bind update keeps messing up write-rights

Gijs info at boer-software-en-webservices.nl
Sat Jul 19 17:50:26 UTC 2008 

Ed Warner wrote:
> Message: 7
> Date: Sat, 19 Jul 2008 06:26:53 -0400
> From: "Christopher K. Johnson" <ckjohnson at gwi.net>
> Subject: Re: bind update keeps messing up write-rights
> To: For users of Fedora <fedora-list at redhat.com>
> Message-ID: <4881C16D.7010606 at gwi.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Gijs wrote:
>   
>> Sam Varshavchik wrote:
>>     
>>> Gijs writes:
>>>
>>>       
>>>> Hey List,
>>>>
>>>> Not sure why this is happening so perhaps someone can explain this
>>>>         
>
>   
>>>> to me.
>>>> Whenever I update bind it messes up/resets access rights on my
>>>>         
> zone 
>   
>>>> files. Now normally this wouldn't be a bad thing, but because
>>>>         
> I have 
>   
>>>> dynamic updates on, for which named creates journalizing files, I 
>>>> end up having non-writeable journalizing files. So after every 
>>>> update I end up having to manually change the access rights on my 
>>>> jnl files.
>>>>
>>>> Is anyone else having the same problem and/or is it supposed to be
>>>>         
>
>   
>>>> like this?
>>>>         
>>> You must have bind configured to run in chroot.
>>>
>>> rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you 
>>> have chroot configured, it runs this lovely bit of code:
>>>
>>>    chown -h root:named /var/named/* >/dev/null 2>&1;
>>>    chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null
>>>       
>
>   
>>> 2>&1;
>>>    chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
>>>    chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.* 
>>>       
>>>> /dev/null 2>&1;
>>>>         
>>>    chown -h named:named /var/log/named.log >/dev/null 2>&1;
>>>    chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log 
>>>       
>>>> /dev/null 2>&1;
>>>>         
>>>    chmod 750 ${pfx}/var/named  >/dev/null 2>&1;
>>>    chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
>>>    chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
>>>    chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
>>>    chown -h named:named 
>>> /var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null
>>>       
> 2>&1;
>   
>>>    chown -h named:named 
>>> ${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} 
>>>       
>>>> /dev/null 2>&1;
>>>>         
>>>    chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null
>>>       
> 2>&1;
>   
>>>    chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*}
>>>       
>> /dev/null 
>>     
>>> 2>&1;
>>>    chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.} 
>>>       
>>>> /dev/null 2>&1;
>>>>         
>>> Lovely.
>>>
>>>       
>> Heh, that's indeed lovely. And yea, I've got named configured to
>>     
> run 
>   
>> in chroot as it is the default nowadays (at least on Fedora).
>>
>> You should note that the 'dynamic' subfolder contents are set to mode
>> 660.
>> Move your updateable zone files there and update the referenced paths in 
>> named.conf accordingly.
>>
>> Chris
>>
>>     
>
> Could you clarify your statement for me please?
>
> 1. Othe than my zone files, what else goes into /var/named/chroot/var/named/dynamic ?
>
> 2. My named.conf resides in /var/named/chroot/etc, so I need to make changes to point to the path --> /var/named/chroot/var/named/dynamic ?
>
> Thanks
I cannot really clarify point 1, but I can somewhat clarify point 2.
In my named.conf I now have the following:
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "dynamic/named.0.168.192";
        allow-update { key rndc; };
};

zone "home" IN {
        type master;
        file "dynamic/home.zone";
        allow-update { key rndc; };
};

This allows named to find the zone files inside the dynamic folder. 
Also, /var/named/chroot/etc/named.conf has a hardlink to /etc/named.conf 
so that might be somewhat easier to type next time you want to edit that 
file :). And because named is running inside a chroot, you cannot set 
the path to "/var/named/chroot/var/named/dynamic" inside the named.conf. 
For named, the chroot basically means that everything is running from 
the /var/named/chroot directory. In other words, if you refer to 
/var/named/dynamic inside your named.conf, it actually refers to 
/var/named/chroot/var/named/dynamic.

Hope this makes sense :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080719/b8571bcc/attachment-0001.htm>

More information about the fedora-list mailing list