From owner-freebsd-questions@FreeBSD.ORG Tue Nov 8 20:59:07 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9935716A420 for ; Tue, 8 Nov 2005 20:59:07 +0000 (GMT) (envelope-from h.nieser@xs4all.nl) Received: from smtp-vbr10.xs4all.nl (smtp-vbr10.xs4all.nl [194.109.24.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFC0A43D45 for ; Tue, 8 Nov 2005 20:59:06 +0000 (GMT) (envelope-from h.nieser@xs4all.nl) Received: from [192.168.1.10] (nieser.net [194.109.160.131]) by smtp-vbr10.xs4all.nl (8.13.3/8.13.3) with ESMTP id jA8Kx5Jq040190 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 8 Nov 2005 21:59:05 +0100 (CET) (envelope-from h.nieser@xs4all.nl) Message-ID: <4371119B.2000306@xs4all.nl> Date: Tue, 08 Nov 2005 21:59:07 +0100 From: Hans Nieser User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051106) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20051108081941.GA27333@just.puresimplicity.net> <44hdanhy1w.fsf@be-well.ilk.org> In-Reply-To: <44hdanhy1w.fsf@be-well.ilk.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by XS4ALL Virus Scanner Subject: Re: Unusual permissions on /var/named/etc/namedb/master? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Nov 2005 20:59:07 -0000 Lowell Gilbert wrote: > Josh Tolbert writes: > > >>Hello, >> >>I'm running DHCP + dynamic DNS here on my home LAN and I've noticed a problem >>that needs a manual fix every time the DNS machine gets rebooted. It doesn't >>happen very often, but it does happen. :) >> >>My firewall/gateway machine runs FreeBSD-5.4-RELEASE of some patchlevel. It >>uses ISC DHCPD from ports to update my DNS server, another FreeBSD machine >>(now running 6.0-RELEASE) with new entries when machines register with the >>DHCP server. The problem arises because by default named runs -u bind, however >>/var/named/etc/namedb/master is owned by root. I believe this is caused by >>/etc/mtree/BIND.chroot.dist, since I'm running bind chrooted (the default >>setup). When the DNS machine reboots, I have to manually chown >>/var/named/etc/namedb/master (or /etc/namedb/master) to bind before updates >>will continue, otherwise I see errors such as >> >>named[297]: dumping master file: master/tmp-QQ2UU6pWaZ: open: permission denied >> >>Is there any good workaround for this issue? I'd like to keep bind running as >>the bind user as well as keep bind chrooted if possible. I know I could edit >>the mtree file on my machine, but that seems somewhat kludgy to me. >> >>Thanks for any help/advice you can give me, > > > Normally mtree is only automatically run by installworld. > Is that what causes the permissions to be reverted? > If so, then change the mtree file (and keep the modifications over > time when you run mergemaster). > If not, then figure out what *is* changing the permissions. This happened to me too; everytime named started it would change back the owner of the "master" directory from "bind" to "root" according to the mtree file. In the end I just used the "dynamic" folder to store my dynamic zones in with "bind" as owner, which makes more sense, and also doesn't get its user changed by the mtree.