bind update keeps messing up write-rights
Ed Warner
edwarner99 at yahoo.com
Sun Jul 20 17:00:58 UTC 2008
>
> Message: 9
> Date: Sat, 19 Jul 2008 19:50:26 +0200
> From: Gijs <info at boer-software-en-webservices.nl>
> Subject: Re: bind update keeps messing up write-rights
> To: For users of Fedora <fedora-list at redhat.com>
> Message-ID:
> <48822962.5080202 at boer-software-en-webservices.nl>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Ed Warner wrote:
> > Message: 7
> > Date: Sat, 19 Jul 2008 06:26:53 -0400
> > From: "Christopher K. Johnson"
> <ckjohnson at gwi.net>
> > Subject: Re: bind update keeps messing up write-rights
> > To: For users of Fedora <fedora-list at redhat.com>
> > Message-ID: <4881C16D.7010606 at gwi.net>
> > Content-Type: text/plain; charset=ISO-8859-1;
> format=flowed
> >
> > Gijs wrote:
> >
> >> Sam Varshavchik wrote:
> >>
> >>> Gijs writes:
> >>>
> >>>
> >>>> Hey List,
> >>>>
> >>>> Not sure why this is happening so perhaps
> someone can explain this
> >>>>
> >
> >
> >>>> to me.
> >>>> Whenever I update bind it messes up/resets
> access rights on my
> >>>>
> > zone
> >
> >>>> files. Now normally this wouldn't be a
> bad thing, but because
> >>>>
> > I have
> >
> >>>> dynamic updates on, for which named
> creates journalizing files, I
> >>>> end up having non-writeable journalizing
> files. So after every
> >>>> update I end up having to manually change
> the access rights on my
> >>>> jnl files.
> >>>>
> >>>> Is anyone else having the same problem
> and/or is it supposed to be
> >>>>
> >
> >
> >>>> like this?
> >>>>
> >>> You must have bind configured to run in
> chroot.
> >>>
> >>> rpm's %post script runs
> /usr/sbin/bind-chroot-admin where, if you
> >>> have chroot configured, it runs this lovely
> bit of code:
> >>>
> >>> chown -h root:named /var/named/*
> >/dev/null 2>&1;
> >>> chown -h root:named
> ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null
> >>>
> >
> >
> >>> 2>&1;
> >>> chown -h root:named /etc/{named,rndc}.*
> >/dev/null 2>&1;
> >>> chown -h root:named
> ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.*
> >>>
> >>>> /dev/null 2>&1;
> >>>>
> >>> chown -h named:named /var/log/named.log
> >/dev/null 2>&1;
> >>> chown -h named:named
> ${BIND_CHROOT_PREFIX}/var/log/named.log
> >>>
> >>>> /dev/null 2>&1;
> >>>>
> >>> chmod 750 ${pfx}/var/named >/dev/null
> 2>&1;
> >>> chmod 640 ${pfx}/var/named/* >/dev/null
> 2>&1;
> >>> chmod 750 ${pfx}/var/named/*/.
> >/dev/null 2>&1;
> >>> chmod 660 ${pfx}/var/log/named.log
> >/dev/null 2>&1;
> >>> chown -h named:named
> >>>
> /var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
> >/dev/null
> >>>
> > 2>&1;
> >
> >>> chown -h named:named
> >>>
> ${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
>
> >>>
> >>>> /dev/null 2>&1;
> >>>>
> >>> chmod 770
> ${pfx}/var/named/{data,slaves,dynamic} >/dev/null
> >>>
> > 2>&1;
> >
> >>> chmod 660
> ${pfx}/var/named/{data/*,slaves/*,dynamic/*}
> >>>
> >> /dev/null
> >>
> >>> 2>&1;
> >>> chmod 770
> ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.}
> >>>
> >>>> /dev/null 2>&1;
> >>>>
> >>> Lovely.
> >>>
> >>>
> >> Heh, that's indeed lovely. And yea, I've
> got named configured to
> >>
> > run
> >
> >> in chroot as it is the default nowadays (at least
> on Fedora).
> >>
> >> You should note that the 'dynamic'
> subfolder contents are set to mode
> >> 660.
> >> Move your updateable zone files there and update
> the referenced paths in
> >> named.conf accordingly.
> >>
> >> Chris
> >>
> >>
> >
> > Could you clarify your statement for me please?
> >
> > 1. Othe than my zone files, what else goes into
> /var/named/chroot/var/named/dynamic ?
> >
> > 2. My named.conf resides in /var/named/chroot/etc, so
> I need to make changes to point to the path -->
> /var/named/chroot/var/named/dynamic ?
> >
> > Thanks
> I cannot really clarify point 1, but I can somewhat clarify
> point 2.
> In my named.conf I now have the following:
> zone "0.168.192.in-addr.arpa" IN {
> type master;
> file "dynamic/named.0.168.192";
> allow-update { key rndc; };
> };
>
> zone "home" IN {
> type master;
> file "dynamic/home.zone";
> allow-update { key rndc; };
> };
>
> This allows named to find the zone files inside the dynamic
> folder.
> Also, /var/named/chroot/etc/named.conf has a hardlink to
> /etc/named.conf
> so that might be somewhat easier to type next time you want
> to edit that
> file :). And because named is running inside a chroot, you
> cannot set
> the path to "/var/named/chroot/var/named/dynamic"
> inside the named.conf.
> For named, the chroot basically means that everything is
> running from
> the /var/named/chroot directory. In other words, if you
> refer to
> /var/named/dynamic inside your named.conf, it actually
> refers to
> /var/named/chroot/var/named/dynamic.
>
> Hope this makes sense :)
It made sense thanks. I changed my named.conf file and relocated my zone files and it seems to work except for a message I get when I restart named.
It says my working directory is not writable. My directory in named.conf is "/var/named" Is this the directory the warning is coming from? What should the permissions be?
Thanks,
More information about the fedora-list
mailing list