[Unbound-users] unbound 1.4.16 release

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Feb 2 13:47:41 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Juergen,

On 02/02/2012 01:49 PM, Juergen Daubert wrote:
>> Here is unbound 1.4.16, fixes bug in bugfix in 1.4.15:
> 
> thanks for the new release, however I think we have one regression 
> wrt ownership of the autotrust file, default
> /etc/unbound/root.key.
> 
> This file must be owned by the user unbound is running as, e.g.
> the user unbound. Starting with version 1.4.15 unbound-anchor
> resets the ownership to the user running unbound-anchor, which is
> normaly root.

That is very inconvenient.  This is because it writes to a temp first,
then moves it over the first.

> Because of that the running unbound cannot longer update the key
> file, which leasds to a error message:
> 
> Feb  2 12:33:43 tor unbound: [19568:0] error: could not open
> autotrust file for writing, root.key.19568-0: Permission denied

No, it is not allowed to create a new file in the directory.  It wants
to create a tempfile to write to, when that has worked, it'll mv the
new over the old.  So that failures during the write leave you with a
bootable system.

That part is working: this error may be inconvenient, but the system
still boots.

I guess you have to chown unbound /my/keydir
or chgrp unbound /my/keydir

This sort of solution becomes system specific.  What would work for you?

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPKpP9AAoJEJ9vHC1+BF+Ngb4P+QEYh+7+rxr+3Kt1eB2rZp44
LA6G9CdFSG/68ZhMqMhz8UNgBthCp6IxlD2oPmwDamY9Wm9U+nvdeH4To41RGF+i
eP1dByDAAzzQf4VgkrKIsCmYSw1mpRxDk4g9NtGp5dSl0l0C7A0ZC26LqdwhXSIZ
Kk0WT6zlio1YuLTdZkG+v3Lx/xEBrefDKCHFdagrlYf8hk9Ilx+eHGCxxoc3SmRP
va6/G5on8I7H/rbqsxM2qgcSsuEopA9I2Hxw4gUrXy9irzdfbw8V6Dt2yXryY85j
7CKw7521a12E8wVamRvgZ6JOuIFd4UlUu70eE7v3nqNHYo0tUimqbcnTSmtXlO3L
IhDZ+5QYca1d/6JfDytlQwX1Qhdil2Xugu/7wzRvH3KPmBVYvIMcJmc/3YWzhBaa
5DHEQaanHIZcRkRIoAD3ki2jTPKa5Z0RgYeu/pO5uoSlLkGCuoh9bkkA/+HDAYXr
k8LB8GhgA4OLAVd6t+ihTCJM/Coej6syFVaYOJATpinIvNAMVTfFNadN051heMpC
CbZDbdt+I883xi6z9OPO0eAzuoI+1TIeI1smb2rdChDGiFCy6pBI2xTj8ksmO4nh
DvRrt47PleqrP3+oNo1XWp3J9fMov8RazWTgsAKp20N5dUj65oPfWdz8ZWXkEM05
U6ZOPyPB6yuDNiwclecR
=I1rp
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list