In message <200901260742.n0q7gjqn029...@mail46.nsc.no>, Jan Arild =?iso-8859-1?
Q?Lindstr=F8m?= writes:
>
> Hi,
>
> I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a =
>
> strange "bug" in BIND 9.6.0-P1.
>
> Exact same config for 9.4.3 and 9.6.0-P1, only added "new" to files that =
>
> are written to (namednew.log, confignew.log and namednew.pid).
>
> OS: Solaris 10.
>
> Using:
> pid-file "/var/run/named/namednew.pid";
>
> .. result in the following:
>
> namednew.log:
> 26-Jan-2009 08:14:22.723 general: couldn't mkdir /var/run/named/namednew.pi=
> d': Permission denied
> 26-Jan-2009 08:14:22.728 general: exiting (due to early fatal error)
The log message should say couldn't mkdir /var/run/named.
The wrong path is being logged.
You either need to create /var/run/named with appropriate
permissions so that named can write to it or change /var/run's
permissions so that named can create /var/run/named.
Named will continue if mkdir(/var/run/named) returns EEXISTS.
Mark
/*
* Make the containing directory if it doesn't exist.
*/
slash = strrchr(pidfile, '/');
if (slash != NULL && slash != pidfile) {
*slash = '\0';
mode = S_IRUSR | S_IWUSR | S_IXUSR; /* u=rwx */
mode |= S_IRGRP | S_IXGRP; /* g=rx */
mode |= S_IROTH | S_IXOTH; /* o=rx */
n = mkdir(pidfile, mode);
if (n == -1 && errno != EEXIST) {
isc__strerror(errno, strbuf, sizeof(strbuf));
(*report)("couldn't mkdir %s': %s", filename,
strbuf);
free(pidfile);
pidfile = NULL;
return;
}
*slash = '/';
}
> BIND 9.6.0-P1 truss.out:
> --CUT--
> 25123/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D 0
> 25123/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D 9
> 25123/65: fcntl(9, F_GETFL) =3D 8320
> 25123/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D 0
> 25123/65: setgid(21) =3D 0
> 25123/65: setuid(21) =3D 0
> 25123/65: access(".", W_OK) =3D 0
> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 06=
> 66) =3D 10
> 25123/65: lseek(10, 0, SEEK_END) =3D 332
> 25123/65: close(10) =3D 0
> 25123/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0=
> 666) =3D 10
> 25123/65: lseek(10, 0, SEEK_END) =3D 0
> 25123/65: close(10) =3D 0
> 25123/65: mkdir("/var/run/named", 0755) Err#13 EACC=
> ES [ALL]
> 25123/65: stat("/var/log/namednew.log", 0xFFFFFFFF79D0F3C0) =3D 0
> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 06=
> 66) =3D 10
> 25123/65: lseek(10, 0, SEEK_END) =3D 332
> 25123/65: fstat(10, 0xFFFFFFFF79D0E540) =3D 0
> 25123/65: fstat(10, 0xFFFFFFFF79D0E410) =3D 0
> 25123/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E47C) Err#25 ENOT=
> TY
> 25123/65: write(10, 0x10502E754, 97) =3D 97
> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 3 g e n =
> e r a l
> 25123/65: : c o u l d n ' t m k d i r / v a r / r u n / n a =
> m e d /
> 25123/65: n a m e d n e w . p i d ' : P e r m i s s i o n d e =
> n i e d
> 25123/65: \n
> 25123/65: write(10, 0x10502E754, 69) =3D 69
> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 8 g e n =
> e r a l
> 25123/65: : e x i t i n g ( d u e t o e a r l y f a t a =
> l e r
> 25123/65: r o r )\n
> 25123/65: _exit(1)
>
> It fails because it tries to just create the /var/run/named directory inste=
> ad
> of cheking if the directory exist and if it can write to it. =
>
>
> ns12(root) named 515# ls -la /var/run/named
> total 40
> drwxr-s--- 4 named named 307 Jan 26 06:51 ./
> drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ../
> -rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid
>
> So /var/run/named exists and is fully writable by user named.
>
> User "named" should of course not be able to crate diretories below
> "/var/run". Especially since many other things on Solaris 10 uses that
> directory also.
>
>
> If I use:
> pid-file "/var/run/named/named/namednew.pid";
>
> ... everything works fine, since it now can run mkdir without getting "EACC=
> ES". =
>
> Instead it gets "EEXIST" and is OK with that.
>
> BIND 9.6.0-P1 truss.out:
> --CUT--
> 25404/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D 0
> 25404/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D 9
> 25404/65: fcntl(9, F_GETFL) =3D 8320
> 25404/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D 0
> 25404/65: setgid(21) =3D 0
> 25404/65: setuid(21) =3D 0
> 25404/65: access(".", W_OK) =3D 0
> 25404/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 06=
> 66) =3D 10
> 25404/65: lseek(10, 0, SEEK_END) =3D 498
> 25404/65: close(10) =3D 0
> 25404/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0=
> 666) =3D 10
> 25404/65: lseek(10, 0, SEEK_END) =3D 0
> 25404/65: close(10) =3D 0
> 25404/65: mkdir("/var/run/named/named", 0755) Err#17 EEXI=
> ST
> 25404/65: stat("/var/run/named/named/namednew.pid", 0xFFFFFFFF79D0F98=
> 0) Err#2 ENOENT
> 25404/65: unlink("/var/run/named/named/namednew.pid") Err#2 ENOENT
> 25404/65: open("/var/run/named/named/namednew.pid", O_WRONLY|O_CREAT|=
> O_EXCL, 0644) =3D 10
> 25404/65: fcntl(10, F_GETFD, 0x000001A4) =3D 0
> 25404/65: getpid() =3D 25404 [=
> 25403]
> 25404/65: fstat(10, 0xFFFFFFFF79D0E9D0) =3D 0
> 25404/65: fstat(10, 0xFFFFFFFF79D0E8A0) =3D 0
> 25404/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E90C) Err#25 ENOT=
> TY
> 25404/65: write(10, " 2 5 4 0 4\n", 6) =3D 6
> 25404/65: close(10) =3D 0
> --CUT--
>
>
> Trussing 9.4.3 I see that it does it differently:
>
> --CUT--
> 25730/10: access(".", W_OK) =3D 0
> 25730/10: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 06=
> 66) =3D 10
> 25730/10: lseek(10, 0, SEEK_END) =3D 2625
> 25730/10: close(10) =3D 0
> 25730/10: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0=
> 666) =3D 10
> 25730/10: lseek(10, 0, SEEK_END) =3D 0
> 25730/10: close(10) =3D 0
> 25730/10: stat("/var/run/named/namednew.pid", 0xFFFFFFFF7D90F660) Err=
> #2 ENOENT
> 25730/10: unlink("/var/run/named/namednew.pid") Err#2 ENOENT
> 25730/10: open("/var/run/named/namednew.pid", O_WRONLY|O_CREAT|O_EXCL=
> , 0644) =3D 10
> 25730/10: fcntl(10, F_GETFD, 0x000001A4) =3D 0
> 25730/10: getpid() =3D 25730 [=
> 25729]
> 25730/10: fstat(10, 0xFFFFFFFF7D90E6B0) =3D 0
> 25730/10: fstat(10, 0xFFFFFFFF7D90E580) =3D 0
> 25730/10: ioctl(10, TCGETA, 0xFFFFFFFF7D90E5EC) Err#25 ENOT=
> TY
> 25730/10: write(10, " 2 5 7 3 0\n", 6) =3D 6
> --CUT--
>
>
> It seems that someone has "shorted" the code to create and/or check the pid=
> -file.
>
> Maybe that "shortcut" will work on Linux, but it for sure does not work on =
> Solaris 10.
>
> Having to use .../named/named/... in the pid-file option is of course possi=
> ble, but I =
>
> guess that it is not the way it is supposed to be...(?)...
>
> Help? Ideas?
>
> Regards
> Jan Arild Lindstr=F8m
>
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
