Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Jun 2010 08:47:26 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Peter Boosten <peter@boosten.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Ownership of /var/named Changes on Reboot.
Message-ID:  <4C19D30E.2050409@infracaninophile.co.uk>
In-Reply-To: <4C1994BE.2030004@boosten.org>
References:  <201006170232.o5H2Welb014148@dc.cis.okstate.edu>	<19481.36703.87734.484856@jerusalem.litteratus.org> <4C1994BE.2030004@boosten.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 17/06/2010 04:21:34, Peter Boosten wrote:
> On 17-6-2010 4:58, Robert Huff wrote:
>>
>> Martin McCormick writes:
>>
>>>  	Is there a way to keep /var/named owned by bind across
>>>  reboots?
>>
>> 	Yes.  I had this happen for a long time.
>> 	The bad news is it had been years since I fixed it, and I no
>> longer remember exactly what I did.  I will keep trying.
>>
>>
> 
> Permissions are set using the mtree files:
> 
> /etc/mtree/
> 

Furthermore, the default setup *is* for named to run as an unprivileged
process.  The setup is very carefully designed so that named doesn't
have write permission on the directory where its configuration files are
stored, or on directories that contain static zone files, but it does
have write permission on directories it uses for zone files AXFR'd from
a master, or zone files maintained using dynamic DNS.

This used to generate a warning from bind about not having a writable
current working directory -- which was basically harmless and could be
ignored.  However recent changes mean bind needs a writable working
directory, so the latest layouts include /var/named/etc/namedb/working

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwZ0w4ACgkQ8Mjk52CukIyWEACfdgSPyaDaLVXp/ugxYPCZIGSf
KygAn2bsa27UF+O7BpZwmUMBGRIRvYeI
=LaxU
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C19D30E.2050409>