From owner-freebsd-questions@FreeBSD.ORG Sat May 30 15:36:16 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C7B1106567F for ; Sat, 30 May 2009 15:36:16 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id CCA608FC29 for ; Sat, 30 May 2009 15:36:15 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from sarevok.dnr.servegame.org (mailhub.lan.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 991197E83F; Sat, 30 May 2009 07:36:14 -0800 (AKDT) From: Mel Flynn To: freebsd-questions@freebsd.org Date: Sat, 30 May 2009 17:36:12 +0200 User-Agent: KMail/1.11.3 (FreeBSD/8.0-CURRENT; KDE/4.2.3; i386; ; ) References: <46dcef4e0905300550j3e19424bs689a384bb4f97c19@mail.gmail.com> <200905301551.09796.mel.flynn+fbsd.questions@mailing.thruhere.net> <46dcef4e0905300801l7f7acf67jcbf0856b090f22f6@mail.gmail.com> In-Reply-To: <46dcef4e0905300801l7f7acf67jcbf0856b090f22f6@mail.gmail.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-6" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905301736.12503.mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: Prokofyev Vladislav Subject: Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 May 2009 15:36:16 -0000 On Saturday 30 May 2009 17:01:17 Prokofyev Vladislav wrote: > > The named running chrooted has no clue about /var/named. You can either > > use ducttape: > > cd /var/named/var && sudo ln -s .. named > > > > or just strip /var/named from your config file, hence use > > /var/log/xfer.log. > > > > -- > > Mel > > This helped, thank you a lot. > So, if I think in a right way, /usr/sbin/named with -t start option don't > effect on any symlinks etc. Erm, yes or ... no. I suggest you read up on chroot. The short answer is that relative symlinks within the chroot environment work while absolute ones should take into the account the new filesystem root. > I didn't pay attention to this cause named(8) > says: > > -t directory > Chroot to directory after processing the command line arguments, > but before reading the configuration file. and have a look at what /etc/namedb really is: # ls -l /etc/namedb lrwxr-xr-x 1 root wheel 21 May 21 06:24 /etc/namedb -> /var/named/etc/namedb And this demonstrates chroot a bit: # cp /rescue/ls /var/named/ # chroot /var/named /ls -l /etc/namedb total 1 drwxr-xr-x 2 53 0 512 Feb 28 05:57 dynamic drwxr-xr-x 2 0 0 512 May 15 13:42 master -rw-r--r-- 1 0 0 11714 May 15 14:40 named.conf -rw-r--r-- 1 0 0 2956 May 15 13:42 named.root -rw------- 1 53 0 97 Apr 18 10:29 rndc.key drwxr-xr-x 2 53 0 512 May 30 11:21 slave > Warning: This option should be used in conjunction with the > -u option, as chrooting a process running as root doesn't > enhance security on most systems; the way chroot(2) is > defined allows a process with root privileges to escape a > chroot jail. > > And I thought that all actions for proper work are made by named :) They are, you just need reference the right path, the one without /var/named, or use relative paths where the working directory is /etc/namedb. So one would get to /var/log using: file "../../var/log/xfer"; -- Mel