Bug 126638 - Permissions for /var/named set by BIND RPM conflict with DDNS
Permissions for /var/named set by BIND RPM conflict with DDNS
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
: 112350 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2004-06-23 22:52 EDT by Paul Bender
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: selinux-policy-targeted-
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-25 18:54:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paul Bender 2004-06-23 22:52:55 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
When the bind RPM is installed it sets the ownership and permissions
on /var/named using the line '%attr(750,root,named) %dir /var/named'
in the spec file. Since named runs as the user named, named does not
have write access to /var/named. However, named needs write access to
/var/named in order to create the journal files it uses for dynamic DNS.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install bind, configure it for dynamic dns, and start it (named)
2. Install dhcp, configure it for dynamic dns, and start it (dhcpd).
3. Have a client make a DHCP request.
4. Stop bind (named).

Actual Results:  named did not create *.jnl files for the zone files
that need to be updated by dynamic DNS.

Expected Results:  named should have created the *.jnl files for the
zones that needed to be updated by dynamic DNS.

Additional info:
Comment 1 Daniel Walsh 2004-06-24 10:25:13 EDT
Can't you setup these journal files to be in a subdirectory of named
with the appropriate privs?

Comment 2 Paul Bender 2004-06-24 11:40:51 EDT
I do not know of anyway to do this. BIND creates the *.jnl files
automatically in its working directory, which is specified by the
'directory' option in /etc/named.conf. The working directory is the
same directory that contains the zone files and it is configured to by
'/var/named' by the /etc/named.conf file installed by the
caching-nameserver RPM. I do not know of any option to set the path
for the *.jnl files separate from the path for the working directory.
Comment 3 Glen Starrett 2004-06-28 20:53:46 EDT
Feeding the google search:  The error message you'll see in
/var/log/messages is:

dumping master file: tmp-XXXXPyA987: open: permission denied


zone my.domain.name/IN: dump failed: permission denied
Comment 4 Jason Vas Dias 2004-08-04 18:24:37 EDT
*** Bug 112350 has been marked as a duplicate of this bug. ***
Comment 5 Jason Vas Dias 2004-08-25 18:54:43 EDT
This is now fixed with selinux-policy-targeted-1.17.4-1 .
Comment 6 Jason Vas Dias 2004-08-25 18:57:51 EDT
You may need to do:
  chown named:named /var/named
The ownership of this directory was changed to root:root 
in bind-9.2.3-13 as a security measure.

Note You need to log in before you can comment on or make changes to this bug.