Bug 101544 - Incorrect owner for /var/named
Summary: Incorrect owner for /var/named
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: bind
Version: 3.0
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-08-03 14:27 UTC by Felipe Alfaro Solana
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-08-04 18:42:49 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Felipe Alfaro Solana 2003-08-03 14:27:56 UTC
Description of problem: 
By default, on Taroon Beta 1, the owner for "/var/named" is: 
 
drwxr-x---    2 root     named        4096 Aug  3 16:19 /var/named/ 
 
This setting will prevent the "named" daemon from being able to create new 
slave zones inside "/var/named", as the "named" daemon runs as user "named" 
and not "root". 
 
When defining a new slave zone in "/etc/named.conf", upon start of the "named" 
daemon, an AXFR full zone transfer will be initiated. Once the zone contents 
are gathered, the "named" daemon will try to create the file for the slave 
zone in "/var/named", but will fail with a "permission denied" error message. 
 
To fix the problem, I had to change the owner of "/var/named" to "named". 
 
# chown named /var/named 
 
Version-Release number of selected component (if applicable): 
bind-9.2.2-18 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. Add an slave zone to "/etc/named.conf". 
2. Make sure the file specified for this new slave zone doesn't exist in 
"/var/named". 
3. Start the "named" service. 
4. Named will succeed in performing AXFR, but will fail when trying to create 
the file for the newly created zone file. 
     
Actual results: 
The owner for "/var/named" shouldn't be root, but "named". 
 
Expected results: 
The owner for "/var/named" should be "named". 
 
Additional info:

Comment 1 Daniel Walsh 2003-08-04 18:42:49 UTC
This has been reported as a potential security problem.  THe way to work around it
would be to create a subdirectory slaves under /var/named and chown named.named
to it.  Then have your slave zones created in there.

Dan


Note You need to log in before you can comment on or make changes to this bug.