From owner-freebsd-questions@FreeBSD.ORG Thu Mar 20 23:45:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DCEB1065674 for ; Thu, 20 Mar 2008 23:45:44 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id AD1308FC14 for ; Thu, 20 Mar 2008 23:45:43 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.13.8) with ESMTP id m2KNjSac093431; Thu, 20 Mar 2008 18:45:28 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080320184623.026b2ac8@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 20 Mar 2008 18:47:23 -0500 To: Martin McCormick , freebsd-questions@freebsd.org From: Derek Ragona In-Reply-To: <200803202330.m2KNUpUN083945@dc.cis.okstate.edu> References: <200803202330.m2KNUpUN083945@dc.cis.okstate.edu> Mime-Version: 1.0 X-Antivirus: avast! (VPS 080320-0, 03/20/2008), Outbound message X-Antivirus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: /var/named Changes Ownership to Root on Boot X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2008 23:45:44 -0000 At 06:30 PM 3/20/2008, Martin McCormick wrote: > About half of the 7 FreeBSD systems I run exhibit a very >annoying behavior that I have not pinned down yet as to why and >how to correct it. > > I reboot. Soon, I find that bind isn't running. It runs >as a low-priority process and is owned by bind so it needs to >have write permission in /var/named. When I do ls -ld on >/var/named, it's owned by root. > > As I said, several systems do this and several more >don't and they are all running FreeBSD6.2 except for one which >is FreeBSD5.x. > > I originally used the stock /etc/rc.d start script for >named. After getting the chown surprise on a key system, I >hard-coded a 4-line script that just starts bind no matter what. >It seemed to work so I was happy even though that is not a >proper fix. > > After our master DHCP server played the chown prank on >me yesterday, I added a fifth line to the hard-wire script to >chown -R bind:bind /var/named. > > I guess the switcheroo happens after rc calls that >script for I still had a dead bind until I changed it back and >started it manually. > > Some other systems never do the switch and my test box, >of course, is one of those so I can't fix what isn't broken. It >seems like the boxes that do this are inversely proportional to >their importance. Our master DNS did this to me this evening >after a reboot so I am asking for an explanation of what I have >done wrong to cause this to happen. > > I even did a sh -x /etc/rc/named and got kind of lost in >rc.subr procedures and never saw the attempted switch of >ownership. > > Thank you for any pointers to documentation that >explains this as many of the systems in question are up for a >year or more at times and we don't get to diagnose their boot >process that often. When something fails to start, it's one of >those SURPRISE!'s we'd all rather not have when in a hurry to >get key systems back running again. > >Martin McCormick WB5AGZ Stillwater, OK >Systems Engineer >OSU Information Technology Department Network Operations Group Sounds like you have named chroot'ing and probably don't want that behavior. Look at the defaults for named and set them correctly in /etc/rc.conf -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.