Paul Wouters
2009-Jul-30 19:51 UTC
[nsd-users] bug with permissions of nsd.db / ixfr.db / ixfr.state ?
Hi, I'm running into an issue where the files nsd.db / ixfr.db / ixfr.state are ending up being owned as root instead of nsd, which causes problems later on when it is trying to update these files. I see this for instance when running a nsdc rebuild (as root) This happens without a "username" option, but also if I specify a "username: nsd" option in the nsd config file. Is there a reason why this is happening, or is this a bug? I guess I can work around this by using the nsd uid to run update and patch, but these run as root when using the initscripts, eg when using "service nsd rebuild" and "service nsd patch", though I think that would require the nsd account to have a valid login shell to use su, and using sudo inherits some weird settings resulting (on RHEL) to get a "mv: overwrite `/var/lib/nsdhm/nsd.db', overriding mode 0644?" message Paul
Matthijs Mekking
2009-Aug-10 13:33 UTC
[nsd-users] bug with permissions of nsd.db / ixfr.db / ixfr.state ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Paul, Paul Wouters wrote:> > Hi, > > I'm running into an issue where the files nsd.db / ixfr.db / ixfr.state > are ending up being owned as root instead of nsd, which causes problems > later on when it is trying to update these files. I see this for instance > when running a nsdc rebuild (as root)If you run as root, and do not provide a username, root will of course get the ownership of these files.> This happens without a "username" option, but also if I specify a > "username: nsd" option in the nsd config file.This may occur with nsdc rebuild, as the shell script does not take into account the configfile. I think I need to add a chown for nsd.db. However, this shouldn't occur for the ixfr.db and xfrd.state file. NSD should have dropped permissions before writing these files and thus create files as user 'nsd'.> Is there a reason why this is happening, or is this a bug?As explained above. Best regards, Matthijs> I guess I can work around this by using the nsd uid to run update and > patch, but these run as root when using the initscripts, eg when using > "service nsd rebuild" and "service nsd patch", though I think that would > require the nsd account to have a valid login shell to use su, and > using sudo inherits some weird settings resulting (on RHEL) to get a > "mv: overwrite `/var/lib/nsdhm/nsd.db', overriding mode 0644?" message > > Paul > _______________________________________________ > nsd-users mailing list > nsd-users at NLnetLabs.nl > http://open.nlnetlabs.nl/mailman/listinfo/nsd-users-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJKgCD1AAoJEA8yVCPsQCW56qwIAMR+MOKbu0RaR+kbRqysyTbw YxMt56raRMKkrqIpIz+ZlIIicFgQ1EXV09Aij45Pg4bysOJFBwVkfF+1GSae4Vki halBA93FmKKEwJcnEuPI3rnU4BhrQxQr/oFSqyThG06WcVNdsZoGx+5XYQX3t5im bkh2OWD0YGgwitTrOgbN0e52rm8lX6E4IYyYEQFg/kuz1pOgKzIWZmx+wznbuyLz H2Df73gJjqqUBZzfSgOiqxqBQzVKqCqdWhgTkHmiqo6s1bG3YEfswjuDtyDLAfh1 5vAzlPcF1atBNl9d/heOHIn1mLZj/r2X1Zz0ryC28xZkC6z7VDxh0WmsNB0QP48=f9T9 -----END PGP SIGNATURE-----