -1
### Set this to the maximum number of keys to return in the reply to
### an index, verbose index, or get query.  Setting it to -1
### will allow any size reply.
max_reply_keys -1


And thank you for your respond


----------



## ShelLuser (Dec 12, 2018)

Check /var/log/messages, that's where it'll dump its output to. It should tell you what went wrong. Glimpsed over the config file but can't notice anything out of the ordinary.


----------



## TomKi (Dec 14, 2018)

When I have set pksd_enable="YES" in /etc/rc.conf the system writes in /var/log/messages:

Dec 14 13:55:13 pks1 pksd[581]: pksd: pks_socket_init: failed removing old socket: 1

And I don't know what it means

And I don't know what the number 581 means


----------

