fedora core 9 bind problem
Mark_Andrews at isc.org
Thu Jun 26 22:51:28 UTC 2008
> On Thu, Jun 26, 2008 at 10:19:25AM +1000, Mark Andrews wrote:
> > Named has *alway* required a writeable working directory.
> > This was explicitly pointed out in earlier versions of
> > manuals, etc. The working directory is the default write
> > location for lots of files, in addition it is the default
> > on most OS's for core dumps. Failure to provide this will
> > may cause some operations to fail. It may also make it
> > more difficult to diagnose fatal problems which cause named
> > to exit.
> Hm, could you point me why exactly working directory is required to be
> writable? We have writable subdirectories in working directory for
> secondary zones, DDNS zones, runtime information but many of files
> don't have to be writable - like zone files (non DDNS zones), keys
> etc. It improves security and doesn't affect named.
Please prove your assertion that a non-writable working directory
improves security. Remember the working directory does not need
to be "/var/named". "/var/named/working", which is empty, will do
> Only core files
> might be problem (it was discussed some time ago) but this is not
> common situation and admin can explicitly make working directory
Which does not help with non-(easily)-reproducable conditions. The
point in having the directory writable is that you catch the state
the server is in when you have a problem.
> > If the defaults presented by the OS don't meet the applications
> > needs then the defaults are wrong and should be corrected.
> > "defaults" here covers both the file system and the contents
> > of named.conf.
> > Mark
> I'm ready to make working directory writable but I don't see any
> benefit now. Could you point me in which situations named could have
Failure to write a core is a problem for anyone that wants support.
Named, deliberately, attempts to write core files.
> Adam Tkac, Red Hat, Inc.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users