On 02/01/2012 04:56 AM, Evan Hunt wrote:
Now the private key is inaccessible to the named process, which is
running as user bind. User bind is a member of group bind.
Any time a private key file is rewritten, the mode is changed to 600.
This kind of keyfile nannying annoys me, with other
I consider it a feature, though opinions may vary.
I consider it a bug, and it's going to bite hard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
On 1 Feb 2012, at 09:52, Phil Mayers wrote:
As is probably obvious, I consider it an irritating bug ;o)
+1
Niall O'Reilly
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
As is probably obvious, I consider it an irritating bug ;o)
+1
Agreed. A warning that can be redirected to /dev/null might be okay.
Changing it unconditionally is not.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
Please visit
Now the private key is inaccessible to the named process, which is
running as user bind. User bind is a member of group bind.
Any time a private key file is rewritten, the mode is changed to 600.
There's no rule that it has to be owned by root, though; could you just chown
it to user bind?
I ran dnssec-settime from bind 9.9.0rc2 today to change the metadata on two of
my ZSKs. Before running dnssec-settime, using one of these keys as an example,
the file permissions were:
-rw-r--r-- 1 root bind 535 2012-01-31 11:47 Kjaspain.us.+005+30795.key
-rw-r- 1 root bind 1058
6 matches
Mail list logo
