On Tue, 20 Nov 2018, Simon Deziel via Unbound-users wrote:
On 2018-11-20 10:22 a.m., Paul Wouters via Unbound-users wrote:
[paul@thinkpad tmp]$ cat /usr/lib/systemd/system/unbound.service [Unit]
Description=Unbound recursive Domain Name Server
After=network.target
After=unbound-keygen.service
Wants=unbound-keygen.service
Wants=unbound-anchor.timer
Before=nss-lookup.target
Wants=nss-lookup.target
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/unbound
ExecStartPre=/usr/sbin/unbound-checkconf
ExecStartPre=-/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c
/etc/unbound/icannbundle.pem -f /etc/resolv.conf -R
Doesn't that result in a root.key owned by root?
Nope. I guess unbound-anchor drops privs or keeps the existing
owner/group intact.
paul@bofh7:~$ ls -l /var/lib/unbound/
total 8
-rw-r--r--. 1 unbound unbound 1251 Nov 21 00:00 root.key
-rw-r--r--. 1 unbound unbound 1251 Oct 2 2017 root.key.rpmsave
Paul
