Hi Wouter. I can see you correction in the trunk repository - thanks. ># remove unused permissions >chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
But I have to warn you about one extra problem. If make a chmod/chown changes corresponding to this new unbound-control-setup.sh: -rw-r----- 1 root wheel 891 21 ноя 17:57 unbound_control.key -rw-r----- 1 root wheel 627 21 ноя 17:57 unbound_control.pem -rw-r----- 1 root wheel 887 21 ноя 17:57 unbound_server.key -rw-r----- 1 root wheel 619 21 ноя 17:57 unbound_server.pem then, during system restarting, unbound do not starts automaticaly and I can see this error messages insight of unbound.log: [1227454036] unbound[1035:0] debug: module config: "iterator" [1227454036] unbound[1035:0] notice: init module 0: iterator [1227454036] unbound[1035:0] debug: target fetch policy for level 0 is 3 [1227454036] unbound[1035:0] debug: target fetch policy for level 1 is 2 [1227454036] unbound[1035:0] debug: target fetch policy for level 2 is 1 [1227454036] unbound[1035:0] debug: target fetch policy for level 3 is 0 [1227454036] unbound[1035:0] debug: target fetch policy for level 4 is 0 [1227454036] unbound[1035:0] debug: Reading root hints from /named.cache [1227454036] unbound[1035:0] info: DelegationPoint<.>: 13 names (7 missing), 19 addrs (0 result, 19 avail) [1227454036] unbound[1035:0] debug: duplicate donotquery address ignored. [1227454036] unbound[1035:1] debug: cache memory msg=33040 rrset=33040 infra=1312 val=0 [1227454036] unbound[1035:2] debug: cache memory msg=33040 rrset=33040 infra=1312 val=0 [1227454036] unbound[1035:3] debug: cache memory msg=33040 rrset=33040 infra=1312 val=0 [1227454036] unbound[1035:0] error: Error setting up SSL_CTX key and cert crypto error:0200100D:system library:fopen:Permission denied [1227454036] unbound[1035:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib [1227454036] unbound[1035:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib [1227454036] unbound[1035:0] error: util/alloc.c at 131 could not pthread_spin_destroy(&alloc->lock): Invalid argument [1227454036] unbound[1035:0] fatal error: Could not initialize main thread procstat for running unbound proces says this: # procstat -s 1035 PID COMM EUID RUID SVUID EGID RGID SVGID GROUPS 1035 unbound 59 59 59 1 1 1 1 GID=1 - it is FreeBSD special 'deamon' group UID=59 - it is dedicated user ID for unbound GID=59 - it is dedicated group ID for unbound This trouble disappears only if I make this set of ACL/ownership changes: -r--r----- 1 unbound wheel 891 21 ноя 17:57 unbound_control.key -r--r----- 1 unbound wheel 627 21 ноя 17:57 unbound_control.pem -r--r----- 1 unbound wheel 887 21 ноя 17:57 unbound_server.key -r--r----- 1 unbound wheel 619 21 ноя 17:57 unbound_server.pem So... It may be only FreeBSD specific situation or may be not - I can not investigate this issue more detailed. Anyway - hope this report will be helpfull... On Friday 21 November 2008, W.C.A. Wijngaards wrote: > Hi Dmitriy, > > added chmod o-rw (files) to unbound-control-setup. _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
