named unable to set effective uid to 0 Operation not permitted
EscuelitaViva
escuelitaviva at protonmail.com
Sat Oct 19 17:51:18 UTC 2019
Bind 9.7.1 - 9.14.5 - 9.14.7 and 9.15.3 is dropping this into sys.log, but still runs fine:
named[459]: unable to set effective uid to 0: Operation not permitted
named[459]: generating session key for dynamic DNS
named[459]: unable to set effective uid to 0: Operation not permitted
named[459]: sizing zone task pool based on 2 zones
Some ancient info in the mail list archives, shows some people running into this message also at 9.7.1:
https://lists.isc.org/mailman/htdig/bind-users/2010-September/081230.html
https://lists.isc.org/mailman/htdig/bind-users/2010-September/081233.html
https://lists.isc.org/mailman/htdig/bind-users/2014-July/093460.html
At v9.14.1 http://bind-users-forum.2342410.n4.nabble.com/BIND-9-14-0-unable-to-set-effective-uid-to-0-Operation-not-permitted-td6844.htmldescribing named wanting to revert the files back to UID 0, root for some reason even though it is in chroot at this time.
The ISC git page also discusses the issue: [https://gitlab.isc.org/isc-projects/bind9/issues/104](https://gitlab.isc.org/isc-projects/bind9/issues/1042)
Seems to happen when making these files on startup while in chroot and wanting to change them back to UID 0
/srv/named/var/run/named/session.key
/srv/named/var/run/named.pid
Some people tried to satisfy the condition by adding root to group root and changing the file ownership to root.
If you disable caps --disable-linux-caps at compile time ( but at the cost of security, and no one knows what that cost is?!?)
the messages go away.
Running on an LFS 9.0 build with libcap 2.27 no PAM, Virtualbox
http://linuxfromscratch.org/blfs/view/svn/server/bind.html
Anyone with some info, please let me know.
Time to relabel the messages to be more clear about it being a WARNING or an ERROR?
Or someone clearly indicating that these messages can be ignored would be helpful.
Thanks so much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191019/76aeeda2/attachment.htm>
More information about the bind-users
mailing list