read-access for zonefiles?

phn at phn at
Tue Jun 25 08:49:27 UTC 2002

Patrick Viola <pviola at> wrote:

> rndc works fine ... my prob is, that the zonefiles have 600 permission 
> and only named or root can look inside. My workmate also wants to read 
> these files for troubleshooting with a customer.

For master zones :
If dynamic updates is enabled named will make them mode 0600 and owned by the
UID of named.  
For non-dynamic zones named does not change mode, and only requires ro access.

Slave zonefiles are always mode 0600 and owned by UID of named.

Peter h
>   ~Patrick Viola

> phn at wrote:
>> Patrick Viola <pviola at> wrote:
>>>Hi all,
>>>yesterday a workmate asked me, if I could give read permissions for the 
>>>zonefiles to him. In the 8 Versions I do this with something like that ...
>>>controls { unix "/var/run/ndc" perm 0660 owner 25 group 1000; };
>>>But in Version 9 this configcommand exist's no longer.
>>>How can I give readpermissions to a workmate without give rootaccess to him?
>> To be able to run rndc your mate needs readaccess to /etc/rndc.conf ( and
>> everything included from there). He/she also needs write permissions
>> on the zonefiles ( and possibly the directory where the zonefiles lives).
>>>  ~Patrick Viola

Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list