[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Anyone else get this error?

Subject: Re: [cobalt-security] Anyone else get this error?
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Sun, 29 Dec 2002 21:14:06 +0100
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> interesting... I an not getting this error on my windows dns servers.

It's one of the bogosities of the RaQs:

Usually the zone file is updated automatically by bind - if that file is 
outdated.

However, the zone files (including /etc/named/db.cache - which is the "hints" 
file) are owned by user "root". A while Sun Cobalt got wise and no longer 
runs the named process as user root, but user named instead, which is more 
secure. 

However, the zone files (and anything in /etc/named) are still owned by user 
root, so the named process cannot update any of those files. Likewise all 
zone transfers initiated by the RaQ will fail.

Quick fix (as user root):

chown -R named:named /etc/named/

The Solarspeed.net bind-8.3.3-2.pkg and bind-8.3.4.pkg fix this permission 
issue upon installation. But of course only for record files (and db.cache) 
which are present at the time of the install of the PKG file.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

Follow-Ups:
- Re: [cobalt-security] Anyone else get this error?
  - From: paul jacobs
- Re: [cobalt-security] Anyone else get this error?
  - From: Todd W

References:
- [cobalt-security] Anyone else get this error?
  - From: paul jacobs
- RE: [cobalt-security] Anyone else get this error?
  - From: paul jacobs

Prev by Date: [cobalt-security] Speed test
Next by Date: Re: [cobalt-security] Speed test
Previous by thread: RE: [cobalt-security] Anyone else get this error?
Next by thread: Re: [cobalt-security] Anyone else get this error?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index