Red Hat Bugzilla – Bug 247486
bind-chroot does not modify /etc/logrotate.d/named
Last modified: 2013-04-30 19:36:31 EDT
Description of problem:
The standard named log rotation script points to /var/log/named.log . The (not
exactly included, but yet) default named.conf sends the logs to that file too.
If bind-chroot is installed, the logs end up in
/var/named/chroot/var/log/named.log. Therefore, the chroot package should create
chroot/var/log and replace logrotate.d/named accordingly.
Version-Release number of selected component (if applicable):
First about creating var/named/log directory in chroot - definitely not because
log file could be located everywhere (and someone else could want create
var/named/logs/, someone var/log etc).
And about changing logrotate.d/named. This is only template, /var/log/named.log
doesn't exist in default configuration so if you create in (in chroot or not)
you have to configure all other things accordingly.
I should simply change /var/log/* to /var/named/chroot/var/log/* in
/etc/logrotate.d/named when bind-chroot is installed but I don't think this
change makes sence. What's your opinion about this?
I suspect that nine out of ten times someone installs bind for the first time,
he grabs the default named.conf that comes with the package, adds some domains
to it and is up and running. Therefore, since the default named.conf sends the
log to /var/log/named.log, that's where it will be in most systems.
/etc/logrotate.d/named comes with the bind package and points to the default
logfile. There is some crisp logic in that: if the admin changes the log
location, he should change it everywhere, and if he doesn't change anything,
logs and log rotation should work out of the box.
There is no reason why this logic should be lost if bind-chroot gets installed.
The problem now is that the chroot package seems to take care of everything
needed, but actually it does not. The stressed/sloppy/distracted admin sees
everything working and doesn't realise that bind isn't logging at all because
the directory /var/named/chrooot/var/log is missing. He only finds out there is
no log when he needs the log and goes looking for it. So then he creates the
directories and forgets the rotation, until a full partitition some time later
reminds him of that.
Is it the distro's job to compensate the sloppiness of the admin? Perhaps not.
But at least the distro shouldn't create traps for the sloppy admin to fall
into. If the bind-chroot pachage keeps the logic from the base bind package,
everything will work out of the box if the admin changes nothing. If, on the
other hand, the admin does change something, he will know that he needs to
change it everywhere.
For these reasons I still think that bind-chroot should create the directories
/var/named/chroot/var/log and point the logorate script to
/var/named/chroot/var/log/named.log . Besides, this is a zero-cost/zero-risk
change; it would spare some people some trouble but it wouldn't cause anyone
else any new trouble.
Your proposal change makes sence. I will fix this in 5.2
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
I just noticed, this has reverted back to its pre-fix behaviour.
The fix in RHSA-2008:0300-16 was
* the default named log rotation script did not work correctly when using
the bind-chroot package. In these updated packages, installing
bind-chroot creates the symbolic link "/var/log/named.log", which points
to "/var/named/chroot/var/log/named.log", which resolves this issue.
rpm -q bind-chroot
rpm -q --scripts bind-chroot
postinstall scriptlet (using /bin/sh):
if [ "$1" -gt 0 ]; then
/usr/sbin/bind-chroot-admin --enable > /dev/null 2>&1;
preuninstall scriptlet (using /bin/sh):
if [ "$1" -eq 0 ]; then
/usr/sbin/bind-chroot-admin --disable > /dev/null 2>&1;
posttrans scriptlet (using /bin/sh):
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
[ -x /sbin/restorecon ]; then
/sbin/restorecon /var/named/chroot/dev/* > /dev/null 2>&1;
I'm unable to re-open the bug. Could someone please do it for me, or should I clone it?