permissions on /etc/namedb

Ian Smith smithi at
Sun Aug 3 13:05:44 UTC 2008

On Sun, 3 Aug 2008, Eugene Grosbein wrote:

 > I need /etc/namedb to be owned by root:bind and have permissions 01775,
 > so bind may write to it but may not overwrite files that belong to root
 > here, and I made it so. Suprise!
 > # /etc/rc.d/named restart                                                       
 > Stopping named.                                                                 
 > Waiting for PIDS: 1892.                                                         
 > etc/namedb changed                                                              
 >         gid expected 0 found 53 modified                                        
 >         permissions expected 0755 found 01775 modified                          
 > Starting named.

Are you running /etc/namedb linked to chroot'd /var/named/etc/namedb?
If so, that'd be mtree restoring perms from /etc/mtree/BIND.chroot.dist

I couldn't get rndc trace running to for ages, same problem: 
bind user couldn't write to (default) /var/named/etc/namedb/
unless it already existed, owned by bind.  Added to /etc/rc.d/named:

 touch /var/named/etc/namedb/
 chown bind /var/named/etc/namedb/	# bind:wheel 644

and now trace and querylog are happy, so I am.  Running latest 5-STABLE
here but I see no changes in 7 or HEAD cvs related to this.  Suppose I
should do up a PR with a patch, unless someone knows a better way?

I don't know if this helps with whatever file/s you want bind to write,
or whether there are other files bind writes needing similar treatment.

 > I dislike it very much when a system thinks it knows better what user needs.
 > Also, I do not want to move a place where bind writes its files to another
 > location just because system does not want it to write here.
 > Why was this done such way, do I miss something?

I'm usually glad that FreeBSD's bind setup tends to paranoia :)

cheers, Ian

More information about the freebsd-net mailing list