chroot /var/run permissions
johnh at primebuchholz.com
johnh at primebuchholz.com
Tue Aug 27 18:38:11 UTC 2013
Greetings,
I'm upgrading my bind installation on one of my hosts, and everything
seems to be working properly although I'm getting a permissions
error/warning in the log on startup:
Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open
'/var/run/named.pid'.
Aug 27 14:24:45 flotsam named[13746]: Please check file and directory
permissions or reconfigure the filename.
Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open
'/var/run/named/session.key'.
Aug 27 14:24:45 flotsam named[13746]: Please check file and directory
permissions or reconfigure the filename.
Aug 27 14:24:45 flotsam named[13746]: command channel listening on
127.0.0.1#953
Aug 27 14:24:45 flotsam named[13746]: the working directory is not
writable
Aug 27 14:24:45 flotsam named[13746]: all zones loaded
This is in a chroot environment, and I'm starting a static-linked copy of
named like this: /var/named/usr/sbin/named -t /var/named -u named.
The permissions on the tree in questions are:
/var/named/var:
drwxrwx--- 3 root named 512 Aug 27 14:25 run
/var/named/var/run:
drwxrwx--- 2 root named 512 Aug 27 14:25 named
After named starts, it creates /var/named/var/run/named.pid and
/var/named/var/run/named/session.key with the following permissions:
-rw-r--r-- 1 root named 6 Aug 27 14:35 named.pid
-rw------- 1 root named 102 Aug 27 14:35 session.key
What I am I missing here? /var/named/var/run and /var/named/var/run/named
have group write permissions, so it seems it *shouldn't* be complaining,
and the resulting files should've been owned by named, shouldn't they?
Thanks,
-John
--
Please consider the environment before printing this e-mail.
This e-mail is intended only for the named person or entity to which it
is addressed and contains valuable business information that is
privileged, confidential and/or otherwise protected from disclosure.
Dissemination, distribution or copying of this e-mail or the information
herein by anyone other than the intended recipient, or an employee, or
agent responsible for delivering the message to the intended recipient,
is strictly prohibited. All contents are the copyright property of the
sender. If you are not the intended recipient, you are nevertheless
bound to respect the sender's worldwide legal rights. We require that
unintended recipients delete the e-mail and destroy all electronic
copies in their system, retaining no copies in any media. If you have
received this e-mail in error, please immediately notify us by calling
our Help Desk at (603) 433-1143, or e-mail to it at primebuchholz.com.
We appreciate your cooperation.
More information about the bind-users
mailing list