bind 9.7.1-P2 startup: unable to set effective gid to 0

Takashi Mizuno t.mizuno.sw at rdc.west.ntt.co.jp
Thu Sep 30 05:04:21 UTC 2010


We are also facing the same issue that AJ wrote previously.

We are trying to upgrade from bind version 9.4.3-P3 to 9.7.2-P2 using with 
chroot environment on a Solaris 9.
It never see the following warning message when bind 9.4.3-P3 running on a 
our solaris 9 server, but 9.7.1-P2, 9.7.2rc1 and 9.7.2-P2 show same warning 
message;

   [ID 873579 daemon.notice] starting BIND 9.7.2-P2 -u named -t 
/var/named/chroot
   [ID 873579 daemon.notice] built with '--exec-prefix=/opt/bind-9.7.2-P2' 
'--without-openssl' '--disable-ipv6'
   [ID 873579 daemon.warning] unable to set effective gid to 0: Not owner
   Sep 29 15:20:34 dns1 last message repeated 1 time
   [ID 873579 daemon.notice] command channel listening on 127.0.0.1#953

Our bind be starting with following parameters on a our server;
   /opt/bind/sbin/named -u named -t /var/named/chroot &

Our chroot directory on a our server have respectively set to;
   drwxr-xr-x   3 named    named         512  /var/named/
   drwx------   6 named    named        512 /var/named/chroot/
   drwx------   4 named    named        512 /var/named/chroot/var/
   drwx------   5 named    named       1536 /var/named/chroot/var/named/ .

Our named user have set to;
   # grep named /etc/passwd
   named:x:53:53::/var/named:/bin/false
   # grep named /etc/group
   named::53: .


Does anyone help how this warning message do repress?

Thanks for advance
--
Takashi M.


----- Original Message ----- 
From: "aldus jung" <aldusj99 at gmail.com>
To: <bind-users at isc.org>
Sent: Saturday, September 18, 2010 8:13 AM
Subject: Re: bind 9.7.1-P2 startup: unable to set effective gid to 0


> Just a follow up, I've added some debug statements to bin/named/unix/os.c 
> to
> see the files that named is trying to set the effective gid for, and I 
> see:
> [ID 873 daemon.warning] Trying to open: '/var/run/named.pid'.
> [ID 873 daemon.warning] unable to set effective gid to 0: Not owner
> [ID 873 daemon.info] generating session key for dynamic DNS
> [ID 873 daemon.warning] Trying to open: '/var/run/named/session.key'.
>
> We are running bind in a chrooted environment, running named as user 
> 'named'
> on a Solaris 10 server:
> /bind/sbin/named -t /chroot/domain -u named
>
> Only when we make root's primary id to be 0, we can get rid of the 
> warning.
> We tried adding root to the group 'root', and we still get the warning.
>
> We've set /chroot/domain/var/run ownership to: drwxrwxr-x   4 root 
> other
>
> And named.pid gets created correctly:
> -rw-r--r--   1 named    named
>
> It could be something simple that I am missing.. we'll well see.  Any
> thoughts?   Thanks for your help,
>
> AJ
>
> On Fri, Sep 17, 2010 at 2:42 PM, aldus jung <aldusj99 at gmail.com> wrote:
>
>> We recently upgraded from bind version 9.7.0 to 9.7.1-P2 and we noticed
>> that upon start of named, we are seeing the following warning message:
>>
>>  [ID 123 daemon.warning] unable to set effective gid to 0: Not owner
>>  [ID 123 daemon.info] generating session key for dynamic DNS
>>  [ID 123 daemon.warning] unable to set effective gid to 0: Not owner
>>
>> On our DNS server, root user is configured as uid=0(root) gid=1(other), 
>> but
>> we didn't encounter these warnings in version 9.7.0.
>> It would be easy to work around the warnings by adding root to root's
>> group, but I wanted to understand why we are getting these warning when 
>> we
>> didn't see this on 9.7.0.
>>
>> Which file or directory is named trying to set gid to 0?
>>
>> thanks for your help,
>> AJ
>>
>>
>


--------------------------------------------------------------------------------


> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users 




More information about the bind-users mailing list