--
Best Regards
----
My Chaos: https://n23.appspot.com
vi /etc/rc:
...
if [ X"${named_flags}" != X"NO" ]; then
if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
echo -n "rndc-confgen: generating new shared secret... "
if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then
chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1
echo done.
else
echo failed.
fi
fi
echo 'starting named'; named $named_flags
fi
...
On Thu, Nov 13, 2008 at 14:08, 23号 <[EMAIL PROTECTED]> wrote:
> vi /etc/rc:
> ..
> if [ X"${named_flags}" != X"NO" ]; then
> if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
> echo -n "rndc-confgen: generating new shared secret... "
> if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1;
> then
> chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1
> echo done.
> else
> echo failed.
> fi
> fi
>
> echo 'starting named'; named $named_flags
> fi
> ...
>
> --
> Best Regards
> ----
> My Chaos: https://n23.appspot.com
>
>
>
> On Wed, Nov 12, 2008 at 14:17, Woodchuck <[EMAIL PROTECTED]> wrote:
>> On Tue, 11 Nov 2008, Don Jackson wrote:
>>
>>> Today I began testing named on a freshly installed OpenBSD 4.4 amd64
>>> machine, using my old named.conf file from 4.3 (which was still running
>>> named version 9.4.2)
>>>
>>> When the machine first boots after the install, /etc/rc determines there is
>>> no rndc.key, and generates one:
>>>
>>> rndc-confgen: generating new shared secret... done.
>>> starting named
>>>
>>>
>>> Here are the owner, group, and file modes of the two different copies of
>>> rndc.key that are generated:
>>>
>>> # ls -lAF /etc/rndc.key /var/named/etc/rndc.key
>>> -rw------- 1 root wheel 77 Nov 11 12:24 /etc/rndc.key
>>> -rw-r----- 1 root wheel 77 Nov 11 12:24 /var/named/etc/rndc.key
>>>
>>>
>>> named only cares about the rndc.key in /var/named/etc
>>
>> Right. But later, rndc will use the /etc version. So you need
>> both, and the permissions you show are sane ones.
>>
>>> Looking at the logs: /var/log/daemon, one can see:
>>>
>>> Nov 11 12:24:10 svn01 named[142]: none:0: open: /etc/rndc.key: permission
>>> denied
>>> Nov 11 12:24:10 svn01 named[142]: couldn't add command channel
>>> 127.0.0.1#953:
>>> permission denied
>>>
>>> Here is my workaround:
>>>
>>> # chown root:named /var/named/etc/rndc.key
>>> # ls -lAF /var/named/etc/rndc.key
>>> -rw-r----- 1 root named 77 Nov 11 12:24 /var/named/etc/rndc.key
>>>
>>>
>>> Should /etc/rc set the group ownership of /var/named/etc/rndc.key?
>>>
>>> Comments?
>>
>> I think rndc.key should pick up the named group from the ownerships
>> and permissions on /var/named/etc.
>>
>> /var/named/etc should be owned by root.named and have permissions 750.
>>
>> I bet your /var/named/etc is owned by root.wheel.
>>
>> Dave
