statistics file initially created with incorrect permissions

Mark Andrews marka at isc.org
Tue Jan 22 00:53:16 UTC 2019 


> On 22 Jan 2019, at 2:53 am, Dan Langille <dan at langille.org> wrote:
> 
> I'm running bind911-9.11.5P1_2 on FreeBSD 11.2-RELEASE-p8
> 
> bind is running fine, except for the statistics file, which gets created with root:bind vs bind:bind and I do not know why.
> 
> named runs as the user bind:
> 
> $ ps auwwx | grep named
> bind    79879  0.0  0.1 69028 47120  -  IsJ  21:18   2:35.88 /usr/local/sbin/named -u bind -c /usr/local/etc/namedb/named.conf
> 
> The configuration setting point to the right location:
> 
> $ grep stat /usr/local/etc/namedb/named.conf
> 	statistics-file	"/var/run/named/stats";
> 	zone-statistics yes;
> 
> The permissions of a running / working configuration:
> 
> $ ls -l /var/run/named
> total 20
> -rw-r--r--  1 bind  bind     6 Jan 21 15:16 pid
> -rw-------  1 bind  bind   102 Jan 21 15:16 session.key
> -rw-r--r--  1 bind  bind  9461 Jan 21 15:45 stats
> 
> $ ls -ld /var/run/named
> drwxr-xr-x  2 bind  bind  5 Jan 21 15:20 /var/run/named
> 
> When named first creates this file, it is created chown root:bind and statistics fails:
> 
> 20-Jan-2019 16:30:22.356 received control channel command 'stats'
> 20-Jan-2019 16:30:22.356 could not open statistics dump file '/var/run/named/stats': permission denied
> 20-Jan-2019 16:30:22.356 dumpstats failed: permission denied
> 
> A quick 'chown bind /var/run/named/stats' fixes that and everything proceeds fine.
> 
> 1 - Why does named create this file as root:bind not bind:bind?

Named opens the file with the permissions of the user it is running as.  I would be looking
for a external program that is creating the file as part of log rotation.

> Looking at the logs, this file is updated every five minutes.  The documentation says:
> 
> "The pathname of the file the server appends statistics to when instructed to do so using rndc stats."
> 
> named seems to be doing this automatically, as opposed to an external cronjob created by myself.

Please LOOK at the log messages that you cut and pasted.  They indicate that named received a
'rndc stats' command.

> 2 - Is the documentation misleading in this regard?

No.

> Thank you.
> 
> --
> Dan Langille - BSDCan / PGCon
> dan at langille.org
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list