initial failures

Anand Buddhdev anandb at ripe.net
Fri May 27 07:48:10 UTC 2016


On 26/05/16 17:30, jpff via Unbound-users wrote:

Hi John,

> I installed unbound yesterday and I thought I followed the instructions
> but I have two problems
> 
> 1: if I have
>       auto-trust-anchor-file: "/etc/unbound/root.key"
> in the conf file I see
> [1464193283] unbound[14683:0] error: could not open autotrust file for writing, 
> /root.key.14683-0: Permission denied
> [1464195262] unbound[14958:0] notice: init module 0: validator
> [1464195262] unbound[14958:0] notice: init module 1: iterator
> [1464195263] unbound[14958:0] info: start of service (unbound 1.4.17).
> [1464195266] unbound[14958:0] error: could not open autotrust file for writing, 
> /root.key.14958-0: Permission denied
> [1464236233] unbound[14958:0] error: could not open autotrust file for writing, 
> /root.key.14958-0: Permission denied
> 
> in the log file.  I have tried both 644 with owner root and unbound to
> the same effect.  What permissions do I need?

Setting permissions on the file isn't enough. Unbound updates this file
by writing out a temporary one with new content and then renaming it.
Since Unbound switches to the "unbound" user after starting up, the
"unbound" user needs write access to the _directory_ where this file is,
ie. /etc/unbound.

IMHO, the man page for unbound.conf is misleading. It says that "the
unbound user must have write permission", and this makes a user think
that only the file needs to be writable, when in fact, the directory
also needs to be writable by the unbound user.

Regards,
Anand



More information about the Unbound-users mailing list