Hi Tobias,<br>Thanks a lot for the explanation.<br>But the page <a href="http://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges">http://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges</a> says strongSwan allows to run it's daemons under a non-root user. I am aware of the facts that starter checks for the uid as root. So are you saying that even by giving such configure option, its not possible to run the daemon from Android CLI as shell user?<br>
<br>Regards,<br>Nitin<br><br><br><div class="gmail_quote">On Tue, Apr 17, 2012 at 8:42 PM, Tobias Brunner <span dir="ltr"><<a href="mailto:tobias@strongswan.org">tobias@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hi Nitin,<br>
<div class="im"><br>
> My ultimate concern is how to start the ipsec from the Android shell as<br>
</div>> a non root user.<br>
<br>
That's not possible the daemon needs root permission initially to open<br>
the netlink/xfrm sockets. Only afterwards can it switch the user ID to<br>
a non root user. This is true for Linux too, setting the user ID in the<br>
Makefile or via ./configure does not change this.<br>
<br>
Regards,<br>
Tobias<br>
</blockquote></div><br>