Bug 201161 - permissions on /var/named/chroot/var/named broken during upgrade
Summary: permissions on /var/named/chroot/var/named broken during upgrade
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: bind
Version: 3.0
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Martin Stransky
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-08-03 10:07 UTC by Neil Prockter
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-08-18 11:30:42 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Neil Prockter 2006-08-03 10:07:32 UTC
Description of problem:
permissions on /var/named/chroot/var/named changed to root during upgrade, named
needs to write there in order for it to start
I am running bind as a secondary with an additional private zone

Version-Release number of selected component (if applicable):
last few releases its happened everytime

How reproducible:
everytime

Steps to Reproduce:
1. up2date bind
2.
3.
  
Actual results:
named will not restart

Expected results:
named restart

Additional info:
chown named /var/named/chroot/var/named fixes the problem
/var/named/chroot/var/named is where my db files go perhaps I have them in the
wrong place?

Comment 1 Martin Stransky 2006-08-03 11:17:16 UTC
Have you checked the U8 update?

Comment 2 Neil Prockter 2006-08-03 11:39:36 UTC
yes I had that applied last night and it broke bind
I am running 9.2.4 14_EL3

Comment 3 Martin Stransky 2006-08-04 13:48:21 UTC
hmm, root is the right owner for /var/named/chroot/var/named...

Comment 4 Neil Prockter 2006-08-04 14:17:03 UTC
with
drwxr-x--- root named  /var/named/chroot/var/named

strace -f -e trace=file /usr/sbin/named -u named -t /var/named/chroot

shows
open("named.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = -1 EACCES (Permission denied)

named trying to write named.pid to that directory and not having permission to

perhaps /var/named/chroot/var/named should be group writable?

Comment 5 Rich Graves 2006-08-05 01:08:28 UTC
My installation writes /var/named/chroot/var/run/named/named.pid properly. You
probably have a pid-file directive in your {/var/named/chroot/}/etc/named.conf.
Remove it or change to (the default) /var/run/named/named.pid.

Whatever you do, don't try to troubleshoot by running sysreport with
/var/named/chroot/proc mounted (it tries to cp -rp /var/named, including all of
/proc...).

Comment 6 Neil Prockter 2006-08-05 09:33:44 UTC
removing the pid-file option sorts out restarting, thank you

my zone data files are also in /var/named/chroot/var/named. I just set the
ownership on them manually or should I move them too?

--
I don't recall /var/named/chroot/proc being there before and, I would think,
having it exposes information about processs outside the chroot and it creates
the possiblity for escaping the chroot?

Comment 7 Tuomo Soini 2006-08-16 07:09:35 UTC
This is not a bug. You should change your slave zone files so that they point to
different directory which named user has permission to write to. f.ex.
"slaves/yourslavezone"



Note You need to log in before you can comment on or make changes to this bug.