Re: statistics file initially created with incorrect permissions

Mon, 21 Jan 2019 16:54:36 -0800 


> On 22 Jan 2019, at 2:53 am, Dan Langille <d...@langille.org> wrote:
> 
> I'm running bind911-9.11.5P1_2 on FreeBSD 11.2-RELEASE-p8
> 
> bind is running fine, except for the statistics file, which gets created with 
> root:bind vs bind:bind and I do not know why.
> 
> named runs as the user bind:
> 
> $ ps auwwx | grep named
> bind    79879  0.0  0.1 69028 47120  -  IsJ  21:18   2:35.88 
> /usr/local/sbin/named -u bind -c /usr/local/etc/namedb/named.conf
> 
> The configuration setting point to the right location:
> 
> $ grep stat /usr/local/etc/namedb/named.conf
>       statistics-file "/var/run/named/stats";
>       zone-statistics yes;
> 
> The permissions of a running / working configuration:
> 
> $ ls -l /var/run/named
> total 20
> -rw-r--r--  1 bind  bind     6 Jan 21 15:16 pid
> -rw-------  1 bind  bind   102 Jan 21 15:16 session.key
> -rw-r--r--  1 bind  bind  9461 Jan 21 15:45 stats
> 
> $ ls -ld /var/run/named
> drwxr-xr-x  2 bind  bind  5 Jan 21 15:20 /var/run/named
> 
> When named first creates this file, it is created chown root:bind and 
> statistics fails:
> 
> 20-Jan-2019 16:30:22.356 received control channel command 'stats'
> 20-Jan-2019 16:30:22.356 could not open statistics dump file 
> '/var/run/named/stats': permission denied
> 20-Jan-2019 16:30:22.356 dumpstats failed: permission denied
> 
> A quick 'chown bind /var/run/named/stats' fixes that and everything proceeds 
> fine.
> 
> 1 - Why does named create this file as root:bind not bind:bind?

Named opens the file with the permissions of the user it is running as.  I 
would be looking
for a external program that is creating the file as part of log rotation.

> Looking at the logs, this file is updated every five minutes.  The 
> documentation says:
> 
> "The pathname of the file the server appends statistics to when instructed to 
> do so using rndc stats."
> 
> named seems to be doing this automatically, as opposed to an external cronjob 
> created by myself.

Please LOOK at the log messages that you cut and pasted.  They indicate that 
named received a
'rndc stats' command.

> 2 - Is the documentation misleading in this regard?

No.

> Thank you.
> 
> --
> Dan Langille - BSDCan / PGCon
> d...@langille.org
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to