Date: Fri, 21 Mar 2008 08:54:36 -0500 From: Martin McCormick <martin@dc.cis.okstate.edu> To: freebsd-questions@freebsd.org Subject: Re: /var/named Changes Ownership to Root on Boot Message-ID: <200803211354.m2LDsaI2007169@m.it.okstate.edu>
next in thread | raw e-mail | index | archive | help
I think I fixed it but I am not sure I would have
figured it out quickly without the help from the list.
It seems that FreeBSD defaults to a chroot of bind with
the tree owned by root. You can run bind in a sandbox as the
documentation says and have it chroot but if you do, and heres's
the confusion, you had better disable FreeBSD's attempt to make
sure the /var/named tree is always owned by root which would be
fine if named ran as root.
When you run it in a sandbox with a lower-priority UID,
you must make sure that at least one more little line appears in
rc.conf.local.
named_chrootdir="" # Chroot directory (or "" not to auto-chroot it)
That's the key right there. If you use lines from rc.conf.local
from an older system such as pre-FreeBSD5, you don't need that
line and things work fine. If you don't have it on a FreeBSD5 or
newer system,
/etc/defaults/rc.conf supplies the default version of that line
which reads:
named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it)
and one is seriously messed up from there on during the booting
process.
I was confused and thought this would all help me keep
ownership of /var/named belonging to bind when, in fact, it does
just the opposite.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Network Operations Group
Chuck Swiger writes:
>/var/named is owned by root on all of my newer (5.x and later)
>systems; I found an old 4.11 box with it owned by bind, though. If
>you're using named chroot'ed (as recommended), it will want /var/named/
>var/{dump/log/run/stats} writable by bind.
>
>--
>-Chuck
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803211354.m2LDsaI2007169>