On 26/05/16 17:30, jpff via Unbound-users wrote: Hi John,
> I installed unbound yesterday and I thought I followed the instructions > but I have two problems > > 1: if I have > auto-trust-anchor-file: "/etc/unbound/root.key" > in the conf file I see > [1464193283] unbound[14683:0] error: could not open autotrust file for > writing, > /root.key.14683-0: Permission denied > [1464195262] unbound[14958:0] notice: init module 0: validator > [1464195262] unbound[14958:0] notice: init module 1: iterator > [1464195263] unbound[14958:0] info: start of service (unbound 1.4.17). > [1464195266] unbound[14958:0] error: could not open autotrust file for > writing, > /root.key.14958-0: Permission denied > [1464236233] unbound[14958:0] error: could not open autotrust file for > writing, > /root.key.14958-0: Permission denied > > in the log file. I have tried both 644 with owner root and unbound to > the same effect. What permissions do I need? Setting permissions on the file isn't enough. Unbound updates this file by writing out a temporary one with new content and then renaming it. Since Unbound switches to the "unbound" user after starting up, the "unbound" user needs write access to the _directory_ where this file is, ie. /etc/unbound. IMHO, the man page for unbound.conf is misleading. It says that "the unbound user must have write permission", and this makes a user think that only the file needs to be writable, when in fact, the directory also needs to be writable by the unbound user. Regards, Anand
