a few notes about permissions

Farkas Levente lfarkas at bppiac.hu
Mon Dec 11 11:59:49 UTC 2006


i forget to mention that the spec file attached to my previous mail can
be used to create rpm for nsd (based on the fedora extras spec file and
updated to 3.0.3 and a few permission is modofied).

Farkas Levente wrote:
> hi,
> as i wrote earlier there is a few confusion around file permissions and
> euid with nsd. i try to find anything about it but can't find the vaild
> doc. nsd run as user nsd (by defult), so create files as nsd. a few
> notes which would be useful to include in the readme:
> - /etc/nsd should have to owned by nsd (otherwise can't update zones:
>    could not open file /etc/nsd/ixfr.db for append: Permission denied)
> - files in the /etc/nsd would be useful to owned by nsd.
> on the other hand
> - nsdc, nsd-patch and nsd-xfer should have to run as the configured user
> (nsd by default) so the generated db, zone and transfer files owned by
> nsd. in this case file permission would be consistent. now eg. ixfr.db
> owned by nsd while nsd.db owned by root. master zone files owned by nsd
> slaves owned by root (nsd-patch generated, yes i know cron can be run as
> a given user, but). if you assume you can write a perfect code nsd can
> run as root, if try to be safe run all tools as nsd.
> 
> i've got such an error message too:
> -----------------------
> Dec 11 04:02:46 ns1 nsd[14372]: could not read /etc/nsd/nsd.db CRC. db
> changed?
> -----------------------
> i don't know it's permission related or not, but strange.
> 
> just my 2c.

-- 
  Levente                               "Si vis pacem para bellum!"



More information about the nsd-users mailing list