From owner-freebsd-questions@FreeBSD.ORG Tue Nov 8 21:56:56 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 175CC16A41F for ; Tue, 8 Nov 2005 21:56:55 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail21.sea5.speakeasy.net (mail21.sea5.speakeasy.net [69.17.117.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7908143D48 for ; Tue, 8 Nov 2005 21:56:55 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 11691 invoked from network); 8 Nov 2005 21:56:54 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail21.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 8 Nov 2005 21:56:53 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id CBAAA28441; Tue, 8 Nov 2005 16:56:52 -0500 (EST) Sender: lowell@be-well.ilk.org To: Josh Tolbert References: <20051108081941.GA27333@just.puresimplicity.net> <44hdanhy1w.fsf@be-well.ilk.org> <20051108212738.GB1623@just.puresimplicity.net> From: Lowell Gilbert Date: 08 Nov 2005 16:56:52 -0500 In-Reply-To: <20051108212738.GB1623@just.puresimplicity.net> Message-ID: <44acgedcrf.fsf@be-well.ilk.org> Lines: 47 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Unusual permissions on /var/named/etc/namedb/master? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Nov 2005 21:56:56 -0000 Josh Tolbert writes: > On Tue, Nov 08, 2005 at 12:03:23PM -0500, Lowell Gilbert wrote: > > Josh Tolbert writes: > > > > > Hello, > > > > > > I'm running DHCP + dynamic DNS here on my home LAN and I've noticed a problem > > > that needs a manual fix every time the DNS machine gets rebooted. It doesn't > > > happen very often, but it does happen. :) > > > > > > My firewall/gateway machine runs FreeBSD-5.4-RELEASE of some patchlevel. It > > > uses ISC DHCPD from ports to update my DNS server, another FreeBSD machine > > > (now running 6.0-RELEASE) with new entries when machines register with the > > > DHCP server. The problem arises because by default named runs -u bind, however > > > /var/named/etc/namedb/master is owned by root. I believe this is caused by > > > /etc/mtree/BIND.chroot.dist, since I'm running bind chrooted (the default > > > setup). When the DNS machine reboots, I have to manually chown > > > /var/named/etc/namedb/master (or /etc/namedb/master) to bind before updates > > > will continue, otherwise I see errors such as > > > > > > named[297]: dumping master file: master/tmp-QQ2UU6pWaZ: open: permission denied > > > > > > Is there any good workaround for this issue? I'd like to keep bind running as > > > the bind user as well as keep bind chrooted if possible. I know I could edit > > > the mtree file on my machine, but that seems somewhat kludgy to me. > > > > > > Thanks for any help/advice you can give me, > > > > Normally mtree is only automatically run by installworld. > > Is that what causes the permissions to be reverted? > > If so, then change the mtree file (and keep the modifications over > > time when you run mergemaster). > > If not, then figure out what *is* changing the permissions. > > Hi Lowell, > > >From what I'm seeing in the /etc/rc.d/named script, mtree gets ran with the > BIND.chroot.dist mtree file every time bind starts. I guess I'll have to > maintain my own changes to that file for the time being. Ah, so it does. I hadn't noticed because I make a separate subdirectory for each of my zones, and the mtree file doesn't touch those. Which I suppose could be a solution for you too, although with mergemaster in the base system, I don't think keeping your own modifications to /etc files is that big a deal.