a few notes about permissions

Farkas Levente lfarkas at bppiac.hu
Mon Dec 11 11:02:30 UTC 2006


hi,
as i wrote earlier there is a few confusion around file permissions and
euid with nsd. i try to find anything about it but can't find the vaild
doc. nsd run as user nsd (by defult), so create files as nsd. a few
notes which would be useful to include in the readme:
- /etc/nsd should have to owned by nsd (otherwise can't update zones:
   could not open file /etc/nsd/ixfr.db for append: Permission denied)
- files in the /etc/nsd would be useful to owned by nsd.
on the other hand
- nsdc, nsd-patch and nsd-xfer should have to run as the configured user
(nsd by default) so the generated db, zone and transfer files owned by
nsd. in this case file permission would be consistent. now eg. ixfr.db
owned by nsd while nsd.db owned by root. master zone files owned by nsd
slaves owned by root (nsd-patch generated, yes i know cron can be run as
a given user, but). if you assume you can write a perfect code nsd can
run as root, if try to be safe run all tools as nsd.

i've got such an error message too:
-----------------------
Dec 11 04:02:46 ns1 nsd[14372]: could not read /etc/nsd/nsd.db CRC. db
changed?
-----------------------
i don't know it's permission related or not, but strange.

just my 2c.

-- 
  Levente                               "Si vis pacem para bellum!"
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nsd.spec
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20061211/f54d63a5/attachment.ksh>


More information about the nsd-users mailing list