From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_ADSP_NXDOMAIN, DMARC_MISSING,MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no version=4.0.0 Received: from mailone.kub.nl (mailone.kub.nl [137.56.0.62]) by chiba.3jane.net (Postfix) with ESMTP id 817F62018DB3 for ; Fri, 15 Mar 2002 04:33:34 -0600 (CST) Received: from kubstu.kub.nl (kubstu.kub.nl [137.56.0.67]) by mailone.kub.nl (8.12.2/8.12.2) with ESMTP id g2FAU1hm020041; Fri, 15 Mar 2002 11:30:01 +0100 (MET) Received: from localhost (s920851@localhost) by kubstu.kub.nl (8.12.1/8.12.1/Debian -5) with ESMTP id g2FAU0br010639; Fri, 15 Mar 2002 11:30:00 +0100 X-Authentication-Warning: kubstu.kub.nl: s920851 owned process doing -bs Date: Fri, 15 Mar 2002 11:30:00 +0100 (CET) From: gentoo-user@devrieze.net To: gentoo-dev@gentoo.org Cc: Todd Punderson Subject: Re: [gentoo-dev] bind-9.1.3-r7 In-Reply-To: <20020307020701.B6B4.TODD@doonga.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: gentoo-dev@gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux developer list List-Unsubscribe: , List-Archive: X-Archives-Salt: b6f15d0c-ca61-4e6c-b9a9-ecf32d6a8be0 X-Archives-Hash: 7492211974ef7e0063ef32a9c2cb93dc On Thu, 7 Mar 2002, Todd Punderson wrote: > I did a update --world tonight and I also ran into this. It's probably > destined for bugzilla, but I wanted to ask first. > > After updating to bind-9.1.3-r7 I had a problem getting it to run. I > determined the problem to be the following. The named startup script > executes this: start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -n 1 > > Since named switches to uid 'named' it doesn't have access to write to > /var/run/named.pid However, I noticed that there is now a > /var/run/named dir that is owned by named.named...This is all well and > good but the named binary doesn't try to write it's pidfile to that > directory and bombs. I looked in the ebuild and the bind documentation > and there is a way to configure it to point to another directory: on the > configure script it needs --localstatedir=/var/run/named instead of > --localstatedir=/var but this also means that the /etc/init.d/named > script needs to be edited to point to /var/run/named/run/named.pid for > the stop portion of it. Maybe the extra 'run' in there could be edited > out with by modifing the bind source, I didn't dig that far, I just need > it running. :) > Also /var/bind needs to be owned by named.named in order for the zone > files to be read (since I did an upgrade, this bit me, it may not on a > new install) > The reason for the change was that bind used to run as root (inadvertently). It is not safe (or necessary to do so) to run named as root. For named to run as a different user (that's what the -u option does) it needs to be able to write it's pid file. This location can be specified in the config file. This option was included there too. It is not necessary / not safe for the /var/bind dir to be owned by named. Named does need to be able to read it though. Only if you want to use dynamic updates, the files to which you want bind to have access to must be owned by named. Be very careful with dynamic update though, as it might compromise your server (and with it possibly your network) Paul -- ___ /~~~\ | Paul de Vrieze | O-O | | Student of information management and technology | _ | | Mail: Paul@devrieze.net \___/ | Homepage: http://www.devrieze.net