Patch: Updated default NSD permission/locations

Fri, 01 Oct 2010 13:54:15 -0700 

The following patches makes establish the following default NSD
permissions/locations:

- /var/nsd/db for stuff that nsd(8) may write to (as user/group _nsd)
- /var/nsd/nsd.db for the read-only database.
- /var/nsd/zones default zone directory.
- /etc/nsd.conf for the config file

This still requires nsd-{patch,zonec} to be run as root, and I would
appreciate feedback on whether we should run these two (which are the only
programs that needs to write to nsd.db & the zone files) as another user (e.g.
_nsdmaint).

We could also consider splitting /var/nsd/zones into one directory for master
zone (read-only) and slave zones (writable by nsd-patch).

        jakob


Index: etc/mtree/4.4BSD.dist
===================================================================
RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
retrieving revision 1.207
diff -u -r1.207 4.4BSD.dist
--- etc/mtree/4.4BSD.dist       22 Sep 2010 13:01:10 -0000      1.207
+++ etc/mtree/4.4BSD.dist       1 Oct 2010 20:45:56 -0000
@@ -2496,6 +2496,27 @@
 # ./var/named
 ..

+# ./var/nsd
+nsd
+
+# ./var/nsd/db
+db             uname=root gname=_nsd mode=0775
+# ./var/nsd/db
+..
+
+# ./var/nsd/dev
+dev
+# ./var/nsd/dev
+..
+
+# ./var/nsd/zones
+zones          uname=root gname=wheel mode=0755
+# ./var/nsd/zones
+..
+
+# ./var/nsd
+..
+
 # ./var/obj                            XXX
 #obj
 # ./var/obj                            XXX
cvs server: Diffing usr.sbin/nsd
Index: usr.sbin/nsd/Makefile.bsd-wrapper
===================================================================
RCS file: /cvs/src/usr.sbin/nsd/Makefile.bsd-wrapper,v
retrieving revision 1.5
diff -u -r1.5 Makefile.bsd-wrapper
--- usr.sbin/nsd/Makefile.bsd-wrapper   22 Aug 2010 09:30:18 -0000      1.5
+++ usr.sbin/nsd/Makefile.bsd-wrapper   1 Oct 2010 20:45:56 -0000
@@ -15,11 +15,11 @@
                --with-user=${USER} \
                --with-nsd-conf-file=/etc/nsd.conf \
                --with-chroot=${CHROOTDIR} \
-               --with-pidfile=${CHROOTDIR}/nsd.pid \
+               --with-pidfile=${CHROOTDIR}/db/nsd.pid \
                --with-zonesdir=${CHROOTDIR}/zones \
                --with-dbfile=${CHROOTDIR}/nsd.db \
-               --with-difffile=${CHROOTDIR}/ixfr.db \
-               --with-xfrdfile=${CHROOTDIR}/xfrd.state \
+               --with-difffile=${CHROOTDIR}/db/ixfr.db \
+               --with-xfrdfile=${CHROOTDIR}/db/xfrd.state \
                --enable-root-server

 PROG=  nsd nsd-zonec nsd-notify nsd-checkconf nsd-patch nsd-xfer

Reply via email to