Date: Tue, 8 Nov 2005 15:27:38 -0600 From: Josh Tolbert <hemi@puresimplicity.net> To: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Cc: freebsd-questions@freebsd.org Subject: Re: Unusual permissions on /var/named/etc/namedb/master? Message-ID: <20051108212738.GB1623@just.puresimplicity.net> In-Reply-To: <44hdanhy1w.fsf@be-well.ilk.org> References: <20051108081941.GA27333@just.puresimplicity.net> <44hdanhy1w.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 08, 2005 at 12:03:23PM -0500, Lowell Gilbert wrote: > Josh Tolbert <hemi@puresimplicity.net> writes: > > > Hello, > > > > I'm running DHCP + dynamic DNS here on my home LAN and I've noticed a problem > > that needs a manual fix every time the DNS machine gets rebooted. It doesn't > > happen very often, but it does happen. :) > > > > My firewall/gateway machine runs FreeBSD-5.4-RELEASE of some patchlevel. It > > uses ISC DHCPD from ports to update my DNS server, another FreeBSD machine > > (now running 6.0-RELEASE) with new entries when machines register with the > > DHCP server. The problem arises because by default named runs -u bind, however > > /var/named/etc/namedb/master is owned by root. I believe this is caused by > > /etc/mtree/BIND.chroot.dist, since I'm running bind chrooted (the default > > setup). When the DNS machine reboots, I have to manually chown > > /var/named/etc/namedb/master (or /etc/namedb/master) to bind before updates > > will continue, otherwise I see errors such as > > > > named[297]: dumping master file: master/tmp-QQ2UU6pWaZ: open: permission denied > > > > Is there any good workaround for this issue? I'd like to keep bind running as > > the bind user as well as keep bind chrooted if possible. I know I could edit > > the mtree file on my machine, but that seems somewhat kludgy to me. > > > > Thanks for any help/advice you can give me, > > Normally mtree is only automatically run by installworld. > Is that what causes the permissions to be reverted? > If so, then change the mtree file (and keep the modifications over > time when you run mergemaster). > If not, then figure out what *is* changing the permissions. Hi Lowell, >From what I'm seeing in the /etc/rc.d/named script, mtree gets ran with the BIND.chroot.dist mtree file every time bind starts. I guess I'll have to maintain my own changes to that file for the time being. Thanks, Josh -- Josh Tolbert hemi@puresimplicity.net || http://www.puresimplicity.net/~hemi/ If your sysadmin's not being fascist, you're paying him too much. --Sam Greenfield
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051108212738.GB1623>