Speaking of Bind: installworld changed directory owner

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Sep 23 14:28:49 PDT 2004 

On Thu, Sep 23, 2004 at 05:03:59PM -0400, Robert Huff wrote:

> 	I have my Bind info in /etc/namedb which is, and should be,
> owned by user bind.
> 	However, every time I do installworld (and maybe installkernel)
> it complains the directory is not owned by root and changes the
> owner.
> 	<*Snarl*>
> 	Is there a knob to tell the scripts to leave the @#$%^&*
> directory alone?

Why do you think /etc/namedb should be owned by the bind user? It
should be *readable* by the bind user, certainly.  As should all of
the named.conf and the various zone files inside it.  But it really
shouldn't be writable.

I have things arranged like this:

    ./etc/namedb:
    total 16
    drwxr-xr-x  5 root  wheel   512 Mar 16  2004 ./
    drwxr-xr-x  3 root  wheel   512 Sep 25  2002 ../
    drwxr-xr-x  2 bind  bind    512 Sep 29  2002 dump/
    -rw-r--r--  1 root  wheel  7753 Mar 16  2004 named.conf
    -rw-r--r--  1 root  wheel  2602 Jan 31  2004 named.root
    drwxr-xr-x  2 root  wheel   512 Sep 23 19:32 p/
    drwxr-xr-x  2 bind  bind    512 Sep 25  2002 s/

where the dump directory is where named is configured to do it's
database dump and to put its stats files.  Directory 'p' (for
'primary') is where I keep the zone files for the zones this server is
the master of, and 's' (for 'secondary') is where bind would AXFR or
IXFR any zones it was a slave server for -- except there aren't any in
my current config.  Only 'dump' and 's' need to be writable by the
bind user.

Don't worry about the leading dot on the file name './etc/namedb' --
I'm actually running bind chrooted, so the directory is really
/var/named/etc/namedb.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040923/58a5babe/attachment.bin

More information about the freebsd-questions mailing list