named / BIND 9.4.1-P1 /etc/named/master ownership

Gelsema, P (Patrick) - FreeBSD freebsd at superhero.nl
Mon Dec 3 14:24:17 PST 2007 

On Mon, December 3, 2007 23:03, Philip M. Gollucci wrote:
> Gelsema, P (Patrick) - FreeBSD wrote:
>> In /etc/rc.conf I got the following.
>> hulk# cat /etc/rc.conf | grep named
>> named_enable="YES"
>> named_uid="bind"
>> named_chrootdir="/var/named"
> grep named /etc/defaults/rc.conf
> # named.  It may be possible to run named in a sandbox, man security for
> named_enable="NO"               # Run named, the DNS server (or NO).
> named_program="/usr/sbin/named" # path to named, if you want a different
> one.
> #named_flags=""                 # Flags for named
> named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
> named_uid="bind"                # User to run named as
> named_chrootdir="/var/named"    # Chroot directory (or "" not to
> auto-chroot it)
> named_chroot_autoupdate="YES"   # Automatically install/update chrooted
>                                 # components of named. See
> /etc/rc.d/named.
> named_symlink_enable="YES"      # Symlink the chrooted pid file
>
>
> As you can see, your named_uid and named_chrootdir are not needed, that
> is the default.
>
> The thing causing your issue is named_chroot_autoupdate="YES" (the
> default) and it is correct to do so, you should not be changing these
> without very good reason.

Okido. I understand that. The fact is that I do get lines logged that
permission is denied for dump:

Dec  3 21:36:51 hulk named[854]: dumping master file:
master/tmp-aET3vZVt47: open: permission denied
Dec  3 21:42:22 hulk named[854]: dumping master file:
master/tmp-Epzp4gKXgI: open: permission denied

When I change the ownership, problem goes away.
How can I get the problem away without changing the ownership?

Rgds,

Patrick

>
> --
> ------------------------------------------------------------------------
> Philip M. Gollucci (philip at ridecharge.com)
> o:703.549.2050x206
> Senior System Admin - Riderway, Inc.
> http://riderway.com / http://ridecharge.com
> 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB  B89E 1324 9B4F EC88 A0BF
>
> Work like you don't need the money,
> love like you'll never get hurt,
> and dance like nobody's watching.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list