Re: bind 9.7.1-P2 startup: unable to set effective gid to 0

2010-09-29 Thread Takashi Mizuno

We are also facing the same issue that AJ wrote previously.

We are trying to upgrade from bind version 9.4.3-P3 to 9.7.2-P2 using with 
chroot environment on a Solaris 9.
It never see the following warning message when bind 9.4.3-P3 running on a 
our solaris 9 server, but 9.7.1-P2, 9.7.2rc1 and 9.7.2-P2 show same warning 
message;


  [ID 873579 daemon.notice] starting BIND 9.7.2-P2 -u named -t 
/var/named/chroot
  [ID 873579 daemon.notice] built with '--exec-prefix=/opt/bind-9.7.2-P2' 
'--without-openssl' '--disable-ipv6'

  [ID 873579 daemon.warning] unable to set effective gid to 0: Not owner
  Sep 29 15:20:34 dns1 last message repeated 1 time
  [ID 873579 daemon.notice] command channel listening on 127.0.0.1#953

Our bind be starting with following parameters on a our server;
  /opt/bind/sbin/named -u named -t /var/named/chroot 

Our chroot directory on a our server have respectively set to;
  drwxr-xr-x   3 namednamed 512  /var/named/
  drwx--   6 namednamed512 /var/named/chroot/
  drwx--   4 namednamed512 /var/named/chroot/var/
  drwx--   5 namednamed   1536 /var/named/chroot/var/named/ .

Our named user have set to;
  # grep named /etc/passwd
  named:x:53:53::/var/named:/bin/false
  # grep named /etc/group
  named::53: .


Does anyone help how this warning message do repress?

Thanks for advance
--
Takashi M.


- Original Message - 
From: aldus jung aldus...@gmail.com

To: bind-us...@isc.org
Sent: Saturday, September 18, 2010 8:13 AM
Subject: Re: bind 9.7.1-P2 startup: unable to set effective gid to 0


Just a follow up, I've added some debug statements to bin/named/unix/os.c 
to
see the files that named is trying to set the effective gid for, and I 
see:

[ID 873 daemon.warning] Trying to open: '/var/run/named.pid'.
[ID 873 daemon.warning] unable to set effective gid to 0: Not owner
[ID 873 daemon.info] generating session key for dynamic DNS
[ID 873 daemon.warning] Trying to open: '/var/run/named/session.key'.

We are running bind in a chrooted environment, running named as user 
'named'

on a Solaris 10 server:
/bind/sbin/named -t /chroot/domain -u named

Only when we make root's primary id to be 0, we can get rid of the 
warning.

We tried adding root to the group 'root', and we still get the warning.

We've set /chroot/domain/var/run ownership to: drwxrwxr-x   4 root 
other


And named.pid gets created correctly:
-rw-r--r--   1 namednamed

It could be something simple that I am missing.. we'll well see.  Any
thoughts?   Thanks for your help,

AJ

On Fri, Sep 17, 2010 at 2:42 PM, aldus jung aldus...@gmail.com wrote:


We recently upgraded from bind version 9.7.0 to 9.7.1-P2 and we noticed
that upon start of named, we are seeing the following warning message:

 [ID 123 daemon.warning] unable to set effective gid to 0: Not owner
 [ID 123 daemon.info] generating session key for dynamic DNS
 [ID 123 daemon.warning] unable to set effective gid to 0: Not owner

On our DNS server, root user is configured as uid=0(root) gid=1(other), 
but

we didn't encounter these warnings in version 9.7.0.
It would be easy to work around the warnings by adding root to root's
group, but I wanted to understand why we are getting these warning when 
we

didn't see this on 9.7.0.

Which file or directory is named trying to set gid to 0?

thanks for your help,
AJ











___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users 


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: bind 9.7.1-P2 startup: unable to set effective gid to 0

2010-09-17 Thread aldus jung
Just a follow up, I've added some debug statements to bin/named/unix/os.c to
see the files that named is trying to set the effective gid for, and I see:
[ID 873 daemon.warning] Trying to open: '/var/run/named.pid'.
[ID 873 daemon.warning] unable to set effective gid to 0: Not owner
[ID 873 daemon.info] generating session key for dynamic DNS
[ID 873 daemon.warning] Trying to open: '/var/run/named/session.key'.

We are running bind in a chrooted environment, running named as user 'named'
on a Solaris 10 server:
/bind/sbin/named -t /chroot/domain -u named

Only when we make root's primary id to be 0, we can get rid of the warning.
We tried adding root to the group 'root', and we still get the warning.

We've set /chroot/domain/var/run ownership to: drwxrwxr-x   4 root other

And named.pid gets created correctly:
-rw-r--r--   1 namednamed

It could be something simple that I am missing.. we'll well see.  Any
thoughts?   Thanks for your help,

AJ

On Fri, Sep 17, 2010 at 2:42 PM, aldus jung aldus...@gmail.com wrote:

 We recently upgraded from bind version 9.7.0 to 9.7.1-P2 and we noticed
 that upon start of named, we are seeing the following warning message:

  [ID 123 daemon.warning] unable to set effective gid to 0: Not owner
  [ID 123 daemon.info] generating session key for dynamic DNS
  [ID 123 daemon.warning] unable to set effective gid to 0: Not owner

 On our DNS server, root user is configured as uid=0(root) gid=1(other), but
 we didn't encounter these warnings in version 9.7.0.
 It would be easy to work around the warnings by adding root to root's
 group, but I wanted to understand why we are getting these warning when we
 didn't see this on 9.7.0.

 Which file or directory is named trying to set gid to 0?

 thanks for your help,
 AJ


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users