Unusual permissions on /var/named/etc/namedb/master?

[Hans Nieser]

Lowell Gilbert wrote:
> Josh Tolbert <hemi at puresimplicity.net> writes:
> 
> 
>>Hello,
>>
>>I'm running DHCP + dynamic DNS here on my home LAN and I've noticed a problem
>>that needs a manual fix every time the DNS machine gets rebooted. It doesn't
>>happen very often, but it does happen. :)
>>
>>My firewall/gateway machine runs FreeBSD-5.4-RELEASE of some patchlevel. It
>>uses ISC DHCPD from ports to update my DNS server, another FreeBSD machine
>>(now running 6.0-RELEASE) with new entries when machines register with the
>>DHCP server. The problem arises because by default named runs -u bind, however
>>/var/named/etc/namedb/master is owned by root. I believe this is caused by
>>/etc/mtree/BIND.chroot.dist, since I'm running bind chrooted (the default
>>setup). When the DNS machine reboots, I have to manually chown
>>/var/named/etc/namedb/master (or /etc/namedb/master) to bind before updates
>>will continue, otherwise I see errors such as
>>
>>named[297]: dumping master file: master/tmp-QQ2UU6pWaZ: open: permission denied
>>
>>Is there any good workaround for this issue? I'd like to keep bind running as
>>the bind user as well as keep bind chrooted if possible. I know I could edit
>>the mtree file on my machine, but that seems somewhat kludgy to me.
>>
>>Thanks for any help/advice you can give me,
> 
> 
> Normally mtree is only automatically run by installworld.  
> Is that what causes the permissions to be reverted?
> If so, then change the mtree file (and keep the modifications over
> time when you run mergemaster).
> If not, then figure out what *is* changing the permissions.

This happened to me too; everytime named started it would change back the 
owner of the "master" directory from "bind" to "root" according to the 
mtree file.

In the end I just used the "dynamic" folder to store my dynamic zones in 
with "bind" as owner, which makes more sense, and also doesn't get its 
user changed by the mtree.