Re: bin/53652: Change permission of namedb directory

[christos%zoulas.com@localhost (Christos Zoulas)]

On Oct 6,  4:15pm, taca%back-street.net@localhost (taca%back-street.net@localhost) wrote:
-- Subject: bin/53652: Change permission of namedb directory

Yes, the secroots issue correct; as well as:

dump-file
The pathname of the file the server dumps the database to when instructed to do so with rndc dumpdb. If not specified, the default is named_dump.db.

memstatistics-file
The pathname of the file the server writes memory usage statistics to on exit. If not specified, the default is named.memstats.

recursing-file
The pathname of the file the server dumps the queries that are currently recursing when instructed to do so with rndc recursing. If not specified, the default is named.recursing.

statistics-file
The pathname of the file the server appends statistics to when instructed to do so using rndc stats. If not specified, the default is named.stats in the server's current directory. The format of the file is described in the section called "The Statistics File".

secroots-file
The pathname of the file the server dumps security roots to when instructed to do so with rndc secroots. If not specified, the default is named.secroots.

So I guess we can either revert the "nta" file change and make /etc/namedb
writable by the daemon, or we can double down and create a "stats" or "status"
or "logs" directory in /etc/named and default all of those files to go there.
It sounds neater to do that, but it is not desirable from a compatibility POV.

I think we should go with the first option (revert/make writable). Opinions?

christos