tags 694947 +moreinfo
thank you
Hi Paul,
On Sun, Dec 2, 2012 at 3:30 PM, Paul Witt <paul.w...@oxix.org> wrote:
> Package: bind9
> Version: 1:9.7.3.dfsg-1~squeeze8
> Severity: normal
>
>
> After a recent bind9 security upgrade (and probably after previous
> upgrades too), our config management system reported that
> /etc/bind/named.conf.local had had its group owner changed from
> the one we'd configured to the group "bind". Presumably it was
> the package upgrade that caused this.
I have just tried the upgrade in clean pbuilder and the changed
permissions were kept during the upgrade.
The chgrp happens only on a condition where rndc.key has root as an
owner (which I presume is to detect first installation) and only in
that case the inital permissions are setup. See the snipet from
postinst script:
uid=$(ls -ln /etc/bind/rndc.key | awk '{print $3}')
if [ "$uid" = "0" ]; then
[ -n "$localconf" ] || chown bind /etc/bind/rndc.key
chgrp bind /etc/bind
chmod g+s /etc/bind
chgrp bind /etc/bind/rndc.key /var/run/named /var/cache/bind
chgrp bind /etc/bind/named.conf* || true
chmod g+r /etc/bind/rndc.key /etc/bind/named.conf* || true
chmod g+rwx /var/run/named /var/cache/bind
fi
Is there a change that your rndc key was owned by the root user?
Ondrej
--
Ondřej Surý <ond...@sury.org>
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
