On Sat, 7 Dec 2002 15:56, Rodrigo Moya wrote: > > That is what is wrong. BIND9 drops the capability cap_dac_override and > > thus can't create files in directories owned by a UID other than root > > unless they are mode 777. > > > > The solution is to have the directory owned by the same UID that is used > > for running the named process. > > ok, did that. So, what has changed, the user with which named is run? > Because I've had that working for months, and just started having those > messages recently.
As far as I was aware BIND9 always dropped capabilities. But maybe that wasn't always so and you had a version which didn't do it. Also maybe you previously had named running under a UID that had write access to the directory without dac_override. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page