[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/53652: Change permission of namedb directory
The following reply was made to PR bin/53652; it has been noted by GNATS.
From: Takahiro Kambe <taca%back-street.net@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, taca%back-street.net@localhost
Subject: Re: bin/53652: Change permission of namedb directory
Date: Tue, 09 Oct 2018 15:25:53 +0900 (JST)
In message <20181006181001.839577A1FB%mollari.NetBSD.org@localhost>
on Sat, 6 Oct 2018 18:10:01 +0000 (UTC),
christos%zoulas.com@localhost (Christos Zoulas) wrote:
> This is not a good idea. NetBSD-current comes with bind-9.12 and
> a local fix which avoids this issue.
I think so, too.
> RCS file: /cvsroot/src/external/mpl/bind/dist/lib/dns/view.c,v
> revision 1.3
> date: 2018-09-12 11:28:42 -0400; author: christos; state: Exp; lines: +2 -2; commitid: adpcledHWXK8qPRA;
> Put the nta files in a subdirectory instead of requiring the namedb root
> directory to be writable by named... Others have expressed the same concern,
> but upstream refused: https://bugzilla.redhat.com/show_bug.cgi?id=1487823
Note: ISC refused to accept this change as above.
> Doesn't this work for you?
It dose not completly with default configuration on NetBSD current
# echo 'named_chrootdir="/var/chroot/named"' >> /etc/rc.conf
# sh /etc/rc.d/named onestart
# sh /etc/rc.d/named onestatus
named is running as pid 1140.
# /usr/sbin/rndc secroots
rndc: 'secroots' failed: permission denied
could not open named.secroots
So, it is required changing permission of "directory" or providing
proper default value for these statements: "secroots-file",
"recursing-file" and so on.
Takahiro Kambe <taca%back-street.net@localhost>
Main Index |
Thread Index |