[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Anyone else get this error?
- Subject: Re: [cobalt-security] Anyone else get this error?
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sun, 29 Dec 2002 21:14:06 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> interesting... I an not getting this error on my windows dns servers.
It's one of the bogosities of the RaQs:
Usually the zone file is updated automatically by bind - if that file is
outdated.
However, the zone files (including /etc/named/db.cache - which is the "hints"
file) are owned by user "root". A while Sun Cobalt got wise and no longer
runs the named process as user root, but user named instead, which is more
secure.
However, the zone files (and anything in /etc/named) are still owned by user
root, so the named process cannot update any of those files. Likewise all
zone transfers initiated by the RaQ will fail.
Quick fix (as user root):
chown -R named:named /etc/named/
The Solarspeed.net bind-8.3.3-2.pkg and bind-8.3.4.pkg fix this permission
issue upon installation. But of course only for record files (and db.cache)
which are present at the time of the install of the PKG file.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer