[Bug 341817] [NEW] dhcpd wont start due to rndc.key permissions

Thu, 12 Mar 2009 09:51:21 -0700 

Public bug reported:

Binary package hint: dhcp3-server

System information:
#lsb_release -rd
Description:    Ubuntu 8.04.1
Release:        8.04
#apt-cache policy dhcp3-server
dhcp3-server:
  Installed: 3.0.6.dfsg-1ubuntu9
  Candidate: 3.0.6.dfsg-1ubuntu9
  Version table:
 *** 3.0.6.dfsg-1ubuntu9 0
        500 http://nl.archive.ubuntu.com hardy/main Packages
        100 /var/lib/dpkg/status
#apt-cache policy bind9
bind9:
  Installed: 1:9.4.2.dfsg.P2-2ubuntu0.1
  Candidate: 1:9.4.2.dfsg.P2-2ubuntu0.1
  Version table:
 *** 1:9.4.2.dfsg.P2-2ubuntu0.1 0
        500 http://nl.archive.ubuntu.com hardy-updates/main Packages
        500 http://security.ubuntu.com hardy-security/main Packages
        100 /var/lib/dpkg/status
     1:9.4.2-10 0
        500 http://nl.archive.ubuntu.com hardy/main Packages

Problem:
dhcpd wont start - "/etc/bind/rndc.key: Permission denied"
Workaround found but is a potential security issue ("/etc/bind/rndc.conf" world 
readable)

Brief:
Trying to get dhcp3-server and bind9 to work together nicely.
The "/etc/bind/rndc.key" file is owned by bind:bind w. 640 perms by default and 
dhcpd3 process runs under user "dhcpd". Adding user "dhcpd" to group "bind" 
does not seem to work. Permissions of "/etc/bind/rndc.key" need to be changed 
to 644 for dhcp3-server to start (I could find no other solution - after a few 
hours of google and 30 minutes of play, at least ;-)

Steps:
- Install & configure bind9 (configuration tested and working)
- Install & configure dhcp3-server
- sudo /etc/init.d/dhcp3-server start

Expected result:
dhcpd starts

Actual result:
#/etc/init.d/dhcp3-server start
dhcpd self-test failed. Please fix the config file.
The error was:
Can't open /etc/bind/rndc.key: Permission denied
#ls -l `which dhcpd3`
-rwxr-xr-x 1 root root 516164 2008-04-02 15:38 /usr/sbin/dhcpd3
#ls -l /etc/bind/rndc.key
-rw-r----- 1 bind bind 77 2009-03-12 14:30 /etc/bind/rndc.key
#id -a dhcpd
uid=111(dhcpd) gid=122(dhcpd) groups=122(dhcpd),121(bind)

Workaround:
- Change permissions of /etc/bind/rndc.key to world readable (from 640 -> 644)
  note: adding 'dhcpd' user to 'bind' group does not work for some reason
- Start dhcpd:
#chmod 644 /etc/bind/rndc.key
#/etc/init.d/dhcp3-server start
 * Starting DHCP server dhcpd3                                                  
                                       [ OK ]
#ps -ef | grep dhcpd
dhcpd     3292     1  0 17:11 ?        00:00:00 /usr/sbin/dhcpd3 -q -pf 
/var/run/dhcp3-server/dhcpd.pid -cf /etc/dhcp3/dhcpd.conf eth0
root      3298  3090  0 17:11 pts/0    00:00:00 grep dhcpd

** Affects: dhcp3 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
dhcpd wont start due to rndc.key permissions
https://bugs.launchpad.net/bugs/341817
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to