On Fri, May 02, 2008, Alain Spineux wrote: > On Fri, May 2, 2008 at 8:17 AM, Ralf S. Engelschall <[EMAIL PROTECTED]> wrote: > > On Fri, May 02, 2008, Alain Spineux wrote: > > > > > [...] > > > > > # /kolab/sbin/named -u kolab-r -g > > > [...] > > > > > controls { > > > unix "/kolab/var/bind/named.ctl" > > > perm 0600 owner 19415 group 19415 > > > keys { "rndc-key"; }; > > > #inet 127.0.0.1 port 953 > > > #allow { 127.0.0.1; } > > > #keys { "rndc-key"; }; > > > }; > > > [...] > > > > > > Any idea what's wrong ? > > > > Is UID 19415 really the "kolab-r" user? > > Yes :-) > > I looked further and found this is a "capability" problem, I removed > the two call to linux_setcaps in bind-9.4.2/bin/named/unix/os.c > and all (the "bind" and the "chown") the problems diapered. > > I thing this is a bind bug, not openpkg related ! > They should setup the correct capabilities for linux platform. > > Any comments ?
I would say: please file a bug report with the BIND developer team. If you in parallel could fine out what the _correct_ way is to initialize the Linux capability stuff, I'm also happy to include a patch into the "bind" package to fix this until a fixed new BIND version is released. But just removing the two calls I think might be too extreme. Can the _real_ problem be fixed: the reason why it actually breaks? I've not tested the following, but as a wild guess perhaps the following solves the problem: Index: bin/named/unix/os.c --- bin/named/unix/os.c.orig 2006-02-04 00:51:38 +0100 +++ bin/named/unix/os.c 2008-05-02 17:25:33 +0200 @@ -212,6 +212,11 @@ caps |= (1 << CAP_SETGID); /* + * Since we call chown, we need this. + */ + caps |= (1 << CAP_CHOWN); + + /* * Without this, we run into problems reading a configuration file * owned by a non-root user and non-world-readable on startup. */ Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ OpenPKG http://openpkg.org User Communication List openpkg-users@openpkg.org