[nsd-users] bug with permissions of nsd.db / ixfr.db / ixfr.state ?

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Aug 10 15:33:55 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

Paul Wouters wrote:
> 
> Hi,
> 
> I'm running into an issue where the files nsd.db / ixfr.db / ixfr.state
> are ending up being owned as root instead of nsd, which causes problems
> later on when it is trying to update these files. I see this for instance
> when running a nsdc rebuild (as root)

If you run as root, and do not provide a username, root will of course
get the ownership of these files.

> This happens without a "username" option, but also if I specify a
> "username: nsd" option in the nsd config file.

This may occur with nsdc rebuild, as the shell script does not take into
account the configfile. I think I need to add a chown for nsd.db.

However, this shouldn't occur for the ixfr.db and xfrd.state file. NSD
should have dropped permissions before writing these files and thus
create files as user 'nsd'.

> Is there a reason why this is happening, or is this a bug?

As explained above.

Best regards,

Matthijs

> I guess I can work around this by using the nsd uid to run update and
> patch, but these run as root when using the initscripts, eg when using
> "service nsd rebuild" and "service nsd patch", though I think that would
> require the nsd account to have a valid login shell to use su, and
> using sudo inherits some weird settings resulting (on RHEL) to get a
> "mv: overwrite `/var/lib/nsdhm/nsd.db', overriding mode 0644?" message
> 
> Paul
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJKgCD1AAoJEA8yVCPsQCW56qwIAMR+MOKbu0RaR+kbRqysyTbw
YxMt56raRMKkrqIpIz+ZlIIicFgQ1EXV09Aij45Pg4bysOJFBwVkfF+1GSae4Vki
halBA93FmKKEwJcnEuPI3rnU4BhrQxQr/oFSqyThG06WcVNdsZoGx+5XYQX3t5im
bkh2OWD0YGgwitTrOgbN0e52rm8lX6E4IYyYEQFg/kuz1pOgKzIWZmx+wznbuyLz
H2Df73gJjqqUBZzfSgOiqxqBQzVKqCqdWhgTkHmiqo6s1bG3YEfswjuDtyDLAfh1
5vAzlPcF1atBNl9d/heOHIn1mLZj/r2X1Zz0ryC28xZkC6z7VDxh0WmsNB0QP48=
=f9T9
-----END PGP SIGNATURE-----


More information about the nsd-users mailing list