Date: Thu, 23 Sep 2004 22:28:37 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Robert Huff <roberthuff@rcn.com> Cc: questions@freebsd.org Subject: Re: Speaking of Bind: installworld changed directory owner Message-ID: <20040923212837.GA876@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <16723.14911.322906.824692@jerusalem.litteratus.org> References: <16723.14911.322906.824692@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Sep 23, 2004 at 05:03:59PM -0400, Robert Huff wrote:
> I have my Bind info in /etc/namedb which is, and should be,
> owned by user bind.
> However, every time I do installworld (and maybe installkernel)
> it complains the directory is not owned by root and changes the
> owner.
> <*Snarl*>
> Is there a knob to tell the scripts to leave the @#$%^&*
> directory alone?
Why do you think /etc/namedb should be owned by the bind user? It
should be *readable* by the bind user, certainly. As should all of
the named.conf and the various zone files inside it. But it really
shouldn't be writable.
I have things arranged like this:
./etc/namedb:
total 16
drwxr-xr-x 5 root wheel 512 Mar 16 2004 ./
drwxr-xr-x 3 root wheel 512 Sep 25 2002 ../
drwxr-xr-x 2 bind bind 512 Sep 29 2002 dump/
-rw-r--r-- 1 root wheel 7753 Mar 16 2004 named.conf
-rw-r--r-- 1 root wheel 2602 Jan 31 2004 named.root
drwxr-xr-x 2 root wheel 512 Sep 23 19:32 p/
drwxr-xr-x 2 bind bind 512 Sep 25 2002 s/
where the dump directory is where named is configured to do it's
database dump and to put its stats files. Directory 'p' (for
'primary') is where I keep the zone files for the zones this server is
the master of, and 's' (for 'secondary') is where bind would AXFR or
IXFR any zones it was a slave server for -- except there aren't any in
my current config. Only 'dump' and 's' need to be writable by the
bind user.
Don't worry about the leading dot on the file name './etc/namedb' --
I'm actually running bind chrooted, so the directory is really
/var/named/etc/namedb.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--PNTmBPCT7hxwcZjr
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFBU0AFiD657aJF7eIRAhPZAJ92bTtc9VMLqecI1Y79t+fy5WiQwQCfYo43
tMAoVhMFWUErF8cr6GT0FUs=
=qGZg
-----END PGP SIGNATURE-----
--PNTmBPCT7hxwcZjr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040923212837.GA876>