ports/126452: Ownership of ${named_chrootdir}/etc/namedb set wrong
Ronald F.Guilmette
rfg at tristatelogic.com
Mon Aug 11 11:10:03 UTC 2008
>Number: 126452
>Category: ports
>Synopsis: Ownership of ${named_chrootdir}/etc/namedb set wrong
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 11 11:10:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Ronald F. Guilmette
>Release: FreeBSD 7.0-RELEASE i386
>Organization:
Infinite Monkeys & Co. LLC
>Environment:
System: FreeBSD 7.0-RELEASE
Package: bind95-base-9.5.0.2
>Description:
In a default/standard install of the bind95-base-9.5.0.2 port,
the "variable" files (such as zone files) will get stashed into
the /var/named/etc/namedb directory, and whenever named is started
up, the /etc/rc.d/named script will create a symlink from
/etc/namedb to /var/named/etc/namedb.
Ordinarily, in the named.conf file the "directory" option will
be set to "/etc/namedb", thus making the /var/named/etc/namedb
directory the "home" directory for the named process.
Unfortunately. in a standard/default/un-customized install of the
bind95-base-9.5.0.2 port, the /var/named/etc/namedb directory gets
its ownership set to "root" rather than to whatever "named_uid"
is defined to within /etc/defaults/rc.conf (i.e. "bind"). This
subsequently causes the named process to be unable to write into
what it considers its own "home" directory... and it will complain
about that by writing the following error into its default logging
file/channel, e.g. each time a subsequent "rndc reload" is performed:
the working directory is not writable
>How-To-Repeat:
su root
portinstall bind95
{{edit the named.conf file and set the "default" logging channel to
log to some specific file}}
rndc reload
{{look at the contents named's "default" log file to see the error}}
>Fix:
The install procedure for the bind95 port should create the directory
/var/named/etc/namedb with ownership set to the same userID as is
defined for the named_uid variable in the /etc/defaults/rc.conf
file (i.e. "bind").
Changing the ownership of /var/named/etc/namedb to be the same UID
as whatever UID named will actually (subsequently) be run under will
allow named to write into its "working directory" and will make it
stop complaining that it can't.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list