Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 7 Jan 2003 12:02:47 +0000
From:      Daniel Bye <dan@slightlystrange.org>
To:        questions@freebsd.org
Subject:   Re: Running named in a sandbox...problems with /var/run/named.pid
Message-ID:  <20030107120247.GA30748@catflap.home.slightlystrange.org>
In-Reply-To: <200301070706.h0776jR13573@silicon.prairie.net>
References:  <200301070706.h0776jR13573@silicon.prairie.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jan 07, 2003 at 01:06:45AM -0600, Jon W. Backstrom wrote:
> Dear FreeBSD Community,
> 
> I am trying to run named (bind) in a sandbox using the default flags
> found in the config files. I've got this in my /etc/rc.conf file:
> 
> named_enable="YES"             # Run named, the DNS server (or NO).
> named_flags="-u bind -g bind"  # Flags for named
> 
> I also did a "chown -R bind:bind" to my secondaary DNS directory, so
> all updates work with the new "bind" userID and group (53).
> 
> [/etc/group]
> bind:*:53:
> 
> The problem comes when I use "/usr/sbin/named.reload" ... I get an
> error message that named can't write the /var/run/named.pid file.

You need to make a var/run/ in named's sandbox root.  By the time it
writes its pidfile, it has already done the chroot() syscall, and 
cannot see anything outside its own new root.  For the sake of other
apps that don't run in the same sandbox, you can always symlink the
new sandboxed pidfile to the /var/run/named.pid.

You should restore the permissions on /var/run, and ensure that your
named/bind user has permission to write to the new one you just 
created.

At least, this is how I interpreted your problem.  Forgive me if you
have already done these things...

Dan

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030107120247.GA30748>