Bug 126638
| Summary: | Permissions for /var/named set by BIND RPM conflict with DDNS | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul Bender <pbender> |
| Component: | bind | Assignee: | Jason Vas Dias <jvdias> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2 | CC: | doug.palmer |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-targeted-1.17.4.1 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-08-25 22:54:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Can't you setup these journal files to be in a subdirectory of named with the appropriate privs? Dan I do not know of anyway to do this. BIND creates the *.jnl files automatically in its working directory, which is specified by the 'directory' option in /etc/named.conf. The working directory is the same directory that contains the zone files and it is configured to by '/var/named' by the /etc/named.conf file installed by the caching-nameserver RPM. I do not know of any option to set the path for the *.jnl files separate from the path for the working directory. Feeding the google search: The error message you'll see in /var/log/messages is: dumping master file: tmp-XXXXPyA987: open: permission denied and zone my.domain.name/IN: dump failed: permission denied *** Bug 112350 has been marked as a duplicate of this bug. *** This is now fixed with selinux-policy-targeted-1.17.4-1 . You may need to do: chown named:named /var/named The ownership of this directory was changed to root:root in bind-9.2.3-13 as a security measure. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 Description of problem: When the bind RPM is installed it sets the ownership and permissions on /var/named using the line '%attr(750,root,named) %dir /var/named' in the spec file. Since named runs as the user named, named does not have write access to /var/named. However, named needs write access to /var/named in order to create the journal files it uses for dynamic DNS. Version-Release number of selected component (if applicable): 9.2.3-13 How reproducible: Always Steps to Reproduce: 1. Install bind, configure it for dynamic dns, and start it (named) 2. Install dhcp, configure it for dynamic dns, and start it (dhcpd). 3. Have a client make a DHCP request. 4. Stop bind (named). Actual Results: named did not create *.jnl files for the zone files that need to be updated by dynamic DNS. Expected Results: named should have created the *.jnl files for the zones that needed to be updated by dynamic DNS. Additional info: