Hi
I have noticed privileges issue, which relay to dnssec , especially new feature auto-dnssec.
If someone gets below message in syslog:
then may proceed with my solution. Below is a small patch which resolve mentioned issue with unprivileged write message, so in directory /etc/mtree you have bad entry, as far as I know /etc/rc.d/named depend on file in /etc/mtree/BIND.chroot.dist, so some modifications are necessary:
To prevent introducing that issue after world building you should consider to change file in source world accordingly:
/usr/src/etc/mtree/BIND.chroot.dist
.
I have noticed privileges issue, which relay to dnssec , especially new feature auto-dnssec.
If someone gets below message in syslog:
Code:
Aug 31 08:02:45 franio named[14685]: /etc/namedb/master/lab.org-forward.jnl: create: permission denied
Aug 31 08:02:45 franio named[14685]: zone lab.org/IN: zone_rekey:dns_journal_open -> unexpected errorthen may proceed with my solution. Below is a small patch which resolve mentioned issue with unprivileged write message, so in directory /etc/mtree you have bad entry, as far as I know /etc/rc.d/named depend on file in /etc/mtree/BIND.chroot.dist, so some modifications are necessary:
Code:
*** PATCH ***
diff -Nrua BIND.chroot.dist-orig BIND.chroot.dist
--- BIND.chroot.dist-orig 2011-08-31 08:04:20.000000000 +0200
+++ BIND.chroot.dist 2011-08-31 08:03:41.000000000 +0200
@@ -3,7 +3,7 @@
# Please see the file src/etc/mtree/README before making changes to this file.
#
-/set type=dir uname=root gname=wheel mode=0755
+/set type=dir uname=bind gname=wheel mode=0755
.
dev mode=0555
..
*** PATCH ***To prevent introducing that issue after world building you should consider to change file in source world accordingly:
/usr/src/etc/mtree/BIND.chroot.dist
.