On Thu, May 8, 2008 at 4:33 PM, Ralf S. Engelschall <[EMAIL PROTECTED]> wrote: > On Thu, May 08, 2008, Alain Spineux wrote: > > > > I found this too, this solve the chown(), but not the bind() ! > > > For the bind I simply did a > > > # chmod g+w /kolab/var/bind > > > > > > Then only two small thing tho change until the BIND developer team > react :-) > > > > I didn't get any answer from bind's Team until now, except the ACK. > > Do you plan to fix this in you package ? > > > > > > > Index: bin/named/unix/os.c > > > > --- bin/named/unix/os.c.orig 2006-02-04 00:51:38 +0100 > > > > +++ bin/named/unix/os.c 2008-05-02 17:25:33 +0200 > > > > @@ -212,6 +212,11 @@ > > > > caps |= (1 << CAP_SETGID); > > > > > > > > /* > > > > + * Since we call chown, we need this. > > > > + */ > > > > + caps |= (1 << CAP_CHOWN); > > > > + > > > > + /* > > > > * Without this, we run into problems reading a configuration > file > > > > * owned by a non-root user and non-world-readable on startup. > > > > */ > > I thought the CAP_CHOWN patch was not sufficient to also solve your > bind(2) problem. So if I apply this fix we would not gain a final > solution, right? But if you can confirm that applying my CAP_CHOWN patch > is sufficient I'm happy to include it into the OpenPKG "bind" package, > of course.
Be happy :-) The CAP_CHOWN patch _and_ a "chmod g+w /kolab/var/bind" solved the problem. You have to estimate the chmod effect on the security! Regards. > > > > Ralf S. Engelschall > [EMAIL PROTECTED] > www.engelschall.com > > ______________________________________________________________________ > OpenPKG http://openpkg.org > User Communication List openpkg-users@openpkg.org > -- Alain Spineux aspineux gmail com May the sources be with you ______________________________________________________________________ OpenPKG http://openpkg.org User Communication List openpkg-users@openpkg.org
