From owner-freebsd-questions  Mon Jan  6 23: 6:48 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DF13037B401
	for <questions@freebsd.org>; Mon,  6 Jan 2003 23:06:46 -0800 (PST)
Received: from silicon.prairie.net (desm-rl142-100.isdn.netins.net [167.142.142.100])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BEB9543ED1
	for <questions@freebsd.org>; Mon,  6 Jan 2003 23:06:45 -0800 (PST)
	(envelope-from jbackst@silicon.prairie.net)
Received: (from jbackst@localhost)
	by silicon.prairie.net (8.11.4/8.11.4) id h0776jR13573
	for questions@freebsd.org; Tue, 7 Jan 2003 01:06:45 -0600
Date: Tue, 7 Jan 2003 01:06:45 -0600
From: "Jon W. Backstrom" <jbackst@iowa.net>
Message-Id: <200301070706.h0776jR13573@silicon.prairie.net>
To: questions@freebsd.org
Subject: Running named in a sandbox...problems with /var/run/named.pid
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Dear FreeBSD Community,

I am trying to run named (bind) in a sandbox using the default flags
found in the config files. I've got this in my /etc/rc.conf file:

named_enable="YES"             # Run named, the DNS server (or NO).
named_flags="-u bind -g bind"  # Flags for named

I also did a "chown -R bind:bind" to my secondaary DNS directory, so
all updates work with the new "bind" userID and group (53).

[/etc/group]
bind:*:53:

The problem comes when I use "/usr/sbin/named.reload" ... I get an
error message that named can't write the /var/run/named.pid file.

It seems unable to delete and rewrite "named.pid".  I've tried 
various group permissions for /var/run to allow the "bind" user
to create this file, but I can't seem to make this error go away.

Is there an obvious trick to running named in a sandbox under the
FreeBSD 4.7 standard distro?

Thank you!

Jon Backstrom
jbackst@iowa.net


P.S. - In the /etc/defaults/rc.conf file, there is a comment that
       it *may* be possible to run named in a sandbox...but the
       docs in "man security" don't mention anyting about the 
       problems with /var/run/named.pid.

# named.  It may be possible to run named in a sandbox, man security for
# details.
#
named_enable="NO"               # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # path to named, if you want a different one.
#named_flags="-u bind -g bind"  # Flags for named


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message