[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: named problems

On Sat, 7 Dec 2002 15:56, Rodrigo Moya wrote:
> > That is what is wrong.  BIND9 drops the capability cap_dac_override and
> > thus can't create files in directories owned by a UID other than root
> > unless they are mode 777.
> >
> > The solution is to have the directory owned by the same UID that is used
> > for running the named process.
> ok, did that. So, what has changed, the user with which named is run?
> Because I've had that working for months, and just started having those
> messages recently.

As far as I was aware BIND9 always dropped capabilities.  But maybe that 
wasn't always so and you had a version which didn't do it.

Also maybe you previously had named running under a UID that had write access 
to the directory without dac_override.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: