Unusual permissions on /var/named/etc/namedb/master?
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Tue Nov 8 21:56:56 GMT 2005
Josh Tolbert <hemi at puresimplicity.net> writes:
> On Tue, Nov 08, 2005 at 12:03:23PM -0500, Lowell Gilbert wrote:
> > Josh Tolbert <hemi at puresimplicity.net> writes:
> >
> > > Hello,
> > >
> > > I'm running DHCP + dynamic DNS here on my home LAN and I've noticed a problem
> > > that needs a manual fix every time the DNS machine gets rebooted. It doesn't
> > > happen very often, but it does happen. :)
> > >
> > > My firewall/gateway machine runs FreeBSD-5.4-RELEASE of some patchlevel. It
> > > uses ISC DHCPD from ports to update my DNS server, another FreeBSD machine
> > > (now running 6.0-RELEASE) with new entries when machines register with the
> > > DHCP server. The problem arises because by default named runs -u bind, however
> > > /var/named/etc/namedb/master is owned by root. I believe this is caused by
> > > /etc/mtree/BIND.chroot.dist, since I'm running bind chrooted (the default
> > > setup). When the DNS machine reboots, I have to manually chown
> > > /var/named/etc/namedb/master (or /etc/namedb/master) to bind before updates
> > > will continue, otherwise I see errors such as
> > >
> > > named[297]: dumping master file: master/tmp-QQ2UU6pWaZ: open: permission denied
> > >
> > > Is there any good workaround for this issue? I'd like to keep bind running as
> > > the bind user as well as keep bind chrooted if possible. I know I could edit
> > > the mtree file on my machine, but that seems somewhat kludgy to me.
> > >
> > > Thanks for any help/advice you can give me,
> >
> > Normally mtree is only automatically run by installworld.
> > Is that what causes the permissions to be reverted?
> > If so, then change the mtree file (and keep the modifications over
> > time when you run mergemaster).
> > If not, then figure out what *is* changing the permissions.
>
> Hi Lowell,
>
> >From what I'm seeing in the /etc/rc.d/named script, mtree gets ran with the
> BIND.chroot.dist mtree file every time bind starts. I guess I'll have to
> maintain my own changes to that file for the time being.
Ah, so it does. I hadn't noticed because I make a separate
subdirectory for each of my zones, and the mtree file doesn't
touch those. Which I suppose could be a solution for you too,
although with mergemaster in the base system, I don't think keeping
your own modifications to /etc files is that big a deal.
More information about the freebsd-questions
mailing list