Best, Justin (Contractor)(DAPS) on 18 Dec 2003 11:48:02 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] changing permissions for libraries in a named chroot


Not sure what would be changing the permissions but a workaround would be to
chattr +i the files which would not allow any user to change them without
setting -i on the files which requires root access. 


-----Original Message-----
From: sean finney [mailto:seanius@seanius.net] 
Sent: Thursday, December 18, 2003 11:37 AM
To: plug
Subject: [PLUG] changing permissions for libraries in a named chroot

hey guys,

i'm completely stupefied on this one.

i have a server running bind 8 in a chroot jail.  it's the master for
a few zones and slave to a few more.  every now and then, it breaks
for its slave zones, with the following message in the logs:

18-Dec-2003 11:20:29.004 default: error: can't exec /bin/named-xfer:
Permission denied

the problem ended up being that the permissions on the libraries in the
chroot weren't set with the execute bit, which was apparently necessary.
so when a master zone for our slave changed their dns records, we
couldn't transfer the new record, and as soon as the old record expired,
our server would _completely drop the zone_, answering authorative "does
not exist" for every name in the zone!

so i chmod a+x'd all the libraries, restarted named, and everything
started working again.  however, about a month later[1] the problem came
back.  same fix, and it worked again.  and now, it happened again.  i
have no idea what could be changing these permissions on me.  the system
does not have any startup scripts, cron jobs, or at jobs that call chmod
on those files.  does named/named-xfer do something under the hood 
to these files?

has this happened to anyone else?


thanks for any insight,
	sean

[1] that was the next time the symptoms arose, which only happens after
    the permissions have changed _and_ a master updates their zone info
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug