svn commit: r200563 - in head/etc: mtree namedb
Doug Barton
dougb at FreeBSD.org
Tue Dec 15 13:12:11 PST 2009
Robert Watson wrote:
> On Tue, 15 Dec 2009, Doug Barton wrote:
>
>> The named process needs to have a "working directory" that it can
>> write to. This is specified in "options { directory }" in named.conf.
>> So, create /etc/namedb/working with appropriate permissions, and
>> update the entry in named.conf to match.
>>
>> In addition to specifying the working directory, file and path names
>> in named.conf can be specified relative to the directory listed.
>> However, since that directory is now different from /etc/namedb
>> (where the configuration, zone, rndc.*, and other files are located)
>> further update named.conf to specify all file names with fully
>> qualified paths. Also update the comment about file and path names
>> so users know this should be done for all file/path names in the file.
>>
>> This change will eliminate the 'working directory is not writable'
>> messages at boot time without sacrificing security. It will also
>> allow for features in newer versions of BIND (9.7+) to work as
>> designed.
>
> On a couple of occasions, I've found myself trying to help people get
> BIND to core dump on a bug, which is a bit tricky in practice. It
> involves setting appropriate sysctls so that sugid processes generate
> cores, arranging for a writable core dump directory in the chroot and
> setting a sysctl so it is found, etc. Does this change simplify that
> process down to "enable core dump for sugid processes"?
It should, yes. I was able to test all the other use cases for an
unprivileged named process so I have every reason to believe that
dumping a core will work too.
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
More information about the svn-src-all
mailing list