bind update keeps messing up write-rights
Ed Warner
edwarner99 at yahoo.com
Sat Jul 19 17:11:27 UTC 2008
Message: 7
Date: Sat, 19 Jul 2008 06:26:53 -0400
From: "Christopher K. Johnson" <ckjohnson at gwi.net>
Subject: Re: bind update keeps messing up write-rights
To: For users of Fedora <fedora-list at redhat.com>
Message-ID: <4881C16D.7010606 at gwi.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Gijs wrote:
> Sam Varshavchik wrote:
>> Gijs writes:
>>
>>> Hey List,
>>>
>>> Not sure why this is happening so perhaps someone can explain this
>>> to me.
>>> Whenever I update bind it messes up/resets access rights on my
zone
>>> files. Now normally this wouldn't be a bad thing, but because
I have
>>> dynamic updates on, for which named creates journalizing files, I
>>> end up having non-writeable journalizing files. So after every
>>> update I end up having to manually change the access rights on my
>>> jnl files.
>>>
>>> Is anyone else having the same problem and/or is it supposed to be
>>> like this?
>>
>> You must have bind configured to run in chroot.
>>
>> rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you
>> have chroot configured, it runs this lovely bit of code:
>>
>> chown -h root:named /var/named/* >/dev/null 2>&1;
>> chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null
>> 2>&1;
>> chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
>> chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.*
>> >/dev/null 2>&1;
>> chown -h named:named /var/log/named.log >/dev/null 2>&1;
>> chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log
>> >/dev/null 2>&1;
>> chmod 750 ${pfx}/var/named >/dev/null 2>&1;
>> chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
>> chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
>> chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
>> chown -h named:named
>> /var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null
2>&1;
>> chown -h named:named
>> ${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
>> >/dev/null 2>&1;
>> chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null
2>&1;
>> chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*}
>/dev/null
>> 2>&1;
>> chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.}
>> >/dev/null 2>&1;
>>
>> Lovely.
>>
> Heh, that's indeed lovely. And yea, I've got named configured to
run
> in chroot as it is the default nowadays (at least on Fedora).
>
>You should note that the 'dynamic' subfolder contents are set to mode
>660.
>Move your updateable zone files there and update the referenced paths in
>named.conf accordingly.
>
>Chris
>
Could you clarify your statement for me please?
1. Othe than my zone files, what else goes into /var/named/chroot/var/named/dynamic ?
2. My named.conf resides in /var/named/chroot/etc, so I need to make changes to point to the path --> /var/named/chroot/var/named/dynamic ?
Thanks,
More information about the users
mailing list