No subject
Tue Apr 2 00:56:56 UTC 2013
named:x:25:25:Named:/var/named:/sbin/nologin
from 'ls -l /var | grep named':
drwxr-x--- 4 named named 4096 Jul 2 21:10 named
from 'ls -l `which named`' (run as root):
-rwxr-xr-x 2 named named 4679248 Jul 9 10:42 /usr/local/sbin/named
I also wrote a test program that did the same access() call
and printed the results after assuming named's identity, both
with setegid/seteuid and setgid/setuid, but it also succeeds
(and displays the expected uid/gid in the message).
Lastly, I found that the 'not writable' message goes away when
I made the directory /group/ writable (remember it is owned by
named.named already).
What I'm really curios about is:
(a) If the effective uid/gid is 0 (root), how can the access()
call be resulting in "access denied"?
(b) If write access is *NOT* available, how is named updating
the files contained therein?
(c) Why doesn't it appear that named is running under the named
uid when the access() call fails?
(d) If named was actually running under the named uid, then why
was it denied write access to a directory owned by named
that had permissions of drwxr-x--- ?
--
Steve Vallière | mailto:bind9 at e-visions.com
More information about the bind-users
mailing list