At 22:41 26/01/2009, Mark Andrews wrote: >In message <200901260955.n0q9tnvm010...@mail43.nsc.no>, Jan Arild =?iso-8859-1? >Q?Lindstr=F8m?= writes: >> At 09:33 26/01/2009, Mark Andrews wrote: >> >> >In message <200901260742.n0q7gjqn029...@mail46.nsc.no>, Jan Arild= >> =3D?iso-8859-1? >> >Q?Lindstr=3DF8m?=3D writes: >> >>=20 >> >> Hi, >> >>=20 >> >> I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a = >> =3D >> >>=20 >> >> strange "bug" in BIND 9.6.0-P1. >> >>=20 >> >> Exact same config for 9.4.3 and 9.6.0-P1, only added "new" to files that= >> =3D >> >>=20 >> >> are written to (namednew.log, confignew.log and namednew.pid). >> >>=20 >> >> OS: Solaris 10. >> >>=20 >> >> Using: >> >> pid-file "/var/run/named/namednew.pid"; >> >>=20 >> >> .. result in the following: >> >>=20 >> >> namednew.log: >> >> 26-Jan-2009 08:14:22.723 general: couldn't mkdir= >> /var/run/named/namednew.pi=3D >> >> d': Permission denied >> >> 26-Jan-2009 08:14:22.728 general: exiting (due to early fatal error) >> > >> > The log message should say couldn't mkdir /var/run/named. >> > The wrong path is being logged. >> > >> > You either need to create /var/run/named with appropriate >> > permissions so that named can write to it or change /var/run's >> >> It does exists as you can see from the "ls" output I included. And "named"= >> is >> owner of it and hence have full permissions on it (/var/run/named/). >> >> Problem is that Solaris returnes EACCESS and not EEXISTS. So just running= >> mkdir=20 >> to check if a directory exists does not work on Solaris. One gets an EACCES= >> and the=20 >> code fails. > > What are all of the permissions involved as it should work > as demonstrated by the test below. > >thing1:marka 21:31 {109} % mkdir /foo >mkdir: Failed to make directory "/foo"; Permission denied >thing1:marka 21:31 {110} % mkdir /tmp >mkdir: Failed to make directory "/tmp"; File exists >thing1:marka 21:31 {111} % uname -a >SunOS thing1 5.10 Generic_120011-14 sun4u sparc SUNW,Ultra-80 >thing1:marka 21:33 {112} % > > e.g. > > ls -ld / /var /var/run /var/run/named
SunOS ns10.nsc.no 5.10 Generic_137111-07 sun4v sparc SUNW,Sun-Fire-T200 -bash-3.00$ id uid=21(named) gid=21(named) -bash-3.00$ ls -ld / /var /var/run /var/run/named /var/run/named-test drwxr-sr-x 32 root root 1024 Jan 27 07:07 / drwxr-xr-x 47 root sys 1024 Jul 21 2008 /var drwxr-sr-x 8 root root 1216 Jan 27 07:07 /var/run drwxr-s--- 3 named named 245 Jan 26 14:44 /var/run/named drwxrwsr-x 2 root root 117 Jan 27 07:07 /var/run/named-test -bash-3.00$ mkdir / /var /var/run /var/run/named /var/run/named-test mkdir: Failed to make directory "/"; File exists mkdir: Failed to make directory "/var"; File exists mkdir: Failed to make directory "/var/run"; File exists mkdir: Failed to make directory "/var/run/named"; Permission denied mkdir: Failed to make directory "/var/run/named-test"; Permission denied I added /var/run/named-test as a test with root:root as owner. This is strange. ns10(root) run 509# getfacl /var # file: /var # owner: root # group: sys user::rwx group::r-x #effective:r-x mask:r-x other:r-x ns10(root) run 510# getfacl /var/run # file: /var/run # owner: root # group: root user::rwx group::r-x #effective:r-x mask:rwx other:r-x ns10(root) run 511# getfacl /var/run/named # file: /var/run/named # owner: named # group: named user::rwx group::r-x #effective:r-x mask:rwx other:--- Same thing happens on a "new" Soalaris 10 also, where I just created the diretory: tproxy(root) / 499# mkdir /var/run/named tproxy(root) / 505# su - named Sun Microsystems Inc. SunOS 5.10 Generic January 2005 -bash-3.00$ ls -ld / /var /var/run /var/run/named drwxr-sr-x 33 root root 1536 Jan 27 07:14 / drwxr-xr-x 30 root sys 512 Dec 2 15:59 /var drwxr-xr-x 8 root sys 1374 Jan 27 07:14 /var/run drwxrwxr-x 2 root root 117 Jan 27 07:14 /var/run/named -bash-3.00$ -bash-3.00$ mkdir / /var /var/run /var/run/named mkdir: Failed to make directory "/"; File exists mkdir: Failed to make directory "/var"; File exists mkdir: Failed to make directory "/var/run"; File exists mkdir: Failed to make directory "/var/run/named"; Permission denied It happens on Solaris 9 also: safe(root) jal 1225# mkdir /var/run/named safe(root) jal 1226# su - named Sun Microsystems Inc. SunOS 5.9 Generic May 2002 -bash-3.00$ ls -ld / /var /var/run /var/run/named drwxr-sr-x 88 root root 3072 Jan 27 07:14 / drwxr-xr-x 39 root sys 1024 Oct 14 10:34 /var drwxr-sr-x 8 root root 1304 Jan 27 07:18 /var/run drwxr-sr-x 2 root root 117 Jan 27 07:18 /var/run/named -bash-3.00$ mkdir / /var /var/run /var/run/named mkdir: Failed to make directory ""; No such file or directory mkdir: Failed to make directory "/var"; File exists mkdir: Failed to make directory "/var/run"; File exists mkdir: Failed to make directory "/var/run/named"; Permission denied I'd guess this is because of the following: swap 14G 14M 14G 1% /tmp swap 14G 5.5M 14G 1% /var/run /var/run is swap/memory on all Solaris server (SunOS 5.8 and newer). More tests on Solaris 10: As root: ns10(root) run 514# mkdir /tmp/testdir ns10(root) run 515# mkdir /tmp/testdir/testdir2 ns10(root) run 516# mkdir /tmp/testdir/testdir2/testdir3 ns10(root) run 517# mkdir /tmp/testdir/testdir2/testdir3/testdir4 As named: -bash-3.00$ ls -ld / /tmp /tmp/testdir /tmp/testdir/testdir2 /tmp/testdir/testdir2/testdir3 /tmp/testdir/testdir2/testdir3/testdir4 drwxr-sr-x 32 root root 1024 Jan 27 07:07 / drwxrwxrwt 5 root sys 510 Jan 27 07:26 /tmp drwxrwxr-x 3 root root 182 Jan 27 07:25 /tmp/testdir drwxrwxr-x 3 root root 182 Jan 27 07:25 /tmp/testdir/testdir2 drwxrwxr-x 3 root root 182 Jan 27 07:25 /tmp/testdir/testdir2/testdir3 drwxrwxr-x 2 root root 117 Jan 27 07:25 /tmp/testdir/testdir2/testdir3/testdir4 -bash-3.00$ mkdir / /tmp /tmp/testdir /tmp/testdir/testdir2 /tmp/testdir/testdir2/testdir3 /tmp/testdir/testdir2/testdir3/testdir4 mkdir: Failed to make directory "/"; File exists mkdir: Failed to make directory "/tmp"; File exists mkdir: Failed to make directory "/tmp/testdir"; File exists mkdir: Failed to make directory "/tmp/testdir/testdir2"; Permission denied mkdir: Failed to make directory "/tmp/testdir/testdir2/testdir3"; Permission denied mkdir: Failed to make directory "/tmp/testdir/testdir2/testdir3/testdir4"; Permission denied As my own user: -bash-3.00$ mkdir / /tmp /tmp/testdir /tmp/testdir/testdir2 /tmp/testdir/testdir2/testdir3 /tmp/testdir/testdir2/testdir3/testdir4 mkdir: Failed to make directory "/"; File exists mkdir: Failed to make directory "/tmp"; File exists mkdir: Failed to make directory "/tmp/testdir"; File exists mkdir: Failed to make directory "/tmp/testdir/testdir2"; Permission denied mkdir: Failed to make directory "/tmp/testdir/testdir2/testdir3"; Permission denied mkdir: Failed to make directory "/tmp/testdir/testdir2/testdir3/testdir4"; Permission denied As root it is OK, I get "exists" all the way: ns10(root) run 519# mkdir /tmp/testdir /tmp/testdir/testdir2 /tmp/testdir/testdir2/testdir3 /tmp/testdir/testdir2/testdir3/testdir4 mkdir: cannot create directory `/tmp/testdir': File exists mkdir: cannot create directory `/tmp/testdir/testdir2': File exists mkdir: cannot create directory `/tmp/testdir/testdir2/testdir3': File exists mkdir: cannot create directory `/tmp/testdir/testdir2/testdir3/testdir4': File exists If I do the following as root: chmod a+w /tmp/testdir /tmp/testdir/testdir2 /tmp/testdir/testdir2/testdir3 /tmp/testdir/testdir2/testdir3/testdir4 And then as named: -bash-3.00$ mkdir / /tmp /tmp/testdir /tmp/testdir/testdir2 /tmp/testdir/testdir2/testdir3 /tmp/testdir/testdir2/testdir3/testdir4 mkdir: Failed to make directory "/"; File exists mkdir: Failed to make directory "/tmp"; File exists mkdir: Failed to make directory "/tmp/testdir"; File exists mkdir: Failed to make directory "/tmp/testdir/testdir2"; File exists mkdir: Failed to make directory "/tmp/testdir/testdir2/testdir3"; File exists mkdir: Failed to make directory "/tmp/testdir/testdir2/testdir3/testdir4"; File exists I get exists all the way, but then again one do not want it to be world writable. Neither do one want named as owner and/or group on /var/run to fix it on the OS side. On a "normal" directory (not swap/memory), one get exits all the way: -bash-3.00$ ls -ld / /local /local/gnu /local/gnu/man /local/gnu/man/man1 /local/gnu/man/man1/bash.1 drwxr-sr-x 32 root root 1024 Jan 27 07:07 / drwxr-sr-x 35 root root 1024 Jan 27 01:32 /local drwxr-sr-x 19 root root 512 Sep 11 2006 /local/gnu drwxr-sr-x 10 root root 512 Jul 23 2008 /local/gnu/man drwxr-sr-x 2 root root 4608 Jul 22 2008 /local/gnu/man/man1 -rw-r--r-- 1 root root 243808 Jul 22 2008 /local/gnu/man/man1/bash.1 -bash-3.00$ mkdir / /local /local/gnu /local/gnu/man /local/gnu/man/man1 /local/gnu/man/man1/bash.1 mkdir: Failed to make directory "/"; File exists mkdir: Failed to make directory "/local"; File exists mkdir: Failed to make directory "/local/gnu"; File exists mkdir: Failed to make directory "/local/gnu/man"; File exists mkdir: Failed to make directory "/local/gnu/man/man1"; File exists mkdir: Failed to make directory "/local/gnu/man/man1/bash.1"; File exists So /var/run (and /tmp) beeing swap/memory must be the root cause of the behaviour .. (?) > Mark > >> > permissions so that named can create /var/run/named. >> > >> > Named will continue if mkdir(/var/run/named) returns EEXISTS. >> >> Wich it will not on Solaris if you do not have the perm to create it, even= >> though it=20 >> exists and you have full perm on it. >> >> ? >> >> >=20 >> > Mark >> > >> > /* >> > * Make the containing directory if it doesn't exist. >> > */ >> > slash =3D strrchr(pidfile, '/'); >> > if (slash !=3D NULL && slash !=3D pidfile) { >> > *slash =3D '\0'; >> > mode =3D S_IRUSR | S_IWUSR | S_IXUSR; /* u=3Drwx */ >> > mode |=3D S_IRGRP | S_IXGRP; /* g=3Drx */ >> > mode |=3D S_IROTH | S_IXOTH; /* o=3Drx */ >> > n =3D mkdir(pidfile, mode); >> > if (n =3D=3D -1 && errno !=3D EEXIST) { >> > isc__strerror(errno, strbuf, sizeof(strbuf)); >> > (*report)("couldn't mkdir %s': %s", filename, >> > strbuf); >> > free(pidfile); >> > pidfile =3D NULL; >> > return; >> > } >> > *slash =3D '/'; >> > } >> > >> >> BIND 9.6.0-P1 truss.out: >> >> --CUT-- >> >> 25123/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D3D 0 >> >> 25123/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D3D 9 >> >> 25123/65: fcntl(9, F_GETFL) =3D3D= >> 8320 >> >> 25123/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D3D 0 >> >> 25123/65: setgid(21) =3D3D 0 >> >> 25123/65: setuid(21) =3D3D 0 >> >> 25123/65: access(".", W_OK) =3D3D 0 >> >> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= >> 06=3D >> >> 66) =3D3D 10 >> >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 332 >> >> 25123/65: close(10) =3D3D 0 >> >> 25123/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,= >> 0=3D >> >> 666) =3D3D 10 >> >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 0 >> >> 25123/65: close(10) =3D3D 0 >> >> 25123/65: mkdir("/var/run/named", 0755) Err#13= >> EACC=3D >> >> ES [ALL] >> >> 25123/65: stat("/var/log/namednew.log", 0xFFFFFFFF79D0F3C0) =3D3D 0 >> >> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= >> 06=3D >> >> 66) =3D3D 10 >> >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 332 >> >> 25123/65: fstat(10, 0xFFFFFFFF79D0E540) =3D3D 0 >> >> 25123/65: fstat(10, 0xFFFFFFFF79D0E410) =3D3D 0 >> >> 25123/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E47C) Err#25= >> ENOT=3D >> >> TY >> >> 25123/65: write(10, 0x10502E754, 97) =3D3D 97 >> >> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 3 g e= >> n =3D >> >> e r a l >> >> 25123/65: : c o u l d n ' t m k d i r / v a r / r u n / n= >> a =3D >> >> m e d / >> >> 25123/65: n a m e d n e w . p i d ' : P e r m i s s i o n d= >> e =3D >> >> n i e d >> >> 25123/65: \n >> >> 25123/65: write(10, 0x10502E754, 69) =3D3D 69 >> >> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 8 g e= >> n =3D >> >> e r a l >> >> 25123/65: : e x i t i n g ( d u e t o e a r l y f a t= >> a =3D >> >> l e r >> >> 25123/65: r o r )\n >> >> 25123/65: _exit(1) >> >>=20 >> >> It fails because it tries to just create the /var/run/named directory= >> inste=3D >> >> ad >> >> of cheking if the directory exist and if it can write to it. =3D >> >>=20 >> >>=20 >> >> ns12(root) named 515# ls -la /var/run/named >> >> total 40 >> >> drwxr-s--- 4 named named 307 Jan 26 06:51 ./ >> >> drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ../ >> >> -rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid >> >>=20 >> >> So /var/run/named exists and is fully writable by user named. >> >>=20 >> >> User "named" should of course not be able to crate diretories below >> >> "/var/run". Especially since many other things on Solaris 10 uses that >> >> directory also. >> >>=20 >> >>=20 >> >> If I use: >> >> pid-file "/var/run/named/named/namednew.pid"; >> >>=20 >> >> ... everything works fine, since it now can run mkdir without getting= >> "EACC=3D >> >> ES". =3D >> >>=20 >> >> Instead it gets "EEXIST" and is OK with that. >> >>=20 >> >> BIND 9.6.0-P1 truss.out: >> >> --CUT-- >> >> 25404/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D3D 0 >> >> 25404/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D3D 9 >> >> 25404/65: fcntl(9, F_GETFL) =3D3D= >> 8320 >> >> 25404/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D3D 0 >> >> 25404/65: setgid(21) =3D3D 0 >> >> 25404/65: setuid(21) =3D3D 0 >> >> 25404/65: access(".", W_OK) =3D3D 0 >> >> 25404/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= >> 06=3D >> >> 66) =3D3D 10 >> >> 25404/65: lseek(10, 0, SEEK_END) =3D3D 498 >> >> 25404/65: close(10) =3D3D 0 >> >> 25404/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,= >> 0=3D >> >> 666) =3D3D 10 >> >> 25404/65: lseek(10, 0, SEEK_END) =3D3D 0 >> >> 25404/65: close(10) =3D3D 0 >> >> 25404/65: mkdir("/var/run/named/named", 0755) Err#17= >> EEXI=3D >> >> ST >> >> 25404/65: stat("/var/run/named/named/namednew.pid",= >> 0xFFFFFFFF79D0F98=3D >> >> 0) Err#2 ENOENT >> >> 25404/65: unlink("/var/run/named/named/namednew.pid") Err#2= >> ENOENT >> >> 25404/65: open("/var/run/named/named/namednew.pid",= >> O_WRONLY|O_CREAT|=3D >> >> O_EXCL, 0644) =3D3D 10 >> >> 25404/65: fcntl(10, F_GETFD, 0x000001A4) =3D3D 0 >> >> 25404/65: getpid() =3D3D= >> 25404 [=3D >> >> 25403] >> >> 25404/65: fstat(10, 0xFFFFFFFF79D0E9D0) =3D3D 0 >> >> 25404/65: fstat(10, 0xFFFFFFFF79D0E8A0) =3D3D 0 >> >> 25404/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E90C) Err#25= >> ENOT=3D >> >> TY >> >> 25404/65: write(10, " 2 5 4 0 4\n", 6) =3D3D 6 >> >> 25404/65: close(10) =3D3D 0 >> >> --CUT-- >> >>=20 >> >>=20 >> >> Trussing 9.4.3 I see that it does it differently: >> >>=20 >> >> --CUT-- >> >> 25730/10: access(".", W_OK) =3D3D 0 >> >> 25730/10: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,= >> 06=3D >> >> 66) =3D3D 10 >> >> 25730/10: lseek(10, 0, SEEK_END) =3D3D= >> 2625 >> >> 25730/10: close(10) =3D3D 0 >> >> 25730/10: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,= >> 0=3D >> >> 666) =3D3D 10 >> >> 25730/10: lseek(10, 0, SEEK_END) =3D3D 0 >> >> 25730/10: close(10) =3D3D 0 >> >> 25730/10: stat("/var/run/named/namednew.pid", 0xFFFFFFFF7D90F660)= >> Err=3D >> >> #2 ENOENT >> >> 25730/10: unlink("/var/run/named/namednew.pid") Err#2= >> ENOENT >> >> 25730/10: open("/var/run/named/namednew.pid",= >> O_WRONLY|O_CREAT|O_EXCL=3D >> >> , 0644) =3D3D 10 >> >> 25730/10: fcntl(10, F_GETFD, 0x000001A4) =3D3D 0 >> >> 25730/10: getpid() =3D3D= >> 25730 [=3D >> >> 25729] >> >> 25730/10: fstat(10, 0xFFFFFFFF7D90E6B0) =3D3D 0 >> >> 25730/10: fstat(10, 0xFFFFFFFF7D90E580) =3D3D 0 >> >> 25730/10: ioctl(10, TCGETA, 0xFFFFFFFF7D90E5EC) Err#25= >> ENOT=3D >> >> TY >> >> 25730/10: write(10, " 2 5 7 3 0\n", 6) =3D3D 6 >> >> --CUT-- >> >>=20 >> >>=20 >> >> It seems that someone has "shorted" the code to create and/or check the= >> pid=3D >> >> -file. >> >>=20 >> >> Maybe that "shortcut" will work on Linux, but it for sure does not work= >> on =3D >> >> Solaris 10. >> >>=20 >> >> Having to use .../named/named/... in the pid-file option is of course= >> possi=3D >> >> ble, but I =3D >> >>=20 >> >> guess that it is not the way it is supposed to be...(?)... >> >>=20 >> >> Help? Ideas? >> >>=20 >> >> Regards >> >> Jan Arild Lindstr=3DF8m >> >>=20 >> >> _______________________________________________ >> >> bind-users mailing list >> >> bind-users@lists.isc.org >> >> https://lists.isc.org/mailman/listinfo/bind-users >> >--=20 >> >Mark Andrews, ISC >> >1 Seymour St., Dundas Valley, NSW 2117, Australia >> >PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org >> >> Regards >> Jan Arild Lindstr=F8m >> >-- >Mark Andrews, ISC >1 Seymour St., Dundas Valley, NSW 2117, Australia >PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org Regards Jan Arild Lindstrøm _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users