Message: 9
Date: Sat, 19 Jul 2008 19:50:26 +0200
From: Gijs <info@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: bind update keeps messing up write-rights
To: For users of Fedora <fedora-list@xxxxxxxxxx>
Message-ID:
<48822962.5080202@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
Ed Warner wrote:
Message: 7
Date: Sat, 19 Jul 2008 06:26:53 -0400
From: "Christopher K. Johnson"
<ckjohnson@xxxxxxx>
Subject: Re: bind update keeps messing up write-rights
To: For users of Fedora <fedora-list@xxxxxxxxxx>
Message-ID: <4881C16D.7010606@xxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1;
format=flowed
Gijs wrote:
Sam Varshavchik wrote:
Gijs writes:
Hey List,
Not sure why this is happening so perhaps
someone can explain this
to me.
Whenever I update bind it messes up/resets
access rights on my
zone
files. Now normally this wouldn't be a
bad thing, but because
I have
dynamic updates on, for which named
creates journalizing files, I
end up having non-writeable journalizing
files. So after every
update I end up having to manually change
the access rights on my
jnl files.
Is anyone else having the same problem
and/or is it supposed to be
like this?
You must have bind configured to run in
chroot.
rpm's %post script runs
/usr/sbin/bind-chroot-admin where, if you
have chroot configured, it runs this lovely
bit of code:
chown -h root:named /var/named/*
/dev/null 2>&1;
chown -h root:named
${BIND_CHROOT_PREFIX}/var/named/* >/dev/null
2>&1;
chown -h root:named /etc/{named,rndc}.*
/dev/null 2>&1;
chown -h root:named
${BIND_CHROOT_PREFIX}/etc/{named,rndc}.*
/dev/null 2>&1;
chown -h named:named /var/log/named.log
/dev/null 2>&1;
chown -h named:named
${BIND_CHROOT_PREFIX}/var/log/named.log
/dev/null 2>&1;
chmod 750 ${pfx}/var/named >/dev/null
2>&1;
chmod 640 ${pfx}/var/named/* >/dev/null
2>&1;
chmod 750 ${pfx}/var/named/*/.
/dev/null 2>&1;
chmod 660 ${pfx}/var/log/named.log
/dev/null 2>&1;
chown -h named:named
/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
/dev/null
2>&1;
chown -h named:named
${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
/dev/null 2>&1;
chmod 770
${pfx}/var/named/{data,slaves,dynamic} >/dev/null
2>&1;
chmod 660
${pfx}/var/named/{data/*,slaves/*,dynamic/*}
/dev/null
2>&1;
chmod 770
${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.}
/dev/null 2>&1;
Lovely.
Heh, that's indeed lovely. And yea, I've
got named configured to
run
in chroot as it is the default nowadays (at least
on Fedora).
You should note that the 'dynamic'
subfolder contents are set to mode
660.
Move your updateable zone files there and update
the referenced paths in
named.conf accordingly.
Chris
Could you clarify your statement for me please?
1. Othe than my zone files, what else goes into
/var/named/chroot/var/named/dynamic ?
2. My named.conf resides in /var/named/chroot/etc, so
I need to make changes to point to the path -->
/var/named/chroot/var/named/dynamic ?
Thanks
I cannot really clarify point 1, but I can somewhat clarify
point 2.
In my named.conf I now have the following:
zone "0.168.192.in-addr.arpa" IN {
type master;
file "dynamic/named.0.168.192";
allow-update { key rndc; };
};
zone "home" IN {
type master;
file "dynamic/home.zone";
allow-update { key rndc; };
};
This allows named to find the zone files inside the dynamic
folder.
Also, /var/named/chroot/etc/named.conf has a hardlink to
/etc/named.conf
so that might be somewhat easier to type next time you want
to edit that
file :). And because named is running inside a chroot, you
cannot set
the path to "/var/named/chroot/var/named/dynamic"
inside the named.conf.
For named, the chroot basically means that everything is
running from
the /var/named/chroot directory. In other words, if you
refer to
/var/named/dynamic inside your named.conf, it actually
refers to
/var/named/chroot/var/named/dynamic.
Hope this makes sense :)
