Hi, Michael: Michael Tokarev wrote: > unbound server logs a warning like this: > > unbound[616]: [616:0] error: could not open autotrust file for writing, > /var/lib/unbound/root.key.616-0: Permission denied > > apparently unbound daemon (not only unbound-anchor) tries to write > auto-trust-anchor file while operating, but since /var/lib/unbound > directory is owned by root while unbound is run by another user, > it does not have permission to create new files in that dir.
Yes, an "auto" trust anchor file needs to be writeable by the Unbound daemon. > Note that while the unbound.conf manpage says this _file_ should be > writable, it looks like the _directory_ where the file resides should > be writable instead, since unbound performs create+rename instead of > rewriting. Hm, this directory is chown'd to unbound:unbound in the postinst. I guess there is some way the ownership is getting reset. > So I think the fix is to chown /var/lib/unbound not /var/lib/unbound/root.key. > > And to run unbound-anchor as unbound user there too, to stop chown'ing > the key file. Yes, that makes sense to me. -- Robert Edmonds [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
