From owner-svn-src-head@FreeBSD.ORG Tue Dec 15 10:58:07 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27873106568F; Tue, 15 Dec 2009 10:58:07 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 02C618FC17; Tue, 15 Dec 2009 10:58:07 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 8A9EC46B39; Tue, 15 Dec 2009 05:58:06 -0500 (EST) Date: Tue, 15 Dec 2009 10:58:06 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Doug Barton In-Reply-To: <200912150514.nBF5Eej4050810@svn.freebsd.org> Message-ID: References: <200912150514.nBF5Eej4050810@svn.freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r200563 - in head/etc: mtree namedb X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 10:58:07 -0000 On Tue, 15 Dec 2009, Doug Barton wrote: > The named process needs to have a "working directory" that it can > write to. This is specified in "options { directory }" in named.conf. > So, create /etc/namedb/working with appropriate permissions, and > update the entry in named.conf to match. > > In addition to specifying the working directory, file and path names > in named.conf can be specified relative to the directory listed. > However, since that directory is now different from /etc/namedb > (where the configuration, zone, rndc.*, and other files are located) > further update named.conf to specify all file names with fully > qualified paths. Also update the comment about file and path names > so users know this should be done for all file/path names in the file. > > This change will eliminate the 'working directory is not writable' > messages at boot time without sacrificing security. It will also > allow for features in newer versions of BIND (9.7+) to work as > designed. On a couple of occasions, I've found myself trying to help people get BIND to core dump on a bug, which is a bit tricky in practice. It involves setting appropriate sysctls so that sugid processes generate cores, arranging for a writable core dump directory in the chroot and setting a sysctl so it is found, etc. Does this change simplify that process down to "enable core dump for sugid processes"? If not, are there other things we could do to make this easier? Robert N M Watson Computer Laboratory University of Cambridge