misc/42306: permissions on /var/chroot/named/etc/namedb

To: misc-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: misc/42306: permissions on /var/chroot/named/etc/namedb
From: prlw1%cam.ac.uk@localhost
Date: Wed, 11 Nov 2009 14:55:01 +0000 (UTC)

>Number:         42306
>Category:       misc
>Synopsis:       chrooted named can't write to namedb
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 11 14:55:01 +0000 2009
>Originator:     Patrick Welche
>Release:        NetBSD 5.99.22
>Organization:
        
>Environment:
NetBSD-current
>Description:
Our default etc/named.conf has:

        directory "/etc/namedb";

rather than /etc/namedb/cache, and I would leave that as I think /etc/namedb is 
the
more usual choice.

Our etc/mtree/special file however has:

./var/chroot/named/etc/namedb   type=dir  mode=0755
./var/chroot/named/etc/namedb/cache     type=dir mode=0775 uname=named 
gname=named

If you run named in a chroot, named won't be able to write to etc/namedb.
>How-To-Repeat:
The actual surprise was setting up the chroot, with a
chown named:named /var/chroot/named/etc/namedb
and then being surprised after a build at the logs filling up with
 named[164]: general: error: dumping master file: tmp-B6BVu5A1mN: open: 
permission denied
because I let /etc/mtree/special change the ownership as a result of the build.
>Fix:

Index: special
===================================================================
RCS file: /cvsroot/src/etc/mtree/special,v
retrieving revision 1.131
diff -u -r1.131 special
--- special     29 Sep 2009 23:56:27 -0000      1.131
+++ special     11 Nov 2009 14:53:02 -0000
@@ -378,8 +378,7 @@
 ./var/chroot/named             type=dir  mode=0755
 ./var/chroot/named/dev         type=dir  mode=0755
 ./var/chroot/named/etc         type=dir  mode=0755
-./var/chroot/named/etc/namedb  type=dir  mode=0755
-./var/chroot/named/etc/namedb/cache    type=dir mode=0775 uname=named 
gname=named
+./var/chroot/named/etc/namedb  type=dir  mode=0775 uname=named gname=named
 ./var/chroot/named/usr         type=dir  mode=0755
 ./var/chroot/named/usr/libexec type=dir  mode=0755
 ./var/chroot/named/var         type=dir  mode=0755

Prev by Date: Re: port-i386/41381 (acpi does not work in HP6515b laptop)
Next by Date: Re: kern/38858 (interrupt problem on dell inspiron 8600)
Previous by Thread: Re: port-i386/41381 (acpi does not work in HP6515b laptop)
Next by Thread: Re: install/37363 (The "pf" doesn't work with GENERIC.MP)
Indexes:

Home | Main Index | Thread Index | Old Index