Bug 161378 - permission problem in /var/named/chroot/named
permission problem in /var/named/chroot/named
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-22 14:57 EDT by Elton Ramos Carvalho
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-05 13:46:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Elton Ramos Carvalho 2005-06-22 14:57:28 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050514

Description of problem:
A simple permission problem in /var/named/chroot/named.
Where the permission is

drwxr-x---  4 root named 4096 Jun 22 15:36 named

must be

drwxr-x---  4 named named 4096 Jun 22 15:36 named

The wrong permission give me this problem with the dhcp and ddns

Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' A
Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' TXT
Jun 22 15:38:51 ldap named[10587]: journal file expresso.intra.zone.jnl does not exist, creating it
-------------------------
Jun 22 15:38:51 ldap named[10587]: expresso.intra.zone.jnl: create: permission denied
-------------------------



Version-Release number of selected component (if applicable):
bind-9.3.1-4 bind-chroot-9.3.1-4

How reproducible:
Always

Steps to Reproduce:
1.Configure DHCP with ddns (hand)
2.Configure bind (hand)
3.Try add a Windows workstation to the network with dhcp client enabled
  

Actual Results:  Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' A
Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' TXT
Jun 22 15:38:51 ldap named[10587]: journal file expresso.intra.zone.jnl does not exist, creating it
-------------------------
Jun 22 15:38:51 ldap named[10587]: expresso.intra.zone.jnl: create: permission denied
-------------------------


bind can`t add the notas.expresso.intra host to the expresso.intra zone file

Expected Results:  a simple chmod resolved the problem

Additional info:
Comment 1 Jason Vas Dias 2005-07-05 13:46:58 EDT
The root:named ownership of the $ROOTDIR/var/named directory is as
mandated by our security response team, and is not a  bug.

You can put the DDNS updateable zone files under the 
$ROOTDIR/var/named/slaves directory, eg. with 
  zone "expresso.intra" in {... file "slaves/expresso.intra.zone"; ...}
or you can make the ownership change to named:named by editing 
/etc/sysconfig/named to say:
" ENABLE_ZONE_WRITE=yes 
".

Note that the master zone file ("expresso.intra.zone") must
also be owned by named:named for named to update it successfully.

This is documented in the named(8) man-page - also see the 
named_selinux(8) man-page.

Note You need to log in before you can comment on or make changes to this bug.