New BIND 9 chroot directories
Makoto Matsushita
matusita at jp.FreeBSD.org
Tue Oct 5 00:12:08 PDT 2004
Thanks for your emails, giving me a chance to consider what I can,
like, and will do for configuring my nameservers.
DougB> As a whole, var is no more volatile than any other directory,
DougB> although bits of it (like /var/run) are recreated at each boot.
Hmm, maybe that's so, ok.
DougB> Configurations that split volatile and non-volatile bits into
DougB> seperate directories are possible, but IMO they are needlessly
DougB> complicated.
Fully agreed.
DougB> All that said, the defaults are just the defaults. The thing
DougB> that people really need to keep in mind is that if you want to
DougB> change it, you can.
However, unfortunately it's _default_ -- no matter it is intended or
not, some of users feel that FreeBSD the OS _enforces_ users to
configure named in that way.
As we already seen, there are preferences on "directory names for zone
files (master/slave v.s. m/s)." Imagine you like to put your master
zone file under ${chrootdir}/etc/namedb/M, and find that there is
${chrootdir}/etc/namedb/master which is bogus for you. I believe that
named(8) have no default directory for master zone files -- if you
don't want to implement a policy, "master file should be sitting under
/etc/namedb/master," it would be better to create that directory.
Here's a simple patch to remove master/slave directories. Please note
that if you want to have ${chrootdir}/etc/namedb/master, "just
mkdir(1) it" is enough with no further fears (mtree(8) doesn't
complain anything even if any unlisted directories are there).
Index: BIND.chroot.dist
===================================================================
RCS file: /home/ncvs/src/etc/mtree/BIND.chroot.dist,v
retrieving revision 1.5
diff -u -r1.5 BIND.chroot.dist
--- BIND.chroot.dist 29 Sep 2004 03:43:10 -0000 1.5
+++ BIND.chroot.dist 5 Oct 2004 07:00:43 -0000
@@ -9,10 +9,6 @@
..
etc
namedb
- master
- ..
- slave uname=bind
- ..
..
..
/set type=dir uname=bind gname=wheel mode=0755
There's one thing to consider if above diff is applied; the owner of
slave directory and effective user id of running named should be
matched, since named will write a file to that directory. However it
causes us very few, since old /etc/namedb didn't have it, and it would
be easy to set with chown(1) (one time set, nobody overrides it).
Please note that "named config files is under ${chrootdir}/etc/namedb"
is ok, since it comes from named implementation, not any of us. In
the same reason, it would be no problem we have ${chrootdir}/var/run
which is requested by syslogd.
DougB> If anyone wants to come up with something like that, I'm all
DougB> ears, however my guess is that the variety of input is so
DougB> varied that such an undertaking would be pointless.
Thank you, and just a question for you, how do you think to remove
${chrootdir}/etc/namedb/{master,slave} directories?
-- -
Makoto `MAR' Matsushita
More information about the freebsd-current
mailing list