chroot /var/run permissions

johnh at primebuchholz.com johnh at primebuchholz.com
Tue Aug 27 18:38:11 UTC 2013


Greetings,

I'm upgrading my bind installation on one of my hosts, and everything 
seems to be working properly although I'm getting a permissions 
error/warning in the log on startup:

Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open 
'/var/run/named.pid'.
Aug 27 14:24:45 flotsam named[13746]: Please check file and directory 
permissions or reconfigure the filename.
Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open 
'/var/run/named/session.key'.
Aug 27 14:24:45 flotsam named[13746]: Please check file and directory 
permissions or reconfigure the filename.
Aug 27 14:24:45 flotsam named[13746]: command channel listening on 
127.0.0.1#953
Aug 27 14:24:45 flotsam named[13746]: the working directory is not 
writable
Aug 27 14:24:45 flotsam named[13746]: all zones loaded

This is in a chroot environment, and I'm starting a static-linked copy of 
named like this: /var/named/usr/sbin/named -t /var/named -u named.

The permissions on the tree in questions are:

/var/named/var:

drwxrwx---  3 root  named  512 Aug 27 14:25 run

/var/named/var/run:

drwxrwx---  2 root  named  512 Aug 27 14:25 named

After named starts, it creates /var/named/var/run/named.pid and 
/var/named/var/run/named/session.key with the following permissions:

-rw-r--r--  1 root  named    6 Aug 27 14:35 named.pid

-rw-------  1 root  named  102 Aug 27 14:35 session.key

What I am I missing here?  /var/named/var/run and /var/named/var/run/named 
have group write permissions, so it seems it *shouldn't* be complaining, 
and the resulting files should've been owned by named, shouldn't they?

Thanks,

-John

--
	Please consider the environment before printing this e-mail.
 
	This e-mail is intended only for the named person or entity to which it
	is addressed and contains valuable business information that is
	privileged, confidential and/or otherwise protected from disclosure.
	Dissemination, distribution or copying of this e-mail or the information
	herein by anyone other than the intended recipient, or an employee, or
	agent responsible for delivering the message to the intended recipient,
	is strictly prohibited.  All contents are the copyright property of the
	sender.  If you are not the intended recipient, you are nevertheless
	bound to respect the sender's worldwide legal rights.  We require that
	unintended recipients delete the e-mail and destroy all electronic
	copies in their system, retaining no copies in any media.  If you have
	received this e-mail in error, please immediately notify us by calling
	our Help Desk at (603) 433-1143, or e-mail to it at primebuchholz.com.
	We appreciate your cooperation.
	


More information about the bind-users mailing list