Subject: Re: /etc/security: symlink vs. file (for /etc/named.conf)
To: Hubert Feyrer <>
From: Manuel Bouyer <>
List: tech-security
Date: 01/04/2007 17:26:11
On Thu, Jan 04, 2007 at 05:10:40PM +0100, Hubert Feyrer wrote:
> My /etc/named.conf is a symlink instead of a file, and every day my 
> 'insecurity' output consists of:
> 	Checking special files and directories.
> 	etc/named.conf:
> 	        type (file, link)
> Things I've tried to get rid of this:
> 1) change 'type=' in /etc/mtree/special from 'file' to 'link'
> 2) set 'check_mtree_follow_symlinks=yes' in /etc/security.conf.
> No go in either case - can someone tell me what to do to not see this any 
> more? Thanks a lot!

For a similar issue (chrooted named, isn't it ?) I have in
/set uname=root gname=wheel
./etc                           type=dir  mode=0755
./etc/namedb                    type=link mode=0755
./etc/named.conf                type=link mode=0755

no changes needed to other files in /etc/mtree/
This is on NetBSD 3.x

Manuel Bouyer, LIP6, Universite Paris VI. 
     NetBSD: 26 ans d'experience feront toujours la difference