Bind > 9.12 Will Not Start On FreeBSD
Doug Barton
dougb at dougbarton.us
Sun Apr 28 06:03:48 UTC 2019
On 4/27/19 9:22 PM, Tim Daneliuk wrote:
> On 4/27/19 5:33 PM, @lbutlr wrote:
>> On 27 Apr 2019, at 16:21, Tim Daneliuk <tundra at tundraware.com> wrote:
>>> Why is 9.12+ now suddenly so grumpy about who owns the files? Is this a recent fix to reduce the attack surface on files owned by root?
>>
>> Pretty sure. I thought it was mentioned in the 9.12 release notes, but now I can't find it.
>>
>>
>
> Possibly relevant:
>
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223842
Yes, that's almost certainly it. Sad to see that the FreeBSD ports team
is still doing their usual stellar job of "It's not our problem."
You need to make the directory you define as the working directory
("directory" in named.conf) writable to the named process.
I vaguely recall that I might have had code to make sure that got set
correctly in the rc.conf file back when I was maintaining the BIND
ports, but I can't figure out what they've done to the repo, and I can't
find my old stuff in there.
You're probably better off making your working directory something
that's not named in the mtree file, so that your permissions don't get
"fixed" by it.
hope this helps,
Doug
More information about the bind-users
mailing list