Bug 101544
| Summary: | Incorrect owner for /var/named | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Felipe Alfaro Solana <felipe_alfaro> |
| Component: | bind | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.0 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-08-04 18:42:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This has been reported as a potential security problem. THe way to work around it would be to create a subdirectory slaves under /var/named and chown named.named to it. Then have your slave zones created in there. Dan |
Description of problem: By default, on Taroon Beta 1, the owner for "/var/named" is: drwxr-x--- 2 root named 4096 Aug 3 16:19 /var/named/ This setting will prevent the "named" daemon from being able to create new slave zones inside "/var/named", as the "named" daemon runs as user "named" and not "root". When defining a new slave zone in "/etc/named.conf", upon start of the "named" daemon, an AXFR full zone transfer will be initiated. Once the zone contents are gathered, the "named" daemon will try to create the file for the slave zone in "/var/named", but will fail with a "permission denied" error message. To fix the problem, I had to change the owner of "/var/named" to "named". # chown named /var/named Version-Release number of selected component (if applicable): bind-9.2.2-18 How reproducible: Always Steps to Reproduce: 1. Add an slave zone to "/etc/named.conf". 2. Make sure the file specified for this new slave zone doesn't exist in "/var/named". 3. Start the "named" service. 4. Named will succeed in performing AXFR, but will fail when trying to create the file for the newly created zone file. Actual results: The owner for "/var/named" shouldn't be root, but "named". Expected results: The owner for "/var/named" should be "named". Additional info: