From owner-freebsd-current@FreeBSD.ORG Tue Oct 5 07:12:08 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C1C616A4CE; Tue, 5 Oct 2004 07:12:08 +0000 (GMT) Received: from castle.jp.FreeBSD.org (castle.jp.FreeBSD.org [210.226.20.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58BC543D1F; Tue, 5 Oct 2004 07:12:07 +0000 (GMT) (envelope-from matusita@jp.FreeBSD.org) Received: from localhost (localhost [::1])i957C5801876; Tue, 5 Oct 2004 16:12:05 +0900 (JST) (envelope-from matusita@jp.FreeBSD.org) In-Reply-To: <20041004223818.I85445@ync.qbhto.arg> References: <20041005114834Y.matusita@jp.FreeBSD.org> <2EC1F982-1680-11D9-B1D0-003065A20588@mac.com> <20041004223818.I85445@ync.qbhto.arg> X-User-Agent: Mew/1.94.2 Emacs/21.3 X-FaceAnim: (-O_O-)(O_O- )(_O- )(O- )(- -)( -O)( -O_)( -O_O)(-O_O-) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Dispatcher: imput version 20040704(IM147) Lines: 75 From: Makoto Matsushita To: DougB@freebsd.org, cswiger@mac.com Date: Tue, 05 Oct 2004 16:12:02 +0900 Message-Id: <20041005161202V.matusita@jp.FreeBSD.org> cc: freebsd-current@freebsd.org Subject: Re: New BIND 9 chroot directories X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Oct 2004 07:12:08 -0000 Thanks for your emails, giving me a chance to consider what I can, like, and will do for configuring my nameservers. DougB> As a whole, var is no more volatile than any other directory, DougB> although bits of it (like /var/run) are recreated at each boot. Hmm, maybe that's so, ok. DougB> Configurations that split volatile and non-volatile bits into DougB> seperate directories are possible, but IMO they are needlessly DougB> complicated. Fully agreed. DougB> All that said, the defaults are just the defaults. The thing DougB> that people really need to keep in mind is that if you want to DougB> change it, you can. However, unfortunately it's _default_ -- no matter it is intended or not, some of users feel that FreeBSD the OS _enforces_ users to configure named in that way. As we already seen, there are preferences on "directory names for zone files (master/slave v.s. m/s)." Imagine you like to put your master zone file under ${chrootdir}/etc/namedb/M, and find that there is ${chrootdir}/etc/namedb/master which is bogus for you. I believe that named(8) have no default directory for master zone files -- if you don't want to implement a policy, "master file should be sitting under /etc/namedb/master," it would be better to create that directory. Here's a simple patch to remove master/slave directories. Please note that if you want to have ${chrootdir}/etc/namedb/master, "just mkdir(1) it" is enough with no further fears (mtree(8) doesn't complain anything even if any unlisted directories are there). Index: BIND.chroot.dist =================================================================== RCS file: /home/ncvs/src/etc/mtree/BIND.chroot.dist,v retrieving revision 1.5 diff -u -r1.5 BIND.chroot.dist --- BIND.chroot.dist 29 Sep 2004 03:43:10 -0000 1.5 +++ BIND.chroot.dist 5 Oct 2004 07:00:43 -0000 @@ -9,10 +9,6 @@ .. etc namedb - master - .. - slave uname=bind - .. .. .. /set type=dir uname=bind gname=wheel mode=0755 There's one thing to consider if above diff is applied; the owner of slave directory and effective user id of running named should be matched, since named will write a file to that directory. However it causes us very few, since old /etc/namedb didn't have it, and it would be easy to set with chown(1) (one time set, nobody overrides it). Please note that "named config files is under ${chrootdir}/etc/namedb" is ok, since it comes from named implementation, not any of us. In the same reason, it would be no problem we have ${chrootdir}/var/run which is requested by syslogd. DougB> If anyone wants to come up with something like that, I'm all DougB> ears, however my guess is that the variety of input is so DougB> varied that such an undertaking would be pointless. Thank you, and just a question for you, how do you think to remove ${chrootdir}/etc/namedb/{master,slave} directories? -- - Makoto `MAR' Matsushita