Skip site navigation (1)Skip section navigation (2) 
Date:      08 Aug 2001 16:38:15 -0400
From:      Vivek Khera <khera@kcilink.com>
To:        questions@freebsd.org
Subject:   Re: Bind, Freebsd and permission problems.
Message-ID:  <x7itfygudk.fsf@onceler.kciLink.com>
In-Reply-To: <BBDEEDD2EB67D311A0240008C74B9345129C6D@ntxmidcity.sdccd.cc.ca.us>
References:  <BBDEEDD2EB67D311A0240008C74B9345129C6D@ntxmidcity.sdccd.cc.ca.us>
next in thread | previous in thread | raw e-mail | index | archive | help 
>>>>> "EF" == Erin Fortenberry <efortenb@sdccd.cc.ca.us> writes:

EF> I run my primary DNS server as bind:bind but I am unable to -HUP it because
EF> it gets a permission denied on the named.conf file. This .conf file is
EF> currently owned by bind:bind with a permissions of 440. It does not master
EF> what I set the permissions too, it does not work.

The actual situation on your disk disagrees with what you are
claiming, because if the file is owned by bind:bind, then there is no
way that the process running as user bind will not be able to read it,
unless the parent directory is unreadable to it.

EF> So my question is, it their any docs to help me either jail named or run it
EF> correctly as something other then root on FreeBSD?

Here's my set up:

[yertle]% ls -ld /etc/namedb
drwxr-xr-x  3 root  wheel  512 Jul 31 17:24 /etc/namedb/
[yertle]% ls -l /etc/namedb
total 15
-rw-r--r--  1 root  wheel   423 Jul 28  2000 PROTO.localhost.rev
-r--r--r--  1 root  wheel   269 Sep 14  2000 local
-r--r--r--  1 root  wheel   271 Sep 14  2000 local.rev
-rw-r--r--  1 root  wheel   261 Sep 14  2000 localhost
-rw-r--r--  1 root  wheel   847 Jun 26 09:12 make-localhost
-rw-r-----  1 root  bind    852 Jul 31 17:24 named.conf
-rw-r--r--  1 root  wheel  2843 Jul 28  2000 named.root
drwxr-xr-x  2 bind  bind    512 Jul 20 15:28 secondaries/

You don't really want named.conf writable by user bind in case some
future bug in bind makes that a vulnerability.

I just run named with "-g bind -u bind" options.

Of course, make sure your named.conf uses /etc/namedb as its path for
the files it needs.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD       +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?x7itfygudk.fsf>