named unable to set effective uid to 0 Operation not permitted

Sat, 19 Oct 2019 10:52:30 -0700 

Bind 9.7.1 - 9.14.5 - 9.14.7 and 9.15.3 is dropping this into sys.log, but 
still runs fine:

named[459]: unable to set effective uid to 0: Operation not permitted
named[459]: generating session key for dynamic DNS
named[459]: unable to set effective uid to 0: Operation not permitted
named[459]: sizing zone task pool based on 2 zones

Some ancient info in the mail list archives, shows some people running into 
this message also at 9.7.1:
https://lists.isc.org/mailman/htdig/bind-users/2010-September/081230.html
https://lists.isc.org/mailman/htdig/bind-users/2010-September/081233.html
https://lists.isc.org/mailman/htdig/bind-users/2014-July/093460.html

At v9.14.1 
http://bind-users-forum.2342410.n4.nabble.com/BIND-9-14-0-unable-to-set-effective-uid-to-0-Operation-not-permitted-td6844.htmldescribing
 named wanting to revert the files back to UID 0, root for some reason even 
though it is in chroot at this time.

The ISC git page also discusses the issue: 
[https://gitlab.isc.org/isc-projects/bind9/issues/104](https://gitlab.isc.org/isc-projects/bind9/issues/1042)

Seems to happen when making these files on startup while in chroot and wanting 
to change them back to UID 0
/srv/named/var/run/named/session.key
/srv/named/var/run/named.pid

Some people tried to satisfy the condition by adding root to group root and 
changing the file ownership to root.

If you disable caps --disable-linux-caps at compile time ( but at the cost of 
security, and no one knows what that cost is?!?)
the messages go away.

Running on an LFS 9.0 build with libcap 2.27  no PAM, Virtualbox
http://linuxfromscratch.org/blfs/view/svn/server/bind.html

Anyone with some info, please let me know.
Time to relabel the messages to be more clear about it being a WARNING or an 
ERROR?
Or someone clearly indicating that these messages can be ignored would be 
helpful.

Thanks so much.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to