Re: bind update keeps messing up write-rights

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Christopher K. Johnson wrote:
Gijs wrote:
Sam Varshavchik wrote:
Gijs writes:

Hey List,

Not sure why this is happening so perhaps someone can explain this to me. Whenever I update bind it messes up/resets access rights on my zone files. Now normally this wouldn't be a bad thing, but because I have dynamic updates on, for which named creates journalizing files, I end up having non-writeable journalizing files. So after every update I end up having to manually change the access rights on my jnl files.

Is anyone else having the same problem and/or is it supposed to be like this?

You must have bind configured to run in chroot.

rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you have chroot configured, it runs this lovely bit of code:

   chown -h root:named /var/named/* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null 2>&1;
   chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.* >/dev/null 2>&1;
   chown -h named:named /var/log/named.log >/dev/null 2>&1;
chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log >/dev/null 2>&1;
   chmod 750 ${pfx}/var/named  >/dev/null 2>&1;
   chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
   chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
   chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
chown -h named:named /var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1; chown -h named:named ${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1;
   chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null 2>&1;
chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*} >/dev/null 2>&1; chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.} >/dev/null 2>&1;

Lovely.

Heh, that's indeed lovely. And yea, I've got named configured to run in chroot as it is the default nowadays (at least on Fedora).

You should note that the 'dynamic' subfolder contents are set to mode 660. Move your updateable zone files there and update the referenced paths in named.conf accordingly.

Chris

Yep, completely true. After checking the man file, it indeed says that writeable zone files should be placed in one of the 3 directories in /var/named/{data,slaves,dynamic}.
Good thing we finally got that one sorted out :)

Thanks

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux