Hi, I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a strange "bug" in BIND 9.6.0-P1.
Exact same config for 9.4.3 and 9.6.0-P1, only added "new" to files that are written to (namednew.log, confignew.log and namednew.pid). OS: Solaris 10. Using: pid-file "/var/run/named/namednew.pid"; .. result in the following: namednew.log: 26-Jan-2009 08:14:22.723 general: couldn't mkdir /var/run/named/namednew.pid': Permission denied 26-Jan-2009 08:14:22.728 general: exiting (due to early fatal error) BIND 9.6.0-P1 truss.out: --CUT-- 25123/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) = 0 25123/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) = 9 25123/65: fcntl(9, F_GETFL) = 8320 25123/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) = 0 25123/65: setgid(21) = 0 25123/65: setuid(21) = 0 25123/65: access(".", W_OK) = 0 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10 25123/65: lseek(10, 0, SEEK_END) = 332 25123/65: close(10) = 0 25123/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10 25123/65: lseek(10, 0, SEEK_END) = 0 25123/65: close(10) = 0 25123/65: mkdir("/var/run/named", 0755) Err#13 EACCES [ALL] 25123/65: stat("/var/log/namednew.log", 0xFFFFFFFF79D0F3C0) = 0 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10 25123/65: lseek(10, 0, SEEK_END) = 332 25123/65: fstat(10, 0xFFFFFFFF79D0E540) = 0 25123/65: fstat(10, 0xFFFFFFFF79D0E410) = 0 25123/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E47C) Err#25 ENOTTY 25123/65: write(10, 0x10502E754, 97) = 97 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 3 g e n e r a l 25123/65: : c o u l d n ' t m k d i r / v a r / r u n / n a m e d / 25123/65: n a m e d n e w . p i d ' : P e r m i s s i o n d e n i e d 25123/65: \n 25123/65: write(10, 0x10502E754, 69) = 69 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 8 g e n e r a l 25123/65: : e x i t i n g ( d u e t o e a r l y f a t a l e r 25123/65: r o r )\n 25123/65: _exit(1) It fails because it tries to just create the /var/run/named directory instead of cheking if the directory exist and if it can write to it. ns12(root) named 515# ls -la /var/run/named total 40 drwxr-s--- 4 named named 307 Jan 26 06:51 ./ drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ../ -rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid So /var/run/named exists and is fully writable by user named. User "named" should of course not be able to crate diretories below "/var/run". Especially since many other things on Solaris 10 uses that directory also. If I use: pid-file "/var/run/named/named/namednew.pid"; ... everything works fine, since it now can run mkdir without getting "EACCES". Instead it gets "EEXIST" and is OK with that. BIND 9.6.0-P1 truss.out: --CUT-- 25404/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) = 0 25404/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) = 9 25404/65: fcntl(9, F_GETFL) = 8320 25404/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) = 0 25404/65: setgid(21) = 0 25404/65: setuid(21) = 0 25404/65: access(".", W_OK) = 0 25404/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10 25404/65: lseek(10, 0, SEEK_END) = 498 25404/65: close(10) = 0 25404/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10 25404/65: lseek(10, 0, SEEK_END) = 0 25404/65: close(10) = 0 25404/65: mkdir("/var/run/named/named", 0755) Err#17 EEXIST 25404/65: stat("/var/run/named/named/namednew.pid", 0xFFFFFFFF79D0F980) Err#2 ENOENT 25404/65: unlink("/var/run/named/named/namednew.pid") Err#2 ENOENT 25404/65: open("/var/run/named/named/namednew.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 10 25404/65: fcntl(10, F_GETFD, 0x000001A4) = 0 25404/65: getpid() = 25404 [25403] 25404/65: fstat(10, 0xFFFFFFFF79D0E9D0) = 0 25404/65: fstat(10, 0xFFFFFFFF79D0E8A0) = 0 25404/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E90C) Err#25 ENOTTY 25404/65: write(10, " 2 5 4 0 4\n", 6) = 6 25404/65: close(10) = 0 --CUT-- Trussing 9.4.3 I see that it does it differently: --CUT-- 25730/10: access(".", W_OK) = 0 25730/10: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10 25730/10: lseek(10, 0, SEEK_END) = 2625 25730/10: close(10) = 0 25730/10: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10 25730/10: lseek(10, 0, SEEK_END) = 0 25730/10: close(10) = 0 25730/10: stat("/var/run/named/namednew.pid", 0xFFFFFFFF7D90F660) Err#2 ENOENT 25730/10: unlink("/var/run/named/namednew.pid") Err#2 ENOENT 25730/10: open("/var/run/named/namednew.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 10 25730/10: fcntl(10, F_GETFD, 0x000001A4) = 0 25730/10: getpid() = 25730 [25729] 25730/10: fstat(10, 0xFFFFFFFF7D90E6B0) = 0 25730/10: fstat(10, 0xFFFFFFFF7D90E580) = 0 25730/10: ioctl(10, TCGETA, 0xFFFFFFFF7D90E5EC) Err#25 ENOTTY 25730/10: write(10, " 2 5 7 3 0\n", 6) = 6 --CUT-- It seems that someone has "shorted" the code to create and/or check the pid-file. Maybe that "shortcut" will work on Linux, but it for sure does not work on Solaris 10. Having to use .../named/named/... in the pid-file option is of course possible, but I guess that it is not the way it is supposed to be...(?)... Help? Ideas? Regards Jan Arild Lindstrøm _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users