Slave db file permissions

Mark Andrews Mark_Andrews at
Tue Mar 18 00:49:40 UTC 2008

> I apologize if this has already been answered in the archives or in a
> FAQ. My searches did not discover anything.


7. Umask not Modified

The BIND 8 named unconditionally sets the umask to 022.  BIND 9 does
not; the umask inherited from the parent process remains in effect.
This may cause files created by named, such as journal files, to be
created with different file permissions than they did in BIND 8.  If
necessary, the umask should be set explicitly in the script used to
start the named process.

1267.   [func]          isc_file_openunique() now creates file using mode
                        0666 rather than 0600.

> How do I set permissions on the slave db files? The /etc/named.conf file
> is updated when a new slave is added to the system, then the named
> process takes over and does the zone transfer to get the new slave file.
> The slave files aren't protected as tightly as the master files are. Is
> there a named.conf zone option I can use? (I didn't see one in my BIND
> books.) Is there a command line option on the named process, like -u/-g?
> (I didn't see anything in the man pages.) Is it handled entirely by the
> umask of the account running the named process?
> Thanks!
> jwc
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the bind-users mailing list