In message <200901260955.n0q9tnvm010...@mail43.nsc.no>, Jan Arild =?iso-8859-1? Q?Lindstr=F8m?= writes: > At 09:33 26/01/2009, Mark Andrews wrote: > > >In message <200901260742.n0q7gjqn029...@mail46.nsc.no>, Jan Arild= > =3D?iso-8859-1? > >Q?Lindstr=3DF8m?=3D writes: > >>=20 > >> Hi, > >>=20 > >> I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a = > =3D > >>=20 > >> strange "bug" in BIND 9.6.0-P1. > >>=20 > >> Exact same config for 9.4.3 and 9.6.0-P1, only added "new" to files that= > =3D > >>=20 > >> are written to (namednew.log, confignew.log and namednew.pid). > >>=20 > >> OS: Solaris 10. > >>=20 > >> Using: > >> pid-file "/var/run/named/namednew.pid"; > >>=20 > >> .. result in the following: > >>=20 > >> namednew.log: > >> 26-Jan-2009 08:14:22.723 general: couldn't mkdir= > /var/run/named/namednew.pi=3D > >> d': Permission denied > >> 26-Jan-2009 08:14:22.728 general: exiting (due to early fatal error) > > > > The log message should say couldn't mkdir /var/run/named. > > The wrong path is being logged. > > > > You either need to create /var/run/named with appropriate > > permissions so that named can write to it or change /var/run's > > It does exists as you can see from the "ls" output I included. And "named"= > is > owner of it and hence have full permissions on it (/var/run/named/). > > Problem is that Solaris returnes EACCESS and not EEXISTS. So just running= > mkdir=20 > to check if a directory exists does not work on Solaris. One gets an EACCES= > and the=20 > code fails.
What are all of the permissions involved as it should work as demonstrated by the test below. thing1:marka 21:31 {109} % mkdir /foo mkdir: Failed to make directory "/foo"; Permission denied thing1:marka 21:31 {110} % mkdir /tmp mkdir: Failed to make directory "/tmp"; File exists thing1:marka 21:31 {111} % uname -a SunOS thing1 5.10 Generic_120011-14 sun4u sparc SUNW,Ultra-80 thing1:marka 21:33 {112} % e.g. ls -ld / /var /var/run /var/run/named Mark > > permissions so that named can create /var/run/named. > > > > Named will continue if mkdir(/var/run/named) returns EEXISTS. > > Wich it will not on Solaris if you do not have the perm to create it, even= > though it=20 > exists and you have full perm on it. > > ? > > >=20 > > Mark > > > > /* > > * Make the containing directory if it doesn't exist. > > */ > > slash =3D strrchr(pidfile, '/'); > > if (slash !=3D NULL && slash !=3D pidfile) { > > *slash =3D '\0'; > > mode =3D S_IRUSR | S_IWUSR | S_IXUSR; /* u=3Drwx */ > > mode |=3D S_IRGRP | S_IXGRP; /* g=3Drx */ > > mode |=3D S_IROTH | S_IXOTH; /* o=3Drx */ > > n =3D mkdir(pidfile, mode); > > if (n =3D=3D -1 && errno !=3D EEXIST) { > > isc__strerror(errno, strbuf, sizeof(strbuf)); > > (*report)("couldn't mkdir %s': %s", filename, > > strbuf); > > free(pidfile); > > pidfile =3D NULL; > > return; > > } > > *slash =3D '/'; > > } > > > >> BIND 9.6.0-P1 truss.out: > >> --CUT-- > >> 25123/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D3D 0 > >> 25123/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D3D 9 > >> 25123/65: fcntl(9, F_GETFL) =3D3D= > 8320 > >> 25123/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D3D 0 > >> 25123/65: setgid(21) =3D3D 0 > >> 25123/65: setuid(21) =3D3D 0 > >> 25123/65: access(".", W_OK) =3D3D 0 > >> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= > 06=3D > >> 66) =3D3D 10 > >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 332 > >> 25123/65: close(10) =3D3D 0 > >> 25123/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,= > 0=3D > >> 666) =3D3D 10 > >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 0 > >> 25123/65: close(10) =3D3D 0 > >> 25123/65: mkdir("/var/run/named", 0755) Err#13= > EACC=3D > >> ES [ALL] > >> 25123/65: stat("/var/log/namednew.log", 0xFFFFFFFF79D0F3C0) =3D3D 0 > >> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= > 06=3D > >> 66) =3D3D 10 > >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 332 > >> 25123/65: fstat(10, 0xFFFFFFFF79D0E540) =3D3D 0 > >> 25123/65: fstat(10, 0xFFFFFFFF79D0E410) =3D3D 0 > >> 25123/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E47C) Err#25= > ENOT=3D > >> TY > >> 25123/65: write(10, 0x10502E754, 97) =3D3D 97 > >> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 3 g e= > n =3D > >> e r a l > >> 25123/65: : c o u l d n ' t m k d i r / v a r / r u n / n= > a =3D > >> m e d / > >> 25123/65: n a m e d n e w . p i d ' : P e r m i s s i o n d= > e =3D > >> n i e d > >> 25123/65: \n > >> 25123/65: write(10, 0x10502E754, 69) =3D3D 69 > >> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 8 g e= > n =3D > >> e r a l > >> 25123/65: : e x i t i n g ( d u e t o e a r l y f a t= > a =3D > >> l e r > >> 25123/65: r o r )\n > >> 25123/65: _exit(1) > >>=20 > >> It fails because it tries to just create the /var/run/named directory= > inste=3D > >> ad > >> of cheking if the directory exist and if it can write to it. =3D > >>=20 > >>=20 > >> ns12(root) named 515# ls -la /var/run/named > >> total 40 > >> drwxr-s--- 4 named named 307 Jan 26 06:51 ./ > >> drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ../ > >> -rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid > >>=20 > >> So /var/run/named exists and is fully writable by user named. > >>=20 > >> User "named" should of course not be able to crate diretories below > >> "/var/run". Especially since many other things on Solaris 10 uses that > >> directory also. > >>=20 > >>=20 > >> If I use: > >> pid-file "/var/run/named/named/namednew.pid"; > >>=20 > >> ... everything works fine, since it now can run mkdir without getting= > "EACC=3D > >> ES". =3D > >>=20 > >> Instead it gets "EEXIST" and is OK with that. > >>=20 > >> BIND 9.6.0-P1 truss.out: > >> --CUT-- > >> 25404/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D3D 0 > >> 25404/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D3D 9 > >> 25404/65: fcntl(9, F_GETFL) =3D3D= > 8320 > >> 25404/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D3D 0 > >> 25404/65: setgid(21) =3D3D 0 > >> 25404/65: setuid(21) =3D3D 0 > >> 25404/65: access(".", W_OK) =3D3D 0 > >> 25404/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= > 06=3D > >> 66) =3D3D 10 > >> 25404/65: lseek(10, 0, SEEK_END) =3D3D 498 > >> 25404/65: close(10) =3D3D 0 > >> 25404/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,= > 0=3D > >> 666) =3D3D 10 > >> 25404/65: lseek(10, 0, SEEK_END) =3D3D 0 > >> 25404/65: close(10) =3D3D 0 > >> 25404/65: mkdir("/var/run/named/named", 0755) Err#17= > EEXI=3D > >> ST > >> 25404/65: stat("/var/run/named/named/namednew.pid",= > 0xFFFFFFFF79D0F98=3D > >> 0) Err#2 ENOENT > >> 25404/65: unlink("/var/run/named/named/namednew.pid") Err#2= > ENOENT > >> 25404/65: open("/var/run/named/named/namednew.pid",= > O_WRONLY|O_CREAT|=3D > >> O_EXCL, 0644) =3D3D 10 > >> 25404/65: fcntl(10, F_GETFD, 0x000001A4) =3D3D 0 > >> 25404/65: getpid() =3D3D= > 25404 [=3D > >> 25403] > >> 25404/65: fstat(10, 0xFFFFFFFF79D0E9D0) =3D3D 0 > >> 25404/65: fstat(10, 0xFFFFFFFF79D0E8A0) =3D3D 0 > >> 25404/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E90C) Err#25= > ENOT=3D > >> TY > >> 25404/65: write(10, " 2 5 4 0 4\n", 6) =3D3D 6 > >> 25404/65: close(10) =3D3D 0 > >> --CUT-- > >>=20 > >>=20 > >> Trussing 9.4.3 I see that it does it differently: > >>=20 > >> --CUT-- > >> 25730/10: access(".", W_OK) =3D3D 0 > >> 25730/10: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= > 06=3D > >> 66) =3D3D 10 > >> 25730/10: lseek(10, 0, SEEK_END) =3D3D= > 2625 > >> 25730/10: close(10) =3D3D 0 > >> 25730/10: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,= > 0=3D > >> 666) =3D3D 10 > >> 25730/10: lseek(10, 0, SEEK_END) =3D3D 0 > >> 25730/10: close(10) =3D3D 0 > >> 25730/10: stat("/var/run/named/namednew.pid", 0xFFFFFFFF7D90F660)= > Err=3D > >> #2 ENOENT > >> 25730/10: unlink("/var/run/named/namednew.pid") Err#2= > ENOENT > >> 25730/10: open("/var/run/named/namednew.pid",= > O_WRONLY|O_CREAT|O_EXCL=3D > >> , 0644) =3D3D 10 > >> 25730/10: fcntl(10, F_GETFD, 0x000001A4) =3D3D 0 > >> 25730/10: getpid() =3D3D= > 25730 [=3D > >> 25729] > >> 25730/10: fstat(10, 0xFFFFFFFF7D90E6B0) =3D3D 0 > >> 25730/10: fstat(10, 0xFFFFFFFF7D90E580) =3D3D 0 > >> 25730/10: ioctl(10, TCGETA, 0xFFFFFFFF7D90E5EC) Err#25= > ENOT=3D > >> TY > >> 25730/10: write(10, " 2 5 7 3 0\n", 6) =3D3D 6 > >> --CUT-- > >>=20 > >>=20 > >> It seems that someone has "shorted" the code to create and/or check the= > pid=3D > >> -file. > >>=20 > >> Maybe that "shortcut" will work on Linux, but it for sure does not work= > on =3D > >> Solaris 10. > >>=20 > >> Having to use .../named/named/... in the pid-file option is of course= > possi=3D > >> ble, but I =3D > >>=20 > >> guess that it is not the way it is supposed to be...(?)... > >>=20 > >> Help? Ideas? > >>=20 > >> Regards > >> Jan Arild Lindstr=3DF8m > >>=20 > >> _______________________________________________ > >> bind-users mailing list > >> bind-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/bind-users > >--=20 > >Mark Andrews, ISC > >1 Seymour St., Dundas Valley, NSW 2117, Australia > >PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org > > Regards > Jan Arild Lindstr=F8m > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users