chroot Bind 9.2

Mark_Andrews at isc.org Mark_Andrews at isc.org
Thu Jan 31 23:34:50 UTC 2002 

> 
> hi all ,
> 
> I've got a problem with named deamon..
> I've tried to chroot bind 9.2 according to the Chroot-BIND-HOWTO-2,
> and when i ran script named, message is OK, but nothing particular
> happened.
> on a ps -auxw, there's nothing about named exept "syslogd -m 0 -a
> /chroot/named/dev/log".
> Is it normal ??
> What can be the problem ? is there any rights problems ?
> please find my conf below. 

	Start named with -g in addition to the other arguements and
	run it from a terminal.  Note named drops most of roots
	capabilities at the very start on linux.  The permissions
	on /chroot and /chroot/named may be too tight preventing
	named chrooting to /chroot/named.  If this is the problem
	add go+x to these directories.
	
	Mark
> 
> Thank you in advance.
> 
> here is : /chroot/named
> drwx------    5 named    named        4096 jan 30 18:53 .
> drwx------    3 root     root         4096 jan 30 18:52 ..
> drwxr-xr-x    2 root     root         4096 jan 31 15:31 dev
> drwxr-xr-x    3 root     root         4096 jan 30 18:58 etc
> drwxr-xr-x    3 root     root         4096 jan 30 18:53 var
> [
> here is : /chroot/named/var
> drwxr-xr-x    3 root     root         4096 jan 30 18:53 .
> drwx------    5 named    named        4096 jan 30 18:53 ..
> drwxr-xr-x    2 named    named        4096 jan 30 18:53 run
> 
> here is : /chroot/named/etc
> drwxr-xr-x    3 root     root         4096 jan 30 18:58 .
> drwx------    5 named    named        4096 jan 30 18:53 ..
> -rw-r--r--    1 root     root         1082 jan 30 18:58 localtime
> drwxr-xr-x    3 root     root         4096 jan 30 18:56 namedb
> -rw-r--r--    1 root     root          837 jan 31 14:10 named.conf
> 
> here is : /chroot/named/etc/namedb
> drwxr-xr-x    3 root     root         4096 jan 30 18:56 .
> drwxr-xr-x    3 root     root         4096 jan 30 18:58 ..
> -rw-r--r--    1 25       25            195 jui  3  2001 localhost.zone
> -rw-r--r--    1 25       25           2769 jui  3  2001 named.ca
> -rw-r--r--    1 25       25            433 jui  3  2001 named.local
> drwxr-xr-x    2 named    named        4096 jan 30 18:55 slave
> 
> here is : /chroot/named/dev
> drwxr-xr-x    2 root     root         4096 jan 31 15:31 .
> drwx------    5 named    named        4096 jan 30 18:53 ..
> srw-rw-rw-    1 root     root            0 jan 31 15:31 log
> crw-rw-rw-    1 root     root       1,   3 jan 30 18:57 null
> crw-rw-rw-    1 root     root       1,   8 jan 30 18:58 random
> 
> here is the starting part of named script in /etc/rc.d/init.d
> 
> [ -f /usr/local/sbin/named ] || exit 0
> 
> [ -f /chroot/named/etc/named.conf ] || exit 0
> 
> # See how we were called.
> case "$1" in
>   start)
>         # Start daemons.
>         echo -n "Starting DNS Server - BIND : "
>         daemon /usr/local/sbin/named -t /chroot/named -c
> /etc/named.conf -u named
>         RETVAL=$?
>         echo
>         [ $RETVAL = 0 ] && touch /var/lock/subsys/named
>         ;;
> 
> here is my named line in passwd :
> named:x:53:53:DNS User:/chroot/named:/bin/false
> in shadow file:
> named:*:11717:0:99999:7:::
> 
> Here is the first part of my named.conf :
> options {
>         directory "/etc/namedb";
>         pid-file "/var/run/named.pid";
>         statistics-file "/var/run/named.stats";
> };
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list