Bug 126638 - Permissions for /var/named set by BIND RPM conflict with DDNS
Summary: Permissions for /var/named set by BIND RPM conflict with DDNS
Alias: None
Product: Fedora
Classification: Fedora
Component: bind   
(Show other bugs)
Version: 2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact:
: 112350 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2004-06-24 02:52 UTC by Paul Bender
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version: selinux-policy-targeted-
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-25 22:54:43 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Paul Bender 2004-06-24 02:52:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
When the bind RPM is installed it sets the ownership and permissions
on /var/named using the line '%attr(750,root,named) %dir /var/named'
in the spec file. Since named runs as the user named, named does not
have write access to /var/named. However, named needs write access to
/var/named in order to create the journal files it uses for dynamic DNS.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install bind, configure it for dynamic dns, and start it (named)
2. Install dhcp, configure it for dynamic dns, and start it (dhcpd).
3. Have a client make a DHCP request.
4. Stop bind (named).

Actual Results:  named did not create *.jnl files for the zone files
that need to be updated by dynamic DNS.

Expected Results:  named should have created the *.jnl files for the
zones that needed to be updated by dynamic DNS.

Additional info:

Comment 1 Daniel Walsh 2004-06-24 14:25:13 UTC
Can't you setup these journal files to be in a subdirectory of named
with the appropriate privs?


Comment 2 Paul Bender 2004-06-24 15:40:51 UTC
I do not know of anyway to do this. BIND creates the *.jnl files
automatically in its working directory, which is specified by the
'directory' option in /etc/named.conf. The working directory is the
same directory that contains the zone files and it is configured to by
'/var/named' by the /etc/named.conf file installed by the
caching-nameserver RPM. I do not know of any option to set the path
for the *.jnl files separate from the path for the working directory.

Comment 3 Glen Starrett 2004-06-29 00:53:46 UTC
Feeding the google search:  The error message you'll see in
/var/log/messages is:

dumping master file: tmp-XXXXPyA987: open: permission denied


zone my.domain.name/IN: dump failed: permission denied

Comment 4 Jason Vas Dias 2004-08-04 22:24:37 UTC
*** Bug 112350 has been marked as a duplicate of this bug. ***

Comment 5 Jason Vas Dias 2004-08-25 22:54:43 UTC
This is now fixed with selinux-policy-targeted-1.17.4-1 .

Comment 6 Jason Vas Dias 2004-08-25 22:57:51 UTC
You may need to do:
  chown named:named /var/named
The ownership of this directory was changed to root:root 
in bind-9.2.3-13 as a security measure.

Note You need to log in before you can comment on or make changes to this bug.