[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RE: was Anyone else get this error? [couldn't create pid file] **SOLVED**
- Subject: [cobalt-security] RE: was Anyone else get this error? [couldn't create pid file] **SOLVED**
- From: "Matt Brown" <matt@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 30 Dec 2002 02:31:13 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>Dec 29 11:53:09 www named[512]: couldn't create pid file
>'/var/run/named.pid'
Ok, the reason this occurs is:
When cobalt issued their pkg/patch/fix for bind/named a while back, a user
and group called named was created.
This in turn now runs bind/named as user named as opposed to root, which is
more secure. Nothing wrong in that but named can't create the .pid file in
/var/run as /var/run is owned by root.
So here is what I did .....
(This has only been tested only on a RaQ4i and worked fine, use this info at
your own risk)
Open a SSH/Telnet session to your RaQ4i.
$ su - root
$ cd /var
$ mkdir named
$ chown named.named
# Now we have somewhere (/var/named) that user named can create his .pid
file
#
# Now we would need to edit /etc/named.conf to add the line:
# pid-file "/var/named/named.pid"
# But because the /usr/admserv/cgi-bin/.cobalt/dns/index.cgi file re-creates
# /etc/named.conf each time a domain is added via the GUI/Admin Interface,
# the contents of /etc/named.conf get overwritten and so you are back to
square one !
# The way to fix this is, is as so:
$ cd /usr/admserv/cgi-bin/.cobalt/dns/
$ cp index.cgi index.bak
$ vi index.cgi
# Then find the section that looks like this:
if ($axs )
{
print NAMEDCONF "\tallow-transfer { $axs; };\n";
}
# directly under the last curly bracket, add this line:
print NAMEDCONF "\tpid-file \"/var/named/named.pid\";\n";
# Save and close index.cgi ( :wq )
# Next we need to refresh the named.conf automatically the cobalt way
$ /usr/admserv/cgi-bin/.cobalt/dns/index.cgi
# If all goes well, you should see the message:
[DNS Configuration updated]
That's it, your done !
Your nameserver should have reloaded automatically, if not ....
/etc.rc.d/init.d/named reload
*N.B* Remember as with all cobalt updates (generally) they have a habit of
resetting/overwriting/updating certain files, Make backups of all files
before editing, and keep a copy safe for future cobalt overwrites so you can
add the fix back in (unless the fix fixes it).
I hope this fix helps someone else.
Regards
Matt Brown
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.434 / Virus Database: 243 - Release Date: 25/12/2002