At 08:54 AM 3/21/2008, Martin McCormick wrote:
I think I fixed it but I am not sure I would have
figured it out quickly without the help from the list.
It seems that FreeBSD defaults to a chroot of bind with
the tree owned by root. You can run bind in a sandbox as the
documentation says and have it chroot but if you do, and heres's
the confusion, you had better disable FreeBSD's attempt to make
sure the /var/named tree is always owned by root which would be
fine if named ran as root.
When you run it in a sandbox with a lower-priority UID,
you must make sure that at least one more little line appears in
named_chrootdir="" # Chroot directory (or "" not to auto-chroot it)
That's the key right there. If you use lines from rc.conf.local
from an older system such as pre-FreeBSD5, you don't need that
line and things work fine. If you don't have it on a FreeBSD5 or
/etc/defaults/rc.conf supplies the default version of that line
named_chrootdir="/var/named" # Chroot directory (or "" not to
and one is seriously messed up from there on during the booting
I was confused and thought this would all help me keep
ownership of /var/named belonging to bind when, in fact, it does
just the opposite.
Yes it is confusing. It is more confusing if you upgrade as the chroot'ing
behavior wasn't the default behavior in older versions. So often an
upgraded system won't run named until you fix these settings.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"