BIND 9.14.0: unable to set effective uid to 0: Operation not permitted

Gasoo gasoo at
Tue Apr 2 21:31:51 UTC 2019

Hello Anand / Tony

On 02/04/2019 20.25, Anand Buddhdev wrote:
> On 02/04/2019 17:12, Tony Finch wrote:
> Hi Tony,
>> I have not noticed these errors on my toy server. I had a look at the code
>> and I thought Stephan's explanation was correct. My guess is that he is
>> starting named without root privileges, so it is unable to switch back and
>> forth between users when it is starting up. It switches users so files
>> are created with the correct privileges, and as Stephan said, that is when
>> the warnings are emitted. It might be a combination of starting as an
>> unprivileged user and also providing the -u command line option.
> On my CentOS 7 test server, I start BIND 9.14.0 as root, like this:
> named -f -u named
> or
> named -g -u named
> It still emits those warnings.

I also tried to start it manually as root on both, RHEL6 and 7:

named -u named -c /etc/named/named.conf -4 -t /var/named/chroot -g

The error message is also displayed twice on both systems.

I removed Linux capabilities with "--disable-linux-caps" and 
unsurprisingly, the error messages are not displayed anymore.
However, there are some drawbacks regarding security (According to the 
release notes) and I don't see any other reason to disable it.

Thank you for pointing out the caps setting in the SPEC file, I haven't 
thought about that.
However, I couldn't find anything about which Linux capabilities 
must/should be set in the SPEC file.

Kind Regards

More information about the bind-users mailing list