tags 694947 +moreinfo thank you Hi Paul,
On Sun, Dec 2, 2012 at 3:30 PM, Paul Witt <paul.w...@oxix.org> wrote: > Package: bind9 > Version: 1:9.7.3.dfsg-1~squeeze8 > Severity: normal > > > After a recent bind9 security upgrade (and probably after previous > upgrades too), our config management system reported that > /etc/bind/named.conf.local had had its group owner changed from > the one we'd configured to the group "bind". Presumably it was > the package upgrade that caused this. I have just tried the upgrade in clean pbuilder and the changed permissions were kept during the upgrade. The chgrp happens only on a condition where rndc.key has root as an owner (which I presume is to detect first installation) and only in that case the inital permissions are setup. See the snipet from postinst script: uid=$(ls -ln /etc/bind/rndc.key | awk '{print $3}') if [ "$uid" = "0" ]; then [ -n "$localconf" ] || chown bind /etc/bind/rndc.key chgrp bind /etc/bind chmod g+s /etc/bind chgrp bind /etc/bind/rndc.key /var/run/named /var/cache/bind chgrp bind /etc/bind/named.conf* || true chmod g+r /etc/bind/rndc.key /etc/bind/named.conf* || true chmod g+rwx /var/run/named /var/cache/bind fi Is there a change that your rndc key was owned by the root user? Ondrej -- Ondřej Surý <ond...@sury.org> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org