Bug 20968 - Upgrade to the P7 bind fails to set ownerships properly
Upgrade to the P7 bind fails to set ownerships properly
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: bind (Show other bugs)
6.1
All Linux
high Severity high
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
Dale Lovelace
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-16 12:58 EST by Daniel Senie
Modified: 2005-10-31 17:00 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-24 17:51:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Senie 2000-11-16 12:58:50 EST
The RPM upgrade to the new P7 patch level of Bind changes the way bind is 
run, so that it runs under user named, group named, instead of root.root. 
While a good move security-wise, the installation scripts were not 
sufficient to properly do this upgrade. I'm cleaning up a lot of systems 
by hand.

Specifically, the /var/run/named.pid file should have been set to 
named.named ownership, and the entire contents of /var/named should have 
been set (i.e. chown -R named.named /var/named) to ensure all existing 
zone files in that directory are properly set. This last is especially 
important on secondary name servers, where those files must be overwritten 
by the running named process when zones are updated.

I observed this behaviour with Redhat 6.1 plus patches, but it will 
certainly happen the same way on all releases to which this patch is 
applied.
Comment 1 Daniel Senie 2000-11-21 12:35:18 EST
Further problems. It's not enough to set ownership on /var/run/named.pid, since bind wants to be able to CREATE the pid file. My solution to this is to 
create a directory:

/var/run/named

which is owned by named.named, then alter /etc/named.conf to include in the options area:

pid-file "/var/run/named/named.pid";

While this works, it appears it'll confuse the library of functions in /etc/rc.d/init.d/functions which expect the PID file to be in /var/run. The solution to this 
would be to alter the /etc/rc.d/init.d/named script to NOT use /etc/rc.d/init.d/functions at all.

Is anyone at RedHat actually looking into a fixed RPM for this? I'm busy repatching a few dozen systems, but sooner or later the masses are going to 
scream for a fixed RPM.
Comment 2 Karsten Hopp 2002-07-22 08:06:57 EDT
The current bind package uses /var/run/named/named.pid for it's pid file as 
suggested in the bind FAQ.

Note You need to log in before you can comment on or make changes to this bug.