working directory not writable
Steven P Vallière
bind9 at e-visions.com
Thu Jul 17 14:40:00 UTC 2008
>> What I'm really curios about is:
>>
>> (a) If the effective uid/gid is 0 (root), how can the access()
>> call be resulting in "access denied"?
>>
>> (b) If write access is *NOT* available, how is named updating
>> the files contained therein?
>>
>> (c) Why doesn't it appear that named is running under the named
>> uid when the access() call fails?
>>
>> (d) If named was actually running under the named uid, then why
>> was it denied write access to a directory owned by named
>> that had permissions of drwxr-x--- ?
>>
>> --
>> Steve Vallière | mailto:bind9 at e-visions.com
MA> Under linux named drops root's extra capabilities.
That might answer some questions, but it leaves the most
important one open:
If write access is *NOT* available, how is named updating
the files contained therein?
It the access() call is being made under a limited root account
and then the program changes to the named account later, then
the access() call is *wrong* and there's no point in logging
the message.
I believe that the access() test is being made at the wrong
point in the program, because it has not yet changed its uid
to 'named' when it is called, but it is running as 'named' when
it actually tries to write to the directory. I really don't
think that can be blamed on any SELinux setting or anything else
outside of the named program itself.
MA> You also need to look a SELinux.
Oh, I figured that since I told the Fedora installer to disable
the SELinux (or not to enable or install it, I forget how the
option was phrased), it wouldn't be all that relevant.
--
Steve Vallière | mailto:bind9 at e-visions.com
More information about the bind-users
mailing list