bind 9.7.1-P2 startup: unable to set effective gid to 0
Takashi Mizuno
t.mizuno.sw at rdc.west.ntt.co.jp
Thu Sep 30 05:04:21 UTC 2010
We are also facing the same issue that AJ wrote previously.
We are trying to upgrade from bind version 9.4.3-P3 to 9.7.2-P2 using with
chroot environment on a Solaris 9.
It never see the following warning message when bind 9.4.3-P3 running on a
our solaris 9 server, but 9.7.1-P2, 9.7.2rc1 and 9.7.2-P2 show same warning
message;
[ID 873579 daemon.notice] starting BIND 9.7.2-P2 -u named -t
/var/named/chroot
[ID 873579 daemon.notice] built with '--exec-prefix=/opt/bind-9.7.2-P2'
'--without-openssl' '--disable-ipv6'
[ID 873579 daemon.warning] unable to set effective gid to 0: Not owner
Sep 29 15:20:34 dns1 last message repeated 1 time
[ID 873579 daemon.notice] command channel listening on 127.0.0.1#953
Our bind be starting with following parameters on a our server;
/opt/bind/sbin/named -u named -t /var/named/chroot &
Our chroot directory on a our server have respectively set to;
drwxr-xr-x 3 named named 512 /var/named/
drwx------ 6 named named 512 /var/named/chroot/
drwx------ 4 named named 512 /var/named/chroot/var/
drwx------ 5 named named 1536 /var/named/chroot/var/named/ .
Our named user have set to;
# grep named /etc/passwd
named:x:53:53::/var/named:/bin/false
# grep named /etc/group
named::53: .
Does anyone help how this warning message do repress?
Thanks for advance
--
Takashi M.
----- Original Message -----
From: "aldus jung" <aldusj99 at gmail.com>
To: <bind-users at isc.org>
Sent: Saturday, September 18, 2010 8:13 AM
Subject: Re: bind 9.7.1-P2 startup: unable to set effective gid to 0
> Just a follow up, I've added some debug statements to bin/named/unix/os.c
> to
> see the files that named is trying to set the effective gid for, and I
> see:
> [ID 873 daemon.warning] Trying to open: '/var/run/named.pid'.
> [ID 873 daemon.warning] unable to set effective gid to 0: Not owner
> [ID 873 daemon.info] generating session key for dynamic DNS
> [ID 873 daemon.warning] Trying to open: '/var/run/named/session.key'.
>
> We are running bind in a chrooted environment, running named as user
> 'named'
> on a Solaris 10 server:
> /bind/sbin/named -t /chroot/domain -u named
>
> Only when we make root's primary id to be 0, we can get rid of the
> warning.
> We tried adding root to the group 'root', and we still get the warning.
>
> We've set /chroot/domain/var/run ownership to: drwxrwxr-x 4 root
> other
>
> And named.pid gets created correctly:
> -rw-r--r-- 1 named named
>
> It could be something simple that I am missing.. we'll well see. Any
> thoughts? Thanks for your help,
>
> AJ
>
> On Fri, Sep 17, 2010 at 2:42 PM, aldus jung <aldusj99 at gmail.com> wrote:
>
>> We recently upgraded from bind version 9.7.0 to 9.7.1-P2 and we noticed
>> that upon start of named, we are seeing the following warning message:
>>
>> [ID 123 daemon.warning] unable to set effective gid to 0: Not owner
>> [ID 123 daemon.info] generating session key for dynamic DNS
>> [ID 123 daemon.warning] unable to set effective gid to 0: Not owner
>>
>> On our DNS server, root user is configured as uid=0(root) gid=1(other),
>> but
>> we didn't encounter these warnings in version 9.7.0.
>> It would be easy to work around the warnings by adding root to root's
>> group, but I wanted to understand why we are getting these warning when
>> we
>> didn't see this on 9.7.0.
>>
>> Which file or directory is named trying to set gid to 0?
>>
>> thanks for your help,
>> AJ
>>
>>
>
--------------------------------------------------------------------------------
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list