From owner-freebsd-questions@FreeBSD.ORG Mon Dec 3 22:24:17 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49C8B16A41A for ; Mon, 3 Dec 2007 22:24:17 +0000 (UTC) (envelope-from freebsd@superhero.nl) Received: from superman.superhero.nl (superhero.nl [82.95.198.17]) by mx1.freebsd.org (Postfix) with ESMTP id C31B313C457 for ; Mon, 3 Dec 2007 22:24:16 +0000 (UTC) (envelope-from freebsd@superhero.nl) Received: (qmail 20391 invoked by uid 80); 3 Dec 2007 22:24:02 -0000 Received: from robin.ad.superhero.nl ([10.202.77.103]) (SquirrelMail authenticated user gelsemap) by webmail.superhero.nl with HTTP; Mon, 3 Dec 2007 23:24:02 +0100 (CET) Message-ID: <4797.10.202.77.103.1196720642.squirrel@webmail.superhero.nl> In-Reply-To: <47547D3F.50307@riderway.com> References: <4760.10.202.77.103.1196718933.squirrel@webmail.superhero.nl> <47547D3F.50307@riderway.com> Date: Mon, 3 Dec 2007 23:24:02 +0100 (CET) From: "Gelsema, P \(Patrick\) - FreeBSD" To: "Philip M. Gollucci" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: "Gelsema, P \(Patrick\) - FreeBSD" , "freebsd-questions@freebsd.org" Subject: Re: named / BIND 9.4.1-P1 /etc/named/master ownership X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2007 22:24:17 -0000 On Mon, December 3, 2007 23:03, Philip M. Gollucci wrote: > Gelsema, P (Patrick) - FreeBSD wrote: >> In /etc/rc.conf I got the following. >> hulk# cat /etc/rc.conf | grep named >> named_enable="YES" >> named_uid="bind" >> named_chrootdir="/var/named" > grep named /etc/defaults/rc.conf > # named. It may be possible to run named in a sandbox, man security for > named_enable="NO" # Run named, the DNS server (or NO). > named_program="/usr/sbin/named" # path to named, if you want a different > one. > #named_flags="" # Flags for named > named_pidfile="/var/run/named/pid" # Must set this in named.conf as well > named_uid="bind" # User to run named as > named_chrootdir="/var/named" # Chroot directory (or "" not to > auto-chroot it) > named_chroot_autoupdate="YES" # Automatically install/update chrooted > # components of named. See > /etc/rc.d/named. > named_symlink_enable="YES" # Symlink the chrooted pid file > > > As you can see, your named_uid and named_chrootdir are not needed, that > is the default. > > The thing causing your issue is named_chroot_autoupdate="YES" (the > default) and it is correct to do so, you should not be changing these > without very good reason. Okido. I understand that. The fact is that I do get lines logged that permission is denied for dump: Dec 3 21:36:51 hulk named[854]: dumping master file: master/tmp-aET3vZVt47: open: permission denied Dec 3 21:42:22 hulk named[854]: dumping master file: master/tmp-Epzp4gKXgI: open: permission denied When I change the ownership, problem goes away. How can I get the problem away without changing the ownership? Rgds, Patrick > > -- > ------------------------------------------------------------------------ > Philip M. Gollucci (philip@ridecharge.com) > o:703.549.2050x206 > Senior System Admin - Riderway, Inc. > http://riderway.com / http://ridecharge.com > 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF > > Work like you don't need the money, > love like you'll never get hurt, > and dance like nobody's watching. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >