Your message dated Sat, 6 Dec 2008 23:05:17 +0900
with message-id <[EMAIL PROTECTED]>
and subject line bind9 has its own chroot feature, now
has caused the Debian Bug report #183907,
regarding change /etc/init.d/bind9 for chroot
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
183907: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183907
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: bind9
Version: 1:9.2.2-1
Severity: wishlist
Tags: patch
Dear bind9 maintainer,
in README.Debian.gz(not README.Debian?), about run chrooted bind9
to see Chroot-BIND-HOWTO. I saw that HOWTO(translated to Japanese
version), and change bind9 init script for chroot. It makes easy
to use chroot, I think.
with this, change SYSLOG configuration(in /etc/init.d/sysklogd) a litte,
---------------------------------------------------
SYSLOGD="-a /var/lib/bind/dev/log"
---------------------------------------------------
restart bind9 and sysklogd ... chrooted bind9 would be come.
--- /etc/init.d/bind9 Wed Mar 5 14:54:40 2003
+++ ./bind9 Sat Mar 8 14:33:17 2003
@@ -2,12 +2,29 @@
PATH=/sbin:/bin:/usr/sbin:/usr/bin
-# for a chrooted server: "-u bind -t /var/lib/named"
-# Don't modify this line, change or create /etc/default/bind9.
-OPTIONS=""
+# 2003/01/12 add comment
+# by Hideki Yamane <[EMAIL PROTECTED]>
+#
+# for a chrooted server, please set /etc/default/bind9 like this.
+# OPTIONS="-u bind -t /var/lib/bind"
+#
test -f /etc/default/bind9 && . /etc/default/bind9
+if [ -f /etc/default/bind9 ]; then
+ i=1;
+ option=`echo "$OPTIONS" | cut -d' ' -f $i`
+ i=`expr $i + 1`
+
+ until [ $option = "-t" ]; do
+ option=`echo "$OPTIONS" | cut -d' ' -f $i`
+ i=`expr $i + 1`
+ CHROOTED_DIR=`echo $OPTIONS | cut -d' ' -f $i`
+ done
+
+fi
+
+
test -x /usr/sbin/rndc || exit 0
case "$1" in
@@ -23,8 +40,58 @@
echo "named binary missing - not starting"
exit 1
fi
+
+
+ if [ ! $CHROOTED_DIR = "" ];then
+
+ # Make sure that the chroot environment is set up correctly.
+ oldumask=$(umask)
+ umask 022
+
+ [ -d $CHROOTED_DIR ]|| mkdir -p $CHROOTED_DIR/dev && cd $CHROOTED_DIR
+ if [ -f dev/log ]; then
+ echo "" ;echo "$CHROOTED_DIR/dev/log device file was not found.\
+ please check /etc/init.d/sysklogd file."; exit 0
+ fi
+
+ # setup etc dir & files
+ ETCFILES="etc/localtime `/bin/ls /etc/bind/*|sed -e s%^/%%`"
+ for file in $ETCFILES
+ do
+ [ -d ${file%/*} ] || mkdir -p ${file%/*}
+ if [ -f /${file} ]; then cp /${file} ${file}; fi
+ done
+
+ ZONEINFO=`file -b /etc/localtime|cut -d' ' -f4`
+ tar cf - $ZONEINFO 2>/dev/null | tar xf -
+
+ # setup dev dir & files
+ cp -a /dev/{null,random,log} dev/
+
+ # setup var dir & files
+ [ -d var/cache/bind ] || mkdir -p var/cache/bind
+ [ -d var/run/bind/run ] || mkdir -p var/run/bind/run
+
+ SLAVEFILES=`/bin/ls /var/cache/bind/* 2>/dev/null|sed -e s%^/%%`
+ if [ -f SLAVEFILES ]; then
+ cp -af var/cache/bind/* /var/cache/bind/
+ for file in $SLAVEFILES; do
+ [ -d ${file%/*} ] || mkdir -p ${file%/*}
+ if [ -f /${file} ]; then cp /${file} ${file}; fi
+ done
+ fi
+
+ # restrict chroot dir access
+ for DIR in "./"; do
+ [ -d $DIR ] && chown -R bind:bind $DIR >/dev/null 2>&1
+ done
+
+ chmod -R o-rwx ./
+
+ fi
+
start-stop-daemon --start --quiet --exec /usr/sbin/named \
- --pidfile /var/run/bind/run/named.pid -- $OPTIONS
+ --pidfile $CHROOTED_DIR/var/run/bind/run/named.pid -- $OPTIONS
echo "."
;;
best regards,
Hideki Yamane mailto:[EMAIL PROTECTED]
Samba Users Group Japan http://www.samba.gr.jp
--- End Message ---
--- Begin Message ---
bind9 has its own chroot feature now, so I'll close this bug.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
--- End Message ---
