[ejabberd] One more question ;)

Konstantin Khomoutov flatworm at users.sourceforge.net
Fri Jan 22 22:43:07 MSK 2010


On Fri, 22 Jan 2010 11:12:55 -0800 (PST)
Christina Arsenault <ca_arsenault at yahoo.com> wrote:

> Thanks everyone, this list is very helpful.  I really have done my due diligence on this one, but am stumped.  I have inherited a production ejabberd server that I can not connect to with ejabberdctl!  It is driving me crazy.  I am trying to connect locally as the same user that is running ejabberd, root.  Is this a cookie issue?  Ejabberd is started upon reboot via a startup script in rc directories "/opt/ejabberd-2.0.5/ejabberdctl start",  this works fine.  (Could it be because I am su'ing to root instead of logging in as
> root?  That shouldn't matter, right?) Thanks in advance!!!! :)
> 
>> ps -ef | grep ejab
> 
> root      5144     1  0 Jan21 ?        00:00:00 /opt/ejabberd-2.0.5/bin/epmd -daemon
> root      5146     1  1 Jan21 ?        00:16:58 /opt/ejabberd-2.0.5/bin/beam.smp -K true -P 250000 -- -root /opt/ejabberd-2.0.5 -progname /opt/ejabberd-2.0.5/bin/erl -- -home / -sname ejabberd at localhost -smp auto -noshell -noinput -noshell -noinput -mnesia dir "/opt/ejabberd-2.0.5/database/ejabberd at localhost" -s ejabberd -ejabberd config "/opt/ejabberd-2.0.5/conf/ejabberd.cfg" log_path "/opt/ejabberd-2.0.5/logs/ejabberd.log" -sasl sasl_error_logger {file,"/opt/ejabberd-2.0.5/logs/sasl.log"}
> 
[...]
> I have found at least 4 cookies:
> 
> /root/.erlang.cookie
> /home/admin-guest/.erlang.cookie
> /home/nearsoft/.erlang.cookie
> /home/saikat/.erlang.cookie

Your beam.smp process (Erlang emulator which runs ejabberd) is passed
the "-home" command-line option which is set to "/", and that's where it
looks for the Erlang cookie file, unless overridden by other
command-line options like -setcookie (see man erl, if interested).
So try this:
# HOME=/ ejabberdctl

Note that running ejabberd as the root user is *very* stupid,
even in case you need it to listen on a privileged port as this can be
solved by your firewall.
I would suggest you filing an appropriate bug report to the supplier
of your ejabberd package, but /opt hints that it was installed by hand.
If nothing can be done for this, I would suggest investigating
a possibility of switching the setup to run ejabberd as an unprivileged
user (say, ejabberd:ejabberd). With your current setup, you will
probably want to relocate the cookie file under
"/opt/ejabberd-2.0.5/database" and make this directory 0755
ejabberd:ejabberd (cookie file itself -- 0600).
Then you should do the same to the log and configuration directories
(and their contents) and then tweak the startup script to use
su -c or a similar tool to drop privileges.


More information about the ejabberd mailing list