bind10 running as user bind fails to start resolver service
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Fri Dec 2 23:14:13 UTC 2011
At Fri, 2 Dec 2011 23:03:17 +0000,
"Spain, Dr. Jeffry A." <spainj at countryday.net> wrote:
> I successfully started bind 10 as user bind:
> /usr/sbin/bind10 --user=bind --pid-file=/var/run/named/named.pid &
>
> Using bindctl, I attempted to stop the authoritative server and start the recursive resolver. This resulted in the set of messages below. The problem seems to be that 'b10-resolver -u 107' failed because 'setgid() failed: Operation not permitted'. Note that I had created user bind (107) and made it a member of group bind (115). Thanks for any recommendations you may have. Jeff.
Right now the auth and resolver need to start as root (in case they
need to bind sockets to a privilege port, which is normally the case)
and then internally change their user. For the obviously reason it
won't work if you do this from a running BIND10 system.
We're going to solve this inconvenience by introducing a separate
"socket creator" process, which will be the only process that needs
the root privilege. For now, please shutdown the entire system and
start it from the scratch with the new configuration (which, for
example, enables the resolver server).
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind10-users
mailing list