named unable to set effective uid to 0 Operation not permitted

EscuelitaViva escuelitaviva at protonmail.com
Sat Oct 19 17:51:18 UTC 2019


Bind 9.7.1 - 9.14.5 - 9.14.7 and 9.15.3 is dropping this into sys.log, but still runs fine:

named[459]: unable to set effective uid to 0: Operation not permitted
named[459]: generating session key for dynamic DNS
named[459]: unable to set effective uid to 0: Operation not permitted
named[459]: sizing zone task pool based on 2 zones

Some ancient info in the mail list archives, shows some people running into this message also at 9.7.1:
https://lists.isc.org/mailman/htdig/bind-users/2010-September/081230.html
https://lists.isc.org/mailman/htdig/bind-users/2010-September/081233.html
https://lists.isc.org/mailman/htdig/bind-users/2014-July/093460.html

At v9.14.1 http://bind-users-forum.2342410.n4.nabble.com/BIND-9-14-0-unable-to-set-effective-uid-to-0-Operation-not-permitted-td6844.htmldescribing named wanting to revert the files back to UID 0, root for some reason even though it is in chroot at this time.

The ISC git page also discusses the issue: [https://gitlab.isc.org/isc-projects/bind9/issues/104](https://gitlab.isc.org/isc-projects/bind9/issues/1042)

Seems to happen when making these files on startup while in chroot and wanting to change them back to UID 0
/srv/named/var/run/named/session.key
/srv/named/var/run/named.pid

Some people tried to satisfy the condition by adding root to group root and changing the file ownership to root.

If you disable caps --disable-linux-caps at compile time ( but at the cost of security, and no one knows what that cost is?!?)
the messages go away.

Running on an LFS 9.0 build with libcap 2.27  no PAM, Virtualbox
http://linuxfromscratch.org/blfs/view/svn/server/bind.html

Anyone with some info, please let me know.
Time to relabel the messages to be more clear about it being a WARNING or an ERROR?
Or someone clearly indicating that these messages can be ignored would be helpful.

Thanks so much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191019/76aeeda2/attachment.htm>


More information about the bind-users mailing list