Discussion:
named[749]: the working directory is not writable
joans4nz
2009-08-14 16:38:41 UTC
Permalink
Hi,

I am moving some physical machines in production to virtual machines. I
installed a virtual machine with FreeBSD-7.2 with default Bind and I reveive
the following message:

What is the working directory?

Is the bind user who must have write permission allowed?

Thanks for your time,

joans4nz.
Doug Barton
2009-08-14 18:58:19 UTC
Permalink
Post by joans4nz
Hi,
I am moving some physical machines in production to virtual machines. I
installed a virtual machine with FreeBSD-7.2 with default Bind and I
What is the working directory?
The directory that by default named dumps it's writable files into.
However on FreeBSD the default installation includes directories for
everything named needs to write with appropriate permissions already,
so you can ignore that message. Just check the examples in
/etc/namedb/named.conf.

Making that message go away (one way or another) is on my list, but
since it's basically harmless it's not a high priority.


hth,

Doug
Rick Dicaire
2009-08-14 19:46:48 UTC
Permalink
Post by Doug Barton
Post by joans4nz
What is the working directory?
Take a look at the ownership and perms on /var/named/etc/namedb/dump
Post by Doug Barton
Making that message go away (one way or another) is on my list, but
since it's basically harmless it's not a high priority.
It will be when you want to dump stats etc :)
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ardymusic.ogg.m3u
Doug Barton
2009-08-14 19:58:41 UTC
Permalink
Post by Rick Dicaire
Post by Doug Barton
Post by joans4nz
What is the working directory?
Take a look at the ownership and perms on /var/named/etc/namedb/dump
Post by Doug Barton
Making that message go away (one way or another) is on my list, but
since it's basically harmless it's not a high priority.
It will be when you want to dump stats etc :)
I did say "basically" harmless. :) Seriously though, we have passed
the 1-year anniversary of the following request to separate the idea
of "working directory" from "configuration directory"

https://lists.isc.org/pipermail/bind-users/2008-August/071912.html

The main problem with having the directory where named's configuration
files are stored writable by the named user is that if you get pwned
the bad guy can replace your named.conf with one of their own.

The FreeBSD base includes a _default_ configuration that is pretty
tight on purpose since it is designed to be "safe" for the average
non-expert DNS user to be able to start up a local system resolver
without having to worry about security. Users with more advanced needs
have the tools available to them to alter the default configuration as
they see fit.


hth,

Doug
joans4nz
2009-08-14 23:16:03 UTC
Permalink
Thanks for your answers Doug and Rick and please excuse my english.
joans4nz

Continue reading on narkive:
Loading...