bind9: can not write into cache directory

Automatically imported from Debian bug report #316241 http://bugs.debian.org/316241

Message-Id: <email address hidden>
Date: Wed, 29 Jun 2005 17:10:48 +0200
From: Martin Strauss <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: bind9: can not write into cache directory

Package: bind9
Version: 1:9.2.4-1
Severity: grave
Justification: renders package unusable

the default cache directory has wrong access rights
-> named can not write cached informations (as secodary for example)
the problem can solved easily by :
chown bind.bind /var/cache/bind

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages bind9 depends on:
ii adduser 3.63 Add and remove users and groups
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libdns16 1:9.2.4-1 DNS Shared Library used by BIND
ii libisc7 1:9.2.4-1 ISC Shared Library used by BIND
ii libisccc0 1:9.2.4-1 Command Channel Library used by BI
ii libisccfg0 1:9.2.4-1 Config File Handling Library used
ii liblwres1 1:9.2.4-1 Lightweight Resolver Library used
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii netbase 4.21 Basic TCP/IP networking system

-- no debconf information

Message-ID: <email address hidden>
Date: Fri, 5 Aug 2005 13:55:17 -0700
From: Blars Blarson <email address hidden>
To: <email address hidden>
Subject: ok permissions on install

Group bind has write permission to /var/cache/bind after a new install
of bind9. This is only an issue for upgrades.

--
Blars Blarson <email address hidden>
    http://www.blars.org/blars.html
With Microsoft, failure is not an option. It is a standard feature.

I checked, Warty's version and onward do it already right.

Message-ID: <email address hidden>
Date: Thu, 8 Sep 2005 22:25:31 +1000 (EST)
From: <email address hidden>
To: <email address hidden>
Subject: Looks like it has been fixed

Looks like this bug has been fixed? Upgraded from 9.2.1-2.woody.2 to
9.2.4-1 with no problems with permissions on /var/cache/bind.

The "named" binary in bind9 9.2.1-2.woody.2 runs as the user root whereas
"named" runs as the user bind in 9.2.4-1, but the posinst script takes
care of changing the permissions of the /var/cache/bind directory.

Message-Id: <email address hidden>
Date: Tue, 1 Nov 2005 13:47:01 +0100
From: Adrian von Bidder <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: /var/cache/bind permissions

--nextPart1276587.ccdLSfpC4l
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Yo!

I can't really see how this can happen at all - bind9's postinst will=20
"always" ("$1" =3D=3D "configure" and "$uid" =3D=3D 0 which should always b=
e the=20
case in the post-installation script - why is the latter check there at=20
all?) set /var/cache/bind to root:bind and g+rw. =20

Can you (Martin Strauss) reproduce this?

cheers
=2D- vbi

=2D-=20
Could this mail be a fake? (Answer: No! - http://fortytwo.ch/gpg/intro)

--nextPart1276587.ccdLSfpC4l
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

iKcEABECAGcFAkNnY8tgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fWhe4An1LJlQ20jGfn4T7I8Ostjc4o
u7LGAJ9ZUv3oS8M6mPBR0EQTML5JWtPUdw==
=tn2x
-----END PGP SIGNATURE-----

--nextPart1276587.ccdLSfpC4l--

Message-ID: <email address hidden>
Date: Sat, 5 Nov 2005 18:56:58 -0800
From: Don Armstrong <email address hidden>
To: <email address hidden>
Subject: Ownership problem appears to be unreproduceable; downgrading and tagging

--0rSojgWGcpz+ezC3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

severity 316241 important
tag 316241 unreproducible
thanks

As:

uid=3D$(ls -ln /etc/bind/rndc.key | awk '{print $3}')
if [ "$uid" =3D "0" ]; then
    [ -n "$localconf" ] || chown bind /etc/bind/rndc.key
    chgrp bind /etc/bind
    chmod g+s /etc/bind
    chgrp bind /etc/bind/rndc.key /var/run/bind/run /var/cache/bind
    chgrp bind /etc/bind/named.conf*
    chmod g+r /etc/bind/rndc.key /etc/bind/named.conf*
    chmod g+rwx /var/run/bind/run /var/cache/bind
fi

should be taking care of this problem, I'm downgrading and tagging
unreproducible.

Don Armstrong

--=20
Do not handicap your children by making their lives easy.
 -- Robert Heinlein _Time Enough For Love_ p251

http://www.donarmstrong.com http://rzlab.ucr.edu

--0rSojgWGcpz+ezC3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDbXD6gcCJIoCND9ARAlKJAKCSGqKp9a50qddjtyPOxFnUmqna0ACgivY5
mJNsyYu6//jC2yeZoiOPLik=
=A7ij
-----END PGP SIGNATURE-----

--0rSojgWGcpz+ezC3--