Re: named problems
On Sat, 7 Dec 2002 15:56, Rodrigo Moya wrote:
> > That is what is wrong. BIND9 drops the capability cap_dac_override and
> > thus can't create files in directories owned by a UID other than root
> > unless they are mode 777.
> >
> > The solution is to have the directory owned by the same UID that is used
> > for running the named process.
>
> ok, did that. So, what has changed, the user with which named is run?
> Because I've had that working for months, and just started having those
> messages recently.
As far as I was aware BIND9 always dropped capabilities. But maybe that
wasn't always so and you had a version which didn't do it.
Also maybe you previously had named running under a UID that had write access
to the directory without dac_override.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: