Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161378 - permission problem in /var/named/chroot/named
Summary: permission problem in /var/named/chroot/named
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-22 18:57 UTC by Elton Ramos Carvalho
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-05 17:46:58 UTC


Attachments (Terms of Use)

Description Elton Ramos Carvalho 2005-06-22 18:57:28 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050514

Description of problem:
A simple permission problem in /var/named/chroot/named.
Where the permission is

drwxr-x---  4 root named 4096 Jun 22 15:36 named

must be

drwxr-x---  4 named named 4096 Jun 22 15:36 named

The wrong permission give me this problem with the dhcp and ddns

Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' A
Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' TXT
Jun 22 15:38:51 ldap named[10587]: journal file expresso.intra.zone.jnl does not exist, creating it
-------------------------
Jun 22 15:38:51 ldap named[10587]: expresso.intra.zone.jnl: create: permission denied
-------------------------



Version-Release number of selected component (if applicable):
bind-9.3.1-4 bind-chroot-9.3.1-4

How reproducible:
Always

Steps to Reproduce:
1.Configure DHCP with ddns (hand)
2.Configure bind (hand)
3.Try add a Windows workstation to the network with dhcp client enabled
  

Actual Results:  Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' A
Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' TXT
Jun 22 15:38:51 ldap named[10587]: journal file expresso.intra.zone.jnl does not exist, creating it
-------------------------
Jun 22 15:38:51 ldap named[10587]: expresso.intra.zone.jnl: create: permission denied
-------------------------


bind can`t add the notas.expresso.intra host to the expresso.intra zone file

Expected Results:  a simple chmod resolved the problem

Additional info:

Comment 1 Jason Vas Dias 2005-07-05 17:46:58 UTC
The root:named ownership of the $ROOTDIR/var/named directory is as
mandated by our security response team, and is not a  bug.

You can put the DDNS updateable zone files under the 
$ROOTDIR/var/named/slaves directory, eg. with 
  zone "expresso.intra" in {... file "slaves/expresso.intra.zone"; ...}
or you can make the ownership change to named:named by editing 
/etc/sysconfig/named to say:
" ENABLE_ZONE_WRITE=yes 
".

Note that the master zone file ("expresso.intra.zone") must
also be owned by named:named for named to update it successfully.

This is documented in the named(8) man-page - also see the 
named_selinux(8) man-page.


Note You need to log in before you can comment on or make changes to this bug.