/var/named Changes Ownership to Root on Boot
Derek Ragona
derek at computinginnovations.com
Fri Mar 21 07:10:10 PDT 2008
At 08:54 AM 3/21/2008, Martin McCormick wrote:
> I think I fixed it but I am not sure I would have
>figured it out quickly without the help from the list.
>
> It seems that FreeBSD defaults to a chroot of bind with
>the tree owned by root. You can run bind in a sandbox as the
>documentation says and have it chroot but if you do, and heres's
>the confusion, you had better disable FreeBSD's attempt to make
>sure the /var/named tree is always owned by root which would be
>fine if named ran as root.
>
> When you run it in a sandbox with a lower-priority UID,
>you must make sure that at least one more little line appears in
>rc.conf.local.
>
>named_chrootdir="" # Chroot directory (or "" not to auto-chroot it)
>
>That's the key right there. If you use lines from rc.conf.local
>from an older system such as pre-FreeBSD5, you don't need that
>line and things work fine. If you don't have it on a FreeBSD5 or
>newer system,
>/etc/defaults/rc.conf supplies the default version of that line
>which reads:
>
>named_chrootdir="/var/named" # Chroot directory (or "" not to
>auto-chroot it)
>
>and one is seriously messed up from there on during the booting
>process.
>
> I was confused and thought this would all help me keep
>ownership of /var/named belonging to bind when, in fact, it does
>just the opposite.
Yes it is confusing. It is more confusing if you upgrade as the chroot'ing
behavior wasn't the default behavior in older versions. So often an
upgraded system won't run named until you fix these settings.
-Derek
More information about the freebsd-questions
mailing list