Bug 191026 - BIND should not change permissions in /var/named
BIND should not change permissions in /var/named
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-08 04:43 EDT by Jørgen Thomsen
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: bind-9.3.2-20.FC5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-06-14 17:18:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jørgen Thomsen 2006-05-08 04:43:24 EDT
Description of problem:
When BIND directories exist the installation should not change permissions on 
files and directories. 
An upgrade which pulled in the installation of BIND destroyed our custom 
installation and changed permissions so our utility programs could not access 
the zonefiles as well as other files kept in /var/named.
 
See bugs 190330 and 191024. 

Version-Release number of selected component (if applicable):
The one in the Fedora Core 5 DVD

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Jason Vas Dias 2006-06-14 17:18:41 EDT
The upgrade you refer to which 'destroyed our custom installation', for which
I sincerely apologize, appears to be to bind-9.3.2-4.1 from the FC-5 GOLD
release, and was probably caused by also having the 'caching-nameserver' RPM
installed, which provided a certain BIND configuration for a caching-nameserver,
replacing any existing configuration ( though it did back up any existing config
files to '.rpmsave' files ).

caching-nameserver has now been obsoleted by bind-config, which no longer 
provides any files that conflict with bind, bind-chroot, or a user's custom
config. It provides the 'named.caching-nameserver.conf', which is used by 
the initscript only if named.conf does not exist, and the 'named.rfc1912.zones'
named.conf file, for the localhost zones.

The permissions of the $ROOTDIR/{etc/{named,rndc}.*,var/named/*} files are as
mandated by our security response team, and have been the subject of many bind
security bugs, for the security provided by any bind-chroot environment rests
upon them.  The permissions of these bind configuration files and directories
are updated by RPM after each upgrade, and are correct for security - they 
should cause no problems to properly privileged users (ie. root or members of 
the 'named' group) . If the standard bind permissions do cause you problems,
please specify which permissions and the details of the problems caused.

Please try upgrading to the latest 'bind-*' release from FC-5 Updates or Rawhide 
 / FC-6 - you should have no further problems.

Note You need to log in before you can comment on or make changes to this bug.