Date: Sun, 20 Jan 2019 11:38:54 -0500 From: Dan Langille <dan@langille.org> To: Mathieu Arnold <mat@FreeBSD.org> Cc: FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: dns/bind911 - statistics-file Message-ID: <36992BCA-287B-4F7F-9C38-B75CF817254A@langille.org> In-Reply-To: <20190120104234.k5w5f7mrmzmpncx2@atuin.in.mat.cc> References: <0B943CDD-3A9E-4026-8AD4-8D8007902CCB@langille.org> <20190120104234.k5w5f7mrmzmpncx2@atuin.in.mat.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_1FF98731-637D-4F3E-B774-74749E482EAD Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Jan 20, 2019, at 5:42 AM, Mathieu Arnold <mat@FreeBSD.org> wrote: >=20 > On Sat, Jan 19, 2019 at 07:50:45PM -0500, Dan Langille wrote: >> Mat, >>=20 >> I encountered an odd situation where my stats file kept changing = permissions. With every reinstall of bind911, >> the permissions on var/run/named/stats change to chown root:bind = which prevents bind from updating the file. >>=20 >> This is what I need: >>=20 >> $ ls -l /var/run/named/stats >> -rw-r--r-- 1 bind bind 11507 Jan 20 00:45 /var/run/named/stats >>=20 >> Could that change be carried out by this file? >>=20 >> = https://svnweb.freebsd.org/ports/head/dns/bind911/files/BIND.chroot.dist?v= iew=3Dmarkup#l24 >>=20 >> I don't see a reference to /var/run/named/stats in BIND.chroot.dist = but can't help but wonder if it's something similar. >>=20 >> I have been using these options: >>=20 >> directory "/usr/local/etc/namedb/working"; >> pid-file "/var/run/named/pid"; >> dump-file "/var/dump/named_dump.db"; >> statistics-file "/var/run/named/stats"; >> zone-statistics yes; >>=20 >> When researching this tonight, I noticed the sample configuration = uses /var/run/named.stats. Perhaps I'm doing this wrong. >> I am happy to change my configuration, but first I write in case the = script is doing something unexpected. >=20 > I do not think anything in the BIND9 ports would change the file = permissions. >=20 > The mtree file only touches the directories to make sure they have the > correct permissions, so it is not it. Moreover the mtree file is ONLY > used when using named_chrootdir to chroot named, which does not appear > to be your case. > The BIND9 ports have not had a pkg-install script for years, so it's = not > it either. > The rc file does not chown anything, so it's not it doing it either. >=20 > Side note, the sample configuration uses /var/stats/named.stats, not > /var/run/named.stats. And it was ever since it was added to the base > system named.conf file back in 2004 (in src r135918). Noted. Thank you. > So I'd say something else on your system "fixes" the file's = permissions. It seems to be upon system start up. I did a test in a jail. # =46rom the host, verify the file in the jail exists: [dan@knew:~] $ ls -l /iocage/jails/toiler/root/var/run/named/stats -rw-r--r-- 1 bind bind 1 Jan 20 16:30 = /iocage/jails/toiler/root/var/run/named/stats [dan@knew:~] $ sudo iocage stop toiler * Stopping toiler + Running prestop OK + Stopping services OK + Refusing to remove protected devfs_ruleset: 7 + Removing jail process OK + Running poststop OK [dan@knew:~] $ ls -l /iocage/jails/toiler/root/var/run/named/stats -rw-r--r-- 1 bind bind 1 Jan 20 16:30 = /iocage/jails/toiler/root/var/run/named/stats [dan@knew:~] $ sudo iocage start toiler * Starting toiler + Started OK + Using devfs_ruleset: 7 + Starting services OK [dan@knew:~] $ ls -l /iocage/jails/toiler/root/var/run/named/stats ls: /iocage/jails/toiler/root/var/run/named/stats: No such file or = directory [dan@knew:~] $ The file soon gets created: [dan@knew:~] $ ls -l /iocage/jails/toiler/root/var/run/named/stats -rw-r--r-- 1 root bind 1 Jan 20 16:35 = /iocage/jails/toiler/root/var/run/named/stats Presumably by this: 20-Jan-2019 16:35:12.819 received control channel command 'stats' 20-Jan-2019 16:35:12.819 could not open statistics dump file = '/var/run/named/stats': permission denied 20-Jan-2019 16:35:12.819 dumpstats failed: permission denied I will keep looking. Thank you. -- Dan Langille - BSDCan / PGCon dan@langille.org --Apple-Mail=_1FF98731-637D-4F3E-B774-74749E482EAD Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQGTBAEBCgB9FiEEzqcJ4oeyf8sgTIEBIU09XU2nXtMFAlxEpB5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldENF QTcwOUUyODdCMjdGQ0IyMDRDODEwMTIxNEQzRDVENERBNzVFRDMACgkQIU09XU2n XtMjdwf9FoPUon0HCrXxE0lX4Wv+UfTSBsY7a5X6DaVI+FsTUdE4uwRPyq5lQCJy 4efKHlcDjelpdfivGlCL5oeNNDfK35vxMB/aP3r5isQeZPmkeIfsdv4vShS53T3v 6X/2xiMIKIn1Kj4euUoh/qMGNM5SnMf19Mfb0KINJhzpZwNaSV6RFgyq8MLOphCS FPL+dhFV7ijZyHwN9HnLpuZNsNP5zgvzkUe5J6uapiPQUA7VBPy4xxauWV5iNEz5 Kt8OKVG8Qo4zbuZc1QFfh374RS+csXfcF1TiAj6hhjac70O50PnnzU8cN5Yt9cd0 /uzhrWwE2aCNSUiNy/SMyE9xkpDf/g== =sZw9 -----END PGP SIGNATURE----- --Apple-Mail=_1FF98731-637D-4F3E-B774-74749E482EAD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36992BCA-287B-4F7F-9C38-B75CF817254A>