Date: Thu, 04 Aug 2011 12:34:35 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jos Chrispijn <kernel@webrz.net> Cc: freebsd-questions@freebsd.org Subject: Re: Named | Annoying behaviour Message-ID: <4E3A83CB.8020009@infracaninophile.co.uk> In-Reply-To: <4E3A7575.8060901@webrz.net> References: <4E3A7575.8060901@webrz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD82CD914B8705608F7F19509
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
on 04/08/2011 11:33, Jos Chrispijn wrote:
> I latety face an issue with BIND 9.4.-ESV-R4-P1.
I deduce that you are running FreeBSD 7.x ....
> According to my log file, I get the following error:
> Aug 4 12:00:03 triton named[93266]: starting BIND 9.4.-ESV-R4-P1 -c
> /etc/namedb/named.conf -t /var/named -u bind
> Aug 4 12:00:03 triton named[93266]: command channel listening on
> 127.0.0.1#953
> Aug 4 12:00:03 triton named[93266]: command channel listening on ::1#9=
53
> Aug 4 12:00:03 triton named[93266]: _the working directory is not
> writable_
> Aug 4 12:00:03 triton named[93266]: running
>=20
> I tried to chmod w+g the respecive directory, but it is set to default
> again by bind itself.
> Can someone tell me how I can resolve the +w on the working directory?
By default, the permissions on and location of Bind's working directory
should be:
% ls -lad /etc/namedb/working
drwxr-xr-x 2 bind wheel 6 Aug 4 11:26 /etc/namedb/working/
Now, as you're clearly running named under the bind user ID, this
suggests that perhaps you have some other directory defined as your
working directory in named.conf Check the 'directory' setting in the
options {}; block.
The location of the working directory was changed not so long ago --
http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/namedb/named.conf#rev1.30
-- due to the requirement for named to track various data to do with
DNSSEC. Previously, the working directory was /etc/namedb but simply
making this writable by named would have meant a process with the
credentials that named runs as could re-write named's configuration
file; an unacceptable security risk for a daemon exposed to the internet.=
One unfortunate consequence is that any relative paths within named.conf
have to be altered accordingly.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enigD82CD914B8705608F7F19509
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEUEARECAAYFAk46g9MACgkQ8Mjk52CukIxbeQCeIjglmbZyLzjbZAY8hewWXkDW
W8EAmIQRL1JPC6sCiUCMI1O6SywVxp8=
=5YHN
-----END PGP SIGNATURE-----
--------------enigD82CD914B8705608F7F19509--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E3A83CB.8020009>