Bug 101544 - Incorrect owner for /var/named
Incorrect owner for /var/named
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: bind (Show other bugs)
3.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-03 10:27 EDT by Felipe Alfaro Solana
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-04 14:42:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Felipe Alfaro Solana 2003-08-03 10:27:56 EDT
Description of problem: 
By default, on Taroon Beta 1, the owner for "/var/named" is: 
 
drwxr-x---    2 root     named        4096 Aug  3 16:19 /var/named/ 
 
This setting will prevent the "named" daemon from being able to create new 
slave zones inside "/var/named", as the "named" daemon runs as user "named" 
and not "root". 
 
When defining a new slave zone in "/etc/named.conf", upon start of the "named" 
daemon, an AXFR full zone transfer will be initiated. Once the zone contents 
are gathered, the "named" daemon will try to create the file for the slave 
zone in "/var/named", but will fail with a "permission denied" error message. 
 
To fix the problem, I had to change the owner of "/var/named" to "named". 
 
# chown named /var/named 
 
Version-Release number of selected component (if applicable): 
bind-9.2.2-18 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. Add an slave zone to "/etc/named.conf". 
2. Make sure the file specified for this new slave zone doesn't exist in 
"/var/named". 
3. Start the "named" service. 
4. Named will succeed in performing AXFR, but will fail when trying to create 
the file for the newly created zone file. 
     
Actual results: 
The owner for "/var/named" shouldn't be root, but "named". 
 
Expected results: 
The owner for "/var/named" should be "named". 
 
Additional info:
Comment 1 Daniel Walsh 2003-08-04 14:42:49 EDT
This has been reported as a potential security problem.  THe way to work around it
would be to create a subdirectory slaves under /var/named and chown named.named
to it.  Then have your slave zones created in there.

Dan

Note You need to log in before you can comment on or make changes to this bug.