/var/named Changes Ownership to Root on Boot

Derek Ragona derek at computinginnovations.com
Thu Mar 20 16:45:44 PDT 2008 

At 06:30 PM 3/20/2008, Martin McCormick wrote:
>         About half of the 7 FreeBSD systems I run exhibit a very
>annoying behavior that I have not pinned down yet as to why and
>how to correct it.
>
>         I reboot. Soon, I find that bind isn't running. It runs
>as a low-priority process and is owned by bind so it needs to
>have write permission in /var/named. When I do ls -ld on
>/var/named, it's owned by root.
>
>         As I said, several systems do this and several more
>don't and they are all running FreeBSD6.2 except for one which
>is FreeBSD5.x.
>
>         I originally used the stock /etc/rc.d start script for
>named. After getting the chown surprise on a key system, I
>hard-coded a 4-line script that just starts bind no matter what.
>It seemed to work so I was happy even though that is not a
>proper fix.
>
>         After our master DHCP server played the chown prank on
>me yesterday, I added a fifth line to the hard-wire script to
>chown -R bind:bind /var/named.
>
>         I guess the switcheroo happens after rc calls that
>script for I still had a dead bind until I changed it back and
>started it manually.
>
>         Some other systems never do the switch and my test box,
>of course, is one of those so I can't fix what isn't broken. It
>seems like the boxes that do this are inversely proportional to
>their importance. Our master DNS did this to me this evening
>after a reboot so I am asking for an explanation of what I have
>done wrong to cause this to happen.
>
>         I even did a sh -x /etc/rc/named and got kind of lost in
>rc.subr procedures and never saw the attempted switch of
>ownership.
>
>         Thank you for any pointers to documentation that
>explains this as many of the systems in question are up for a
>year or more at times and we don't get to diagnose their boot
>process that often. When something fails to start, it's one of
>those SURPRISE!'s we'd all rather not have when in a hurry to
>get key systems back running again.
>
>Martin McCormick WB5AGZ  Stillwater, OK
>Systems Engineer
>OSU Information Technology Department Network Operations Group

Sounds like you have named chroot'ing and probably don't want that 
behavior.  Look at the defaults for named and set them correctly in 
/etc/rc.conf

         -Derek

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the freebsd-questions mailing list