[nsd-users] bug with permissions of nsd.db / ixfr.db / ixfr.state ?

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Aug 10 13:33:55 UTC 2009

Hash: SHA1

Hi Paul,

Paul Wouters wrote:
> Hi,
> I'm running into an issue where the files nsd.db / ixfr.db / ixfr.state
> are ending up being owned as root instead of nsd, which causes problems
> later on when it is trying to update these files. I see this for instance
> when running a nsdc rebuild (as root)

If you run as root, and do not provide a username, root will of course
get the ownership of these files.

> This happens without a "username" option, but also if I specify a
> "username: nsd" option in the nsd config file.

This may occur with nsdc rebuild, as the shell script does not take into
account the configfile. I think I need to add a chown for nsd.db.

However, this shouldn't occur for the ixfr.db and xfrd.state file. NSD
should have dropped permissions before writing these files and thus
create files as user 'nsd'.

> Is there a reason why this is happening, or is this a bug?

As explained above.

Best regards,


> I guess I can work around this by using the nsd uid to run update and
> patch, but these run as root when using the initscripts, eg when using
> "service nsd rebuild" and "service nsd patch", though I think that would
> require the nsd account to have a valid login shell to use su, and
> using sudo inherits some weird settings resulting (on RHEL) to get a
> "mv: overwrite `/var/lib/nsdhm/nsd.db', overriding mode 0644?" message
> Paul
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the nsd-users mailing list