Hello Anand / Tony
On 02/04/2019 20.25, Anand Buddhdev wrote:
On 02/04/2019 17:12, Tony Finch wrote:
Hi Tony,
I have not noticed these errors on my toy server. I had a look at the code
and I thought Stephan's explanation was correct. My guess is that he is
starting named without root privileges, so it is unable to switch back and
forth between users when it is starting up. It switches users so files
are created with the correct privileges, and as Stephan said, that is when
the warnings are emitted. It might be a combination of starting as an
unprivileged user and also providing the -u command line option.
On my CentOS 7 test server, I start BIND 9.14.0 as root, like this:
named -f -u named
or
named -g -u named
It still emits those warnings.
I also tried to start it manually as root on both, RHEL6 and 7:
named -u named -c /etc/named/named.conf -4 -t /var/named/chroot -g
The error message is also displayed twice on both systems.
I removed Linux capabilities with "--disable-linux-caps" and
unsurprisingly, the error messages are not displayed anymore.
However, there are some drawbacks regarding security (According to the
release notes) and I don't see any other reason to disable it.
Thank you for pointing out the caps setting in the SPEC file, I haven't
thought about that.
However, I couldn't find anything about which Linux capabilities
must/should be set in the SPEC file.
Kind Regards
Stephan
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
