From owner-freebsd-questions@FreeBSD.ORG Thu Jun 17 07:47:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4DCC4106566C for ; Thu, 17 Jun 2010 07:47:34 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id AF58F8FC1E for ; Thu, 17 Jun 2010 07:47:33 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o5H7lQwx001551 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 17 Jun 2010 08:47:26 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4C19D30E.2050409@infracaninophile.co.uk> Date: Thu, 17 Jun 2010 08:47:26 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Peter Boosten References: <201006170232.o5H2Welb014148@dc.cis.okstate.edu> <19481.36703.87734.484856@jerusalem.litteratus.org> <4C1994BE.2030004@boosten.org> In-Reply-To: <4C1994BE.2030004@boosten.org> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lucid-nonsense.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: Ownership of /var/named Changes on Reboot. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2010 07:47:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/06/2010 04:21:34, Peter Boosten wrote: > On 17-6-2010 4:58, Robert Huff wrote: >> >> Martin McCormick writes: >> >>> Is there a way to keep /var/named owned by bind across >>> reboots? >> >> Yes. I had this happen for a long time. >> The bad news is it had been years since I fixed it, and I no >> longer remember exactly what I did. I will keep trying. >> >> > > Permissions are set using the mtree files: > > /etc/mtree/ > Furthermore, the default setup *is* for named to run as an unprivileged process. The setup is very carefully designed so that named doesn't have write permission on the directory where its configuration files are stored, or on directories that contain static zone files, but it does have write permission on directories it uses for zone files AXFR'd from a master, or zone files maintained using dynamic DNS. This used to generate a warning from bind about not having a writable current working directory -- which was basically harmless and could be ignored. However recent changes mean bind needs a writable working directory, so the latest layouts include /var/named/etc/namedb/working Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwZ0w4ACgkQ8Mjk52CukIyWEACfdgSPyaDaLVXp/ugxYPCZIGSf KygAn2bsa27UF+O7BpZwmUMBGRIRvYeI =LaxU -----END PGP SIGNATURE-----