From owner-freebsd-questions@FreeBSD.ORG  Thu Sep 23 21:28:48 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CC9C416A4CE
	for <questions@freebsd.org>; Thu, 23 Sep 2004 21:28:48 +0000 (GMT)
Received: from smtp.infracaninophile.co.uk
	(happy-idiot-talk.infracaninophile.co.uk [81.2.69.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BB05143D45
	for <questions@freebsd.org>; Thu, 23 Sep 2004 21:28:43 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1])
	i8NLScjk001085
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 23 Sep 2004 22:28:38 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)i8NLSbqN001084;
	Thu, 23 Sep 2004 22:28:37 +0100 (BST)	(envelope-from matthew)
Date: Thu, 23 Sep 2004 22:28:37 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: Robert Huff <roberthuff@rcn.com>
Message-ID: <20040923212837.GA876@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	Robert Huff <roberthuff@rcn.com>, questions@freebsd.org
References: <16723.14911.322906.824692@jerusalem.litteratus.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="PNTmBPCT7hxwcZjr"
Content-Disposition: inline
In-Reply-To: <16723.14911.322906.824692@jerusalem.litteratus.org>
User-Agent: Mutt/1.4.2.1i
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6
	(smtp.infracaninophile.co.uk [IPv6:::1]); Thu, 23 Sep 2004 22:28:38 +0100
	(BST)
X-Virus-Scanned: clamd / ClamAV version devel-20040904, clamav-milter version
	0.75l	on smtp.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on 
	happy-idiot-talk.infracaninophile.co.uk
cc: questions@freebsd.org
Subject: Re: Speaking of Bind: installworld changed directory owner
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Sep 2004 21:28:49 -0000


--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 23, 2004 at 05:03:59PM -0400, Robert Huff wrote:

> 	I have my Bind info in /etc/namedb which is, and should be,
> owned by user bind.
> 	However, every time I do installworld (and maybe installkernel)
> it complains the directory is not owned by root and changes the
> owner.
> 	<*Snarl*>
> 	Is there a knob to tell the scripts to leave the @#$%^&*
> directory alone?

Why do you think /etc/namedb should be owned by the bind user? It
should be *readable* by the bind user, certainly.  As should all of
the named.conf and the various zone files inside it.  But it really
shouldn't be writable.

I have things arranged like this:

    ./etc/namedb:
    total 16
    drwxr-xr-x  5 root  wheel   512 Mar 16  2004 ./
    drwxr-xr-x  3 root  wheel   512 Sep 25  2002 ../
    drwxr-xr-x  2 bind  bind    512 Sep 29  2002 dump/
    -rw-r--r--  1 root  wheel  7753 Mar 16  2004 named.conf
    -rw-r--r--  1 root  wheel  2602 Jan 31  2004 named.root
    drwxr-xr-x  2 root  wheel   512 Sep 23 19:32 p/
    drwxr-xr-x  2 bind  bind    512 Sep 25  2002 s/

where the dump directory is where named is configured to do it's
database dump and to put its stats files.  Directory 'p' (for
'primary') is where I keep the zone files for the zones this server is
the master of, and 's' (for 'secondary') is where bind would AXFR or
IXFR any zones it was a slave server for -- except there aren't any in
my current config.  Only 'dump' and 's' need to be writable by the
bind user.

Don't worry about the leading dot on the file name './etc/namedb' --
I'm actually running bind chrooted, so the directory is really
/var/named/etc/namedb.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--PNTmBPCT7hxwcZjr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBU0AFiD657aJF7eIRAhPZAJ92bTtc9VMLqecI1Y79t+fy5WiQwQCfYo43
tMAoVhMFWUErF8cr6GT0FUs=
=qGZg
-----END PGP SIGNATURE-----

--PNTmBPCT7hxwcZjr--