Re: bind update keeps messing up write-rights

["Christopher K. Johnson" <ckjohnson@xxxxxxx>]

Gijs wrote:
> Sam Varshavchik wrote:
> > Gijs writes:
> >
> > > Hey List,
> > >
> > > Not sure why this is happening so perhaps someone can explain this 
> > > to me.
> > > Whenever I update bind it messes up/resets access rights on my zone 
> > > files. Now normally this wouldn't be a bad thing, but because I have 
> > > dynamic updates on, for which named creates journalizing files, I 
> > > end up having non-writeable journalizing files. So after every 
> > > update I end up having to manually change the access rights on my 
> > > jnl files.
> > >
> > > Is anyone else having the same problem and/or is it supposed to be 
> > > like this?
> >
> > You must have bind configured to run in chroot.
> >
> > rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you 
> > have chroot configured, it runs this lovely bit of code:
> >
> >    chown -h root:named /var/named/* >/dev/null 2>&1;
> >    chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null 
> > 2>&1;
> >    chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
> >    chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.* 
> > >/dev/null 2>&1;
> >    chown -h named:named /var/log/named.log >/dev/null 2>&1;
> >    chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log 
> > >/dev/null 2>&1;
> >    chmod 750 ${pfx}/var/named  >/dev/null 2>&1;
> >    chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
> >    chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
> >    chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
> >    chown -h named:named 
> > /var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1;
> >    chown -h named:named 
> > ${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} 
> > >/dev/null 2>&1;
> >    chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null 2>&1;
> >    chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*} >/dev/null 
> > 2>&1;
> >    chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.} 
> > >/dev/null 2>&1;
> >
> > Lovely.
> Heh, that's indeed lovely. And yea, I've got named configured to run 
> in chroot as it is the default nowadays (at least on Fedora).
You should note that the 'dynamic' subfolder contents are set to mode 660.
Move your updateable zone files there and update the referenced paths in 
named.conf accordingly.

Chris

--
  "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
  Chris Johnson, RHCE #804005699817957

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list