BIND and OpenBSD vs. Chroot Problem

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Sun Feb 3 12:25:35 UTC 2002


waynoedm at telusplanet.net wrote:
> I've got my conf and zone files all good (assumed), but am having problems with
> permissions I beleive. I'm using the latest OpenBSD with BIND 9.1.3 installed.
> The problem I am having I am sure, is with the permissions of the user "named".
> My rc.conf has my "named" flagged to "" and the chroot directory is /var/named.
> however, I'm not getting the right results. Everytime I try running "named", it
> cannot find file /etc/named.conf. I've created a symbolic link of
> /var/named/named.conf to /etc/named.conf and chowned the link to the user
> "named". It still isn't finding my conf file. 

> Feb  2 15:33:13 ns1 named[1061]: starting BIND 9.1.3 -t /var/named -u named
> Feb  2 15:33:14 ns1 named[1061]: /etc/named.conf: open: file not found
> Feb  2 15:33:14 ns1 named[1061]: loading configuration: file not found
> Feb  2 15:33:14 ns1 named[1061]: exiting (due to fatal error)

> Any suggestions?

Yes. 

1/ upgrade to 9.2.0 
2/ a working bind-9 in openbsd 2.9 comes here :
in rc.conf : 
ns:peter {101} grep named /etc/rc.conf                                  
named_flags="-c /named.conf"    # for normal use: ""
named_user=named                # Named should not run as root unless neccesary
named_chroot=/var/named         # Where to chroot named if not empty

You need a user named in passwd ( it's supplied with the system :
named:*:70:70:BIND Name Service Daemon:/var/named:/sbin/nologin

You also need /var/named, where all needed file must reside. No softlinks
pointing outside ! So move your named.conf to /var/named  :

ns:peter {103} ll /var/named
total 18
2 drwxr-xr-x  2 root   wheel   512 Jan 28 23:42 dev
2 drwxr-xr-x  2 root   wheel   512 Apr 28  2001 etc
8 -rw-r--r--  1 peter  wheel  3285 Dec 29 10:44 named.conf
2 drwxr-xr-x  5 named  bin     512 Jan 12 11:32 namedb
2 -r--------  1 named  wheel    92 Apr 18  2001 rndc-key
2 drwxr-xr-x  3 root   wheel   512 Feb 24  2001 var

the directory "namedb" is used in options "directory" and need to 
be owned and writable by user named.

All of the above will have named started chrooted, and as user named. 
ps on the running will show :
named    31372  0.0  9.4  2764  3024 ??  Is    Mon11PM    3:02.45 named -t /var/named -u named -c /named.conf 



> Thanks.


-- 
Peter Håkanson         
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
	   Remove "icke-reklam" and it works.


More information about the bind-users mailing list