[nsd-users] Permission error after upgrade to Debian Buster (10.2)

[Wouter Wijngaards]

Hi Simon,

On 11/25/19 1:26 AM, Simon Deziel wrote:
> On 2019-11-24 6:10 p.m., Kaulkwappe wrote:
>> Hi Simon,
>>
>>  > I would have expect a permission error instead of a "read-only" one. It
>>  > looks as if /var/log was not properly added to be ReadWritePaths set.
>>
>> That is what I have used:
>>  > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
> 
> Not sure what would explain the read-only error then. I'd double check
> if it's indeed effective with "systemctl show nsd | grep ReadWritePaths"
> 
>>  > This unlink failure is expected and AFAICT harmless.
>> It should be harmless, but it doesn't look nice. I would consider this as a bug.
> 
> Agreed. Interestingly, unbound accepts "-p" to skip managing its own
> PID. If nsd could get this, it would be handy when managing the daemon
> with systemd.

When trying to add the option for you, I saw the code should accept -P
"" on the commandline or pidfile: "" in nsd.conf omits creation of the
pidfile.

It should already work!  I could still create a convenience option or
perhaps a description for it?  Perhaps in nsd's usage printout something
to say that '-P "" stop creation of the pidfile' or something along
those lines.  If this also works, of course.

Best regards, Wouter

> 
>>  > I believe that xfrd.state should be owned by nsd:nsd as the daemon needs
>>  > to write to that file.
>> After changing the owner to nsd:nsd I believe this problem is fixed. Thanks!
> 
> Glad to hear that!
> 
> Regards,
> Simon
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20191202/478c3800/attachment.bin>