Bug 994578

Summary: File permission change took down my servers
Product: [Fedora] Fedora EPEL Reporter: Marc Perkel <marc>
Component: pdnsAssignee: Morten Stevens <mstevens>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: el6CC: mstevens
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-26 12:23:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marc Perkel 2013-08-07 14:16:55 UTC 
Description of problem:

Upgrade changed file permissions causing PDNS to fail


Version-Release number of selected component (if applicable):


How reproducible:

yum upgrade


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

I know you will probably say it's my fault for not having all the file owners be pdns but when the upgrade ran and changed the file permissions to 700 it took down all my DNS servers. Before you modify permissions on other people's servers you might want to check if you are going to break it. You might want to consider that there may be a reason other people don't set things up the same way you do.

Going from working to not working is not an upgrade.
Comment 1 Morten Stevens 2013-08-07 14:33:27 UTC 
Which file permissions exactly?

There is only one change to fix https://bugzilla.redhat.com/show_bug.cgi?id=646510

Steps to reproduce this? (I'm not able to reproduce this)
Comment 2 Marc Perkel 2013-08-07 14:40:12 UTC 
The owner of pdns.conf was root. When you changed the access to 600 then the pdns process running under the user pdns couldn't read the pdns.conf file. I probably should have had pdns be the owner of pdns.conf but I didn't. It used to have 755 permissions and that worked.

I think that making the assumption that you can just change permissions because it makes things more secure runs the risk that you can break things.
Comment 3 Morten Stevens 2013-08-07 17:31:39 UTC 
(In reply to Marc Perkel from comment #2)
> The owner of pdns.conf was root. When you changed the access to 600 then the
> pdns process running under the user pdns couldn't read the pdns.conf file.

The owner of pdns.conf is still root and there is no issue to read the pdns.conf file with 600 file permissions.

I suspect that this is a local problem with your installation.
Comment 4 Morten Stevens 2013-08-26 12:23:32 UTC 
This is a local problem and not a bug = closed.