Date: Mon, 4 Aug 2008 02:01:17 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Eugene Grosbein <eugen@kuzbass.ru> Cc: net@freebsd.org Subject: Re: permissions on /etc/namedb Message-ID: <Pine.BSF.3.96.1080804013046.13190C-100000@gaia.nimnet.asn.au> In-Reply-To: <20080803144719.GA33577@svzserv.kemerovo.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 3 Aug 2008, Eugene Grosbein wrote:
> On Sun, Aug 03, 2008 at 10:32:22PM +1000, Ian Smith wrote:
>
> > > I need /etc/namedb to be owned by root:bind and have permissions 01775,
> > > so bind may write to it but may not overwrite files that belong to root
> > > here, and I made it so. Suprise!
> > >
> > > # /etc/rc.d/named restart
> > > Stopping named.
> > > Waiting for PIDS: 1892.
> > > etc/namedb changed
> > > gid expected 0 found 53 modified
> > > permissions expected 0755 found 01775 modified
> > > Starting named.
> >
> > Are you running /etc/namedb linked to chroot'd /var/named/etc/namedb?
> > If so, that'd be mtree restoring perms from /etc/mtree/BIND.chroot.dist
>
> I just have 'named_enable="YES"' in /etc/rc.conf, it's 6.3-STABLE
> and stock bind9. I could set named_chroot_autoupdate="NO",
> but I see now it won't mount devfs into chroot are in that case.
So hacking /etc/rc.d/named in chroot_autoupdate to do something like:
files_bind_writes='named.run' # whatever
for f in ${files_bind_writes}; do
touch ${named_chrootdir}/etc/namedb/${f}
chown bind:wheel ${named_chrootdir}/etc/namedb/${f}
done
wouldn't work for you?
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1080804013046.13190C-100000>