From: gentoo-user@devrieze.net
To: gentoo-dev@gentoo.org
Cc: Todd Punderson <todd@doonga.net>
Subject: Re: [gentoo-dev] bind-9.1.3-r7
Date: Fri, 15 Mar 2002 11:30:00 +0100 (CET) [thread overview]
Message-ID: <Pine.LNX.4.43.0203151116360.24180-100000@kubstu.kub.nl> (raw)
In-Reply-To: <20020307020701.B6B4.TODD@doonga.net>
On Thu, 7 Mar 2002, Todd Punderson wrote:
> I did a update --world tonight and I also ran into this. It's probably
> destined for bugzilla, but I wanted to ask first.
>
> After updating to bind-9.1.3-r7 I had a problem getting it to run. I
> determined the problem to be the following. The named startup script
> executes this: start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -n 1
>
> Since named switches to uid 'named' it doesn't have access to write to
> /var/run/named.pid However, I noticed that there is now a
> /var/run/named dir that is owned by named.named...This is all well and
> good but the named binary doesn't try to write it's pidfile to that
> directory and bombs. I looked in the ebuild and the bind documentation
> and there is a way to configure it to point to another directory: on the
> configure script it needs --localstatedir=/var/run/named instead of
> --localstatedir=/var but this also means that the /etc/init.d/named
> script needs to be edited to point to /var/run/named/run/named.pid for
> the stop portion of it. Maybe the extra 'run' in there could be edited
> out with by modifing the bind source, I didn't dig that far, I just need
> it running. :)
> Also /var/bind needs to be owned by named.named in order for the zone
> files to be read (since I did an upgrade, this bit me, it may not on a
> new install)
>
The reason for the change was that bind used to run as root
(inadvertently). It is not safe (or necessary to do so) to run named as
root. For named to run as a different user (that's what the -u option
does) it needs to be able to write it's pid file. This location can be
specified in the config file. This option was included there too. It is
not necessary / not safe for the /var/bind dir to be owned by named. Named
does need to be able to read it though. Only if you want to use dynamic
updates, the files to which you want bind to have access to must be owned
by named. Be very careful with dynamic update though, as it might
compromise your server (and with it possibly your network)
Paul
--
___
/~~~\ | Paul de Vrieze
| O-O | | Student of information management and technology
| _ | | Mail: Paul@devrieze.net
\___/ | Homepage: http://www.devrieze.net
next prev parent reply other threads:[~2002-03-15 10:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-07 7:59 [gentoo-dev] bind-9.1.3-r7 Todd Punderson
2002-03-15 10:30 ` gentoo-user [this message]
2002-03-15 12:45 ` Stefan Boresch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.43.0203151116360.24180-100000@kubstu.kub.nl \
--to=gentoo-user@devrieze.net \
--cc=gentoo-dev@gentoo.org \
--cc=todd@doonga.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox