Bug 191026 - BIND should not change permissions in /var/named
Summary: BIND should not change permissions in /var/named
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2006-05-08 08:43 UTC by Jørgen Thomsen
Modified: 2007-11-30 22:11 UTC (History)
0 users

Clone Of:
Last Closed: 2006-06-14 21:18:41 UTC

Attachments (Terms of Use)

Description Jørgen Thomsen 2006-05-08 08:43:24 UTC
Description of problem:
When BIND directories exist the installation should not change permissions on 
files and directories. 
An upgrade which pulled in the installation of BIND destroyed our custom 
installation and changed permissions so our utility programs could not access 
the zonefiles as well as other files kept in /var/named.
See bugs 190330 and 191024. 

Version-Release number of selected component (if applicable):
The one in the Fedora Core 5 DVD

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Jason Vas Dias 2006-06-14 21:18:41 UTC
The upgrade you refer to which 'destroyed our custom installation', for which
I sincerely apologize, appears to be to bind-9.3.2-4.1 from the FC-5 GOLD
release, and was probably caused by also having the 'caching-nameserver' RPM
installed, which provided a certain BIND configuration for a caching-nameserver,
replacing any existing configuration ( though it did back up any existing config
files to '.rpmsave' files ).

caching-nameserver has now been obsoleted by bind-config, which no longer 
provides any files that conflict with bind, bind-chroot, or a user's custom
config. It provides the 'named.caching-nameserver.conf', which is used by 
the initscript only if named.conf does not exist, and the 'named.rfc1912.zones'
named.conf file, for the localhost zones.

The permissions of the $ROOTDIR/{etc/{named,rndc}.*,var/named/*} files are as
mandated by our security response team, and have been the subject of many bind
security bugs, for the security provided by any bind-chroot environment rests
upon them.  The permissions of these bind configuration files and directories
are updated by RPM after each upgrade, and are correct for security - they 
should cause no problems to properly privileged users (ie. root or members of 
the 'named' group) . If the standard bind permissions do cause you problems,
please specify which permissions and the details of the problems caused.

Please try upgrading to the latest 'bind-*' release from FC-5 Updates or Rawhide 
 / FC-6 - you should have no further problems.

Note You need to log in before you can comment on or make changes to this bug.