permissions on /etc/namedb
Ian Smith
smithi at nimnet.asn.au
Sun Aug 3 16:02:03 UTC 2008
On Sun, 3 Aug 2008, Eugene Grosbein wrote:
> On Sun, Aug 03, 2008 at 10:32:22PM +1000, Ian Smith wrote:
>
> > > I need /etc/namedb to be owned by root:bind and have permissions 01775,
> > > so bind may write to it but may not overwrite files that belong to root
> > > here, and I made it so. Suprise!
> > >
> > > # /etc/rc.d/named restart
> > > Stopping named.
> > > Waiting for PIDS: 1892.
> > > etc/namedb changed
> > > gid expected 0 found 53 modified
> > > permissions expected 0755 found 01775 modified
> > > Starting named.
> >
> > Are you running /etc/namedb linked to chroot'd /var/named/etc/namedb?
> > If so, that'd be mtree restoring perms from /etc/mtree/BIND.chroot.dist
>
> I just have 'named_enable="YES"' in /etc/rc.conf, it's 6.3-STABLE
> and stock bind9. I could set named_chroot_autoupdate="NO",
> but I see now it won't mount devfs into chroot are in that case.
So hacking /etc/rc.d/named in chroot_autoupdate to do something like:
files_bind_writes='named.run' # whatever
for f in ${files_bind_writes}; do
touch ${named_chrootdir}/etc/namedb/${f}
chown bind:wheel ${named_chrootdir}/etc/namedb/${f}
done
wouldn't work for you?
cheers, Ian
More information about the freebsd-net
mailing list