Date: Mon, 4 Aug 2008 15:30:01 +0200 From: "Adrian Penisoara" <ady@freebsd.ady.ro> To: "Ian Smith" <smithi@nimnet.asn.au> Cc: freebsd-net@freebsd.org, Doug Barton <dougb@freebsd.org>, Eugene Grosbein <eugen@kuzbass.ru> Subject: Re: permissions on /etc/namedb Message-ID: <78cb3d3f0808040630o7ad311a5r6da8f821d2bfe63a@mail.gmail.com> In-Reply-To: <Pine.BSF.3.96.1080804201602.13367A-100000@gaia.nimnet.asn.au> References: <4896A416.80602@FreeBSD.org> <Pine.BSF.3.96.1080804201602.13367A-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
On Mon, Aug 4, 2008 at 12:57 PM, Ian Smith <smithi@nimnet.asn.au> wrote:
> On Sun, 3 Aug 2008, Doug Barton wrote:
> > Eugene Grosbein wrote:
> > > On Sun, Aug 03, 2008 at 10:54:05PM -0700, Doug Barton wrote:
> [..]
> > >>> Well, I just want bind be allowed to write to is working directory.
> > >> I think that your idea of "BIND's working directory" is probably
> > >> flawed
> > >
> > > That's not my idea. From /var/log/messages:
> > >
> > > Aug 3 15:02:18 host named[657]: the working directory is not writable
> >
> > That is a quaint reminder of a simpler time. It's far better nowadays
> > to separate the idea of configuration directories and directories that
> > named should write to. (One could easily make the argument that this
> > division should have been enforced from the start, and personally I
> > never liked having named dropping stuff all over my config directory,
> > but I digress.)
>
> In the olden days (bind 4) named.run, named.stats and named_dump.db were
> all written to /var/tmp .. perhaps because it had the sticky bit set?
>
> > >> but if what you want is to make /etc/namedb writable by the
> > >> bind user and have it persist from boot to boot someone else already
> > >> told you how to do that, so good luck.
> > >
> > > Sigh... I have to study mtree now.
> >
> > If it takes you more than 5 minutes, give up. :)
> >
> > > And for what reason? Just because the system thinks it knows better
> what user needs.
> >
> > You previously agreed with me that the defaults should be appropriate
> > for non-expert users, and I would still argue that they are.
>
> With the notable exception of making standard functions rndc trace and
> querylog work, writing to the default file named.run, which named wants
> to write in 'the working directory'. You'll have seen my solution to
> that, touching named.run in case it doesn't exist then chown'ing it to
> bind:wheel in /etc/rc.d/named, which I don't think endangers security.
>
> I've not been able to find another solution, and there's no equivalent
> of dump-file and statistics-file for the trace/querylog file (that I
Quoting from a default distributed /etc/namedb/named.conf:
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
You have to take into account that "directory" is used for any non-absolute
pathname specified in named.conf, including the "file" clauses for
master/slave zones. If you were to change it now then you would break a lot
of setups.
I believe that the "working directory" and "root config directory"
concepts should have been dissociated.
>
> can find) but perhaps you know some way the directory to write this
> file can be specified in named.conf? Maybe to /var/named/var/log ?
>
> > Also, I'm not sure whether you've actually looked at the default
> > named.conf or not, but the two most common files that someone would
> > want to write are the dump and statistics files, and there are already
> > suitable paths for those files provided, and the bind user can
> > actually write to them by default. It would be trivial to expand those
> > examples to other things that are of particular interest to you.
>
> That's what I thought, but my extensive reading hasn't shown me how to
> do that for named.run, so I'd appreciate a clue for a better solution.
>
Best is to have a sepatate configuration directive for the "working
directory" versus "root config directory" assumed by the current "directory"
statement.
Another idea would be to add a final "options { directory "/var/run/named";
}; " statement at the end of the file -- from the BIND sources it appears
that there is a callback function which may pickup this final statement in
order to make it the current working directory for the named process.
Oh, and in the idea that we should keep the default configuration as simple
as possible for the average user and for whatever scenario, here is my
proposal:
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/run/named/named_dump.db";
statistics-file "/var/run/named/named.stats";
Now the reasons:
- the directory statement should remain the same in order not to break
existing "file" functionality for DNS zones;
- we should use /var/run/named since this is the single common path
available for both chrooted and non-chrooted setups;
- rather then dispersing the various output files we should standardize
for a single common output location
I'm not sure what happens when the user toggles tracing / query logging
(with rndc) -- where would these files go by default ?
My 2cents,
Adrian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78cb3d3f0808040630o7ad311a5r6da8f821d2bfe63a>