Red Hat Bugzilla – Bug 101544
Incorrect owner for /var/named
Last modified: 2007-11-30 17:06:57 EST
Description of problem:
By default, on Taroon Beta 1, the owner for "/var/named" is:
drwxr-x--- 2 root named 4096 Aug 3 16:19 /var/named/
This setting will prevent the "named" daemon from being able to create new
slave zones inside "/var/named", as the "named" daemon runs as user "named"
and not "root".
When defining a new slave zone in "/etc/named.conf", upon start of the "named"
daemon, an AXFR full zone transfer will be initiated. Once the zone contents
are gathered, the "named" daemon will try to create the file for the slave
zone in "/var/named", but will fail with a "permission denied" error message.
To fix the problem, I had to change the owner of "/var/named" to "named".
# chown named /var/named
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add an slave zone to "/etc/named.conf".
2. Make sure the file specified for this new slave zone doesn't exist in
3. Start the "named" service.
4. Named will succeed in performing AXFR, but will fail when trying to create
the file for the newly created zone file.
The owner for "/var/named" shouldn't be root, but "named".
The owner for "/var/named" should be "named".
This has been reported as a potential security problem. THe way to work around it
would be to create a subdirectory slaves under /var/named and chown named.named
to it. Then have your slave zones created in there.