From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513 Description of problem: When using 'bindconf' to create new zone files, the zone files are created with root:root ownership and may not be world-readable in some cases. 'named' runs as 'named:named' and cannot read the new zone files, with 'permission denied' messages showing up in /var/log/messages Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Log in as a user (not root) 2. Set your umask to 027 3. Invoke 'bindconf' from either the KDE or Gnome menu systems 4. Use 'bindconf' to create a new zone file or files. 5. Use a filemanager or shell to note the ownerships and permissions of the zone files in /var/named 6. Restart 'named' using /sbin/init.d/named restart or 'rndc reload' 7. Look at the messages in /var/log/messages Actual Results: /var/log/messages will contain something like: Jun 1 09:37:24 aria named[5427]: zone 0.0.127.in-addr.arpa/IN: loading master file 0.0.127.in-addr.arpa.zone: permission denied Jun 1 09:37:24 aria named[5427]: zone 1.168.192.in-addr.arpa/IN: loading master file 1.168.192.in-addr.arpa.zone: permission denied Jun 1 09:37:24 aria named[5427]: zone xxxx.com/IN: loading master file xxxx.com.zone: permission denied Jun 1 09:37:24 aria named[5427]: zone localhost/IN: loaded serial 1 Jun 1 09:37:24 aria named[5427]: running Jun 1 09:37:24 aria named: named startup succeeded Expected Results: No named 'permission denied' messages should have been output to /var/log/messages. Additional info: This bug can probably only occur if a user routinely keeps the 'other' component of his umask at 7. I suggest adding a little bit of code to 'bindconf' that makes sure any files it creates will be readable by 'named:named' OR having 'bindconf' change its umask when it executes. An easy workaround is to write a bindconf wrapper script that sets a friendlier umask before executing the real 'bindconf'.
Fixed in redhat-config-bind 1.7.1-7 build Files will be owned by named.named