Bug 241872 - On upgrade, /var/named perms get set wrong
On upgrade, /var/named perms get set wrong
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
6
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-31 06:50 EDT by Andrew Clayton
Modified: 2013-04-30 19:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-04 06:20:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Clayton 2007-05-31 06:50:24 EDT
Description of problem:

Whenever bind is updated, /var/named gets set as follows

drwxr-x---  5 root    named   4096 May 31 09:29 named

Bind runs as named and I normally set /var/named to 770 and named.named

I'm not sure what is the really correct thing. But when it gets reset to the
above, dns updates no longer work.

May 31 11:23:07 XXXX named[1359]: dumping master file: tmp-X7sFlJmgOF: open:
permission denied
May 31 11:23:07 XXXX named[1359]: transfer of 'XXXX.XXXX/IN' from
nnn.nnn.nnn.nnn#53: failed while receiving responses: permission denied
May 31 11:23:07 XXXX named[1359]: transfer of 'XXXX.XXXX/IN' from
nnn.nnn.nnn.nnn#53: end of transfer

Resetting the directory to 770 named.named allows the updates to come through.


Version-Release number of selected component (if applicable):

bind-9.3.4-5.fc6


How reproducible:

Seems to happen every bind update.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Adam Tkac 2007-06-04 06:20:44 EDT
This is very delicate problem. For slave zones is primarily designed
/var/named/slaves directory. But admins don't want use this directory and put
slave zones simply into /var/named. Please restrict named as much as it possible
(so put your zones into slaves directory). This policy increases security
(exploit in zone transfer could corrupt your zone files if slave zones are in
same directory as master zones etc...). If you insist on change perms of
/var/named please reopen and I'm ready discuss it.

Regards, Adam
Comment 2 Adam Tkac 2007-06-04 07:00:05 EDT
Btw I think that you talk about issue with slave DNS, not with dynamic DNS
(please see bug #239149)
Comment 3 Andrew Clayton 2007-06-04 09:38:16 EDT
Hi,

Thanks for the info. Yes, your right, I was talking about slave DNS. I will now
look at using /var/named/slaves (makes sense!)

Cheers,

Note You need to log in before you can comment on or make changes to this bug.