At 08:54 AM 3/21/2008, Martin McCormick wrote:
I think I fixed it but I am not sure I would have
figured it out quickly without the help from the list.
It seems that FreeBSD defaults to a chroot of bind with
the tree owned by root. You can run bind in a sandbox as the
documentation says and have it chroot but if you do, and heres's
the confusion, you had better disable FreeBSD's attempt to make
sure the /var/named tree is always owned by root which would be
fine if named ran as root.
When you run it in a sandbox with a lower-priority UID,
you must make sure that at least one more little line appears in
rc.conf.local.
named_chrootdir="" # Chroot directory (or "" not to auto-chroot it)
That's the key right there. If you use lines from rc.conf.local
from an older system such as pre-FreeBSD5, you don't need that
line and things work fine. If you don't have it on a FreeBSD5 or
newer system,
/etc/defaults/rc.conf supplies the default version of that line
which reads:
named_chrootdir="/var/named" # Chroot directory (or "" not to
auto-chroot it)
and one is seriously messed up from there on during the booting
process.
I was confused and thought this would all help me keep
ownership of /var/named belonging to bind when, in fact, it does
just the opposite.
Yes it is confusing. It is more confusing if you upgrade as the chroot'ing
behavior wasn't the default behavior in older versions. So often an
upgraded system won't run named until you fix these settings.
-Derek
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
