Re: named problems

To: Rodrigo Moya <rodrigo@gnome-db.org>
Cc: debian-devel@lists.debian.org
Subject: Re: named problems
From: Russell Coker <russell@coker.com.au>
Date: Sat, 7 Dec 2002 18:50:08 +0100
Message-id: <[🔎] 200212071850.08355.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 1039272966.2193.34.camel@azkoyen.gnome-db.org>
References: <[🔎] 1039270810.2193.16.camel@azkoyen.gnome-db.org> <[🔎] 200212071526.25288.russell@coker.com.au> <[🔎] 1039272966.2193.34.camel@azkoyen.gnome-db.org>

On Sat, 7 Dec 2002 15:56, Rodrigo Moya wrote:
> > That is what is wrong.  BIND9 drops the capability cap_dac_override and
> > thus can't create files in directories owned by a UID other than root
> > unless they are mode 777.
> >
> > The solution is to have the directory owned by the same UID that is used
> > for running the named process.
>
> ok, did that. So, what has changed, the user with which named is run?
> Because I've had that working for months, and just started having those
> messages recently.

As far as I was aware BIND9 always dropped capabilities.  But maybe that 
wasn't always so and you had a version which didn't do it.

Also maybe you previously had named running under a UID that had write access 
to the directory without dac_override.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- named problems
  - From: Rodrigo Moya <rodrigo@gnome-db.org>
- Re: named problems
  - From: Russell Coker <russell@coker.com.au>
- Re: named problems
  - From: Rodrigo Moya <rodrigo@gnome-db.org>

Prev by Date: Re: Porting Xconfigurator to Debian!
Next by Date: Bug#172141: ITP: pts -- Tetrinet Server Written in Perl
Previous by thread: Re: named problems
Next by thread: Bug#172141: ITP: pts -- Tetrinet Server Written in Perl
Index(es):
- Date
- Thread