Bug 241872 - On upgrade, /var/named perms get set wrong
Summary: On upgrade, /var/named perms get set wrong
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
(Show other bugs)
Version: 6
Hardware: All Linux
low
medium
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-05-31 10:50 UTC by Andrew Clayton
Modified: 2013-04-30 23:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-04 10:20:44 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Andrew Clayton 2007-05-31 10:50:24 UTC
Description of problem:

Whenever bind is updated, /var/named gets set as follows

drwxr-x---  5 root    named   4096 May 31 09:29 named

Bind runs as named and I normally set /var/named to 770 and named.named

I'm not sure what is the really correct thing. But when it gets reset to the
above, dns updates no longer work.

May 31 11:23:07 XXXX named[1359]: dumping master file: tmp-X7sFlJmgOF: open:
permission denied
May 31 11:23:07 XXXX named[1359]: transfer of 'XXXX.XXXX/IN' from
nnn.nnn.nnn.nnn#53: failed while receiving responses: permission denied
May 31 11:23:07 XXXX named[1359]: transfer of 'XXXX.XXXX/IN' from
nnn.nnn.nnn.nnn#53: end of transfer

Resetting the directory to 770 named.named allows the updates to come through.


Version-Release number of selected component (if applicable):

bind-9.3.4-5.fc6


How reproducible:

Seems to happen every bind update.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Adam Tkac 2007-06-04 10:20:44 UTC
This is very delicate problem. For slave zones is primarily designed
/var/named/slaves directory. But admins don't want use this directory and put
slave zones simply into /var/named. Please restrict named as much as it possible
(so put your zones into slaves directory). This policy increases security
(exploit in zone transfer could corrupt your zone files if slave zones are in
same directory as master zones etc...). If you insist on change perms of
/var/named please reopen and I'm ready discuss it.

Regards, Adam

Comment 2 Adam Tkac 2007-06-04 11:00:05 UTC
Btw I think that you talk about issue with slave DNS, not with dynamic DNS
(please see bug #239149)

Comment 3 Andrew Clayton 2007-06-04 13:38:16 UTC
Hi,

Thanks for the info. Yes, your right, I was talking about slave DNS. I will now
look at using /var/named/slaves (makes sense!)

Cheers,



Note You need to log in before you can comment on or make changes to this bug.