BIND 9.14.0: unable to set effective uid to 0: Operation not permitted
gasoo at bluewin.ch
Tue Apr 2 21:31:51 UTC 2019
Hello Anand / Tony
On 02/04/2019 20.25, Anand Buddhdev wrote:
> On 02/04/2019 17:12, Tony Finch wrote:
> Hi Tony,
>> I have not noticed these errors on my toy server. I had a look at the code
>> and I thought Stephan's explanation was correct. My guess is that he is
>> starting named without root privileges, so it is unable to switch back and
>> forth between users when it is starting up. It switches users so files
>> are created with the correct privileges, and as Stephan said, that is when
>> the warnings are emitted. It might be a combination of starting as an
>> unprivileged user and also providing the -u command line option.
> On my CentOS 7 test server, I start BIND 9.14.0 as root, like this:
> named -f -u named
> named -g -u named
> It still emits those warnings.
I also tried to start it manually as root on both, RHEL6 and 7:
named -u named -c /etc/named/named.conf -4 -t /var/named/chroot -g
The error message is also displayed twice on both systems.
I removed Linux capabilities with "--disable-linux-caps" and
unsurprisingly, the error messages are not displayed anymore.
However, there are some drawbacks regarding security (According to the
release notes) and I don't see any other reason to disable it.
Thank you for pointing out the caps setting in the SPEC file, I haven't
thought about that.
However, I couldn't find anything about which Linux capabilities
must/should be set in the SPEC file.
More information about the bind-users