ports/126452: Ownership of ${named_chrootdir}/etc/namedb set wrong

Ronald F.Guilmette rfg at tristatelogic.com
Mon Aug 11 11:10:03 UTC 2008 

>Number:         126452
>Category:       ports
>Synopsis:       Ownership of ${named_chrootdir}/etc/namedb set wrong
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 11 11:10:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Ronald F. Guilmette
>Release:        FreeBSD 7.0-RELEASE i386
>Organization:
Infinite Monkeys & Co. LLC
>Environment:
System: FreeBSD 7.0-RELEASE
Package: bind95-base-9.5.0.2
>Description:
	In a default/standard install of the bind95-base-9.5.0.2 port,
	the "variable" files (such as zone files) will get stashed into
	the /var/named/etc/namedb directory, and whenever named is started
	up, the /etc/rc.d/named script will create a symlink from
	/etc/namedb to /var/named/etc/namedb.

	Ordinarily, in the named.conf file the "directory" option will
	be set to "/etc/namedb", thus making the /var/named/etc/namedb
	directory the "home" directory for the named process.

	Unfortunately. in a standard/default/un-customized install of the
	bind95-base-9.5.0.2 port, the /var/named/etc/namedb directory gets
	its ownership set to "root" rather than to whatever "named_uid"
	is defined to within /etc/defaults/rc.conf (i.e. "bind").  This
	subsequently causes the named process to be unable to write into
	what it considers its own "home" directory... and it will complain
	about that by writing the following error into its default logging
	file/channel, e.g. each time a subsequent "rndc reload" is performed:

		the working directory is not writable

>How-To-Repeat:
	su root
	portinstall bind95
	{{edit the named.conf file and set the "default" logging channel to
	  log to some specific file}}
	rndc reload
	{{look at the contents named's "default" log file to see the error}}

>Fix:
	The install procedure for the bind95 port should create the directory
	/var/named/etc/namedb with ownership set to the same userID as is
	defined for the named_uid variable in the /etc/defaults/rc.conf
	file (i.e. "bind").

	Changing the ownership of /var/named/etc/namedb to be the same UID
	as whatever UID named will actually (subsequently) be run under will
	allow named to write into its "working directory" and will make it
	stop complaining that it can't.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list