about unbound and systemd units
Paul Wouters
paul at nohats.ca
Wed Nov 21 06:00:08 UTC 2018
On Tue, 20 Nov 2018, Simon Deziel via Unbound-users wrote:
> On 2018-11-20 10:22 a.m., Paul Wouters via Unbound-users wrote:
>> [paul at thinkpad tmp]$ cat /usr/lib/systemd/system/unbound.service [Unit]
>> Description=Unbound recursive Domain Name Server
>> After=network.target
>> After=unbound-keygen.service
>> Wants=unbound-keygen.service
>> Wants=unbound-anchor.timer
>> Before=nss-lookup.target
>> Wants=nss-lookup.target
>>
>> [Service]
>> Type=simple
>> EnvironmentFile=-/etc/sysconfig/unbound
>> ExecStartPre=/usr/sbin/unbound-checkconf
>> ExecStartPre=-/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c
>> /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R
>
> Doesn't that result in a root.key owned by root?
Nope. I guess unbound-anchor drops privs or keeps the existing
owner/group intact.
paul at bofh7:~$ ls -l /var/lib/unbound/
total 8
-rw-r--r--. 1 unbound unbound 1251 Nov 21 00:00 root.key
-rw-r--r--. 1 unbound unbound 1251 Oct 2 2017 root.key.rpmsave
Paul
More information about the Unbound-users
mailing list