Re: bind update keeps messing up write-rights

[Ed Warner <edwarner99@xxxxxxxxx>]

Message: 7
Date: Sat, 19 Jul 2008 06:26:53 -0400
From: "Christopher K. Johnson" <ckjohnson@xxxxxxx>
Subject: Re: bind update keeps messing up write-rights
To: For users of Fedora <fedora-list@xxxxxxxxxx>
Message-ID: <4881C16D.7010606@xxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Gijs wrote:
> Sam Varshavchik wrote:
>> Gijs writes:
>>
>>> Hey List,
>>>
>>> Not sure why this is happening so perhaps someone can explain this

>>> to me.
>>> Whenever I update bind it messes up/resets access rights on my
zone 
>>> files. Now normally this wouldn't be a bad thing, but because
I have 
>>> dynamic updates on, for which named creates journalizing files, I 
>>> end up having non-writeable journalizing files. So after every 
>>> update I end up having to manually change the access rights on my 
>>> jnl files.
>>>
>>> Is anyone else having the same problem and/or is it supposed to be

>>> like this?
>>
>> You must have bind configured to run in chroot.
>>
>> rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you 
>> have chroot configured, it runs this lovely bit of code:
>>
>>    chown -h root:named /var/named/* >/dev/null 2>&1;
>>    chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null

>> 2>&1;
>>    chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
>>    chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.* 
>> >/dev/null 2>&1;
>>    chown -h named:named /var/log/named.log >/dev/null 2>&1;
>>    chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log 
>> >/dev/null 2>&1;
>>    chmod 750 ${pfx}/var/named  >/dev/null 2>&1;
>>    chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
>>    chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
>>    chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
>>    chown -h named:named 
>> /var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null
2>&1;
>>    chown -h named:named 
>> ${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} 
>> >/dev/null 2>&1;
>>    chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null
2>&1;
>>    chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*}
>/dev/null 
>> 2>&1;
>>    chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.} 
>> >/dev/null 2>&1;
>>
>> Lovely.
>>
> Heh, that's indeed lovely. And yea, I've got named configured to
run 
> in chroot as it is the default nowadays (at least on Fedora).
>
>You should note that the 'dynamic' subfolder contents are set to mode
>660.
>Move your updateable zone files there and update the referenced paths in 
>named.conf accordingly.
>
>Chris
>

Could you clarify your statement for me please?

1. Othe than my zone files, what else goes into /var/named/chroot/var/named/dynamic ?

2. My named.conf resides in /var/named/chroot/etc, so I need to make changes to point to the path --> /var/named/chroot/var/named/dynamic ?

Thanks,



      

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list