> On Jan 21, 2019, at 7:53 PM, Mark Andrews <ma...@isc.org> wrote: > >> On 22 Jan 2019, at 2:53 am, Dan Langille <d...@langille.org> wrote: >> >> I'm running bind911-9.11.5P1_2 on FreeBSD 11.2-RELEASE-p8 >> >> bind is running fine, except for the statistics file, which gets created >> with root:bind vs bind:bind and I do not know why. >> >> named runs as the user bind: >> >> $ ps auwwx | grep named >> bind 79879 0.0 0.1 69028 47120 - IsJ 21:18 2:35.88 >> /usr/local/sbin/named -u bind -c /usr/local/etc/namedb/named.conf >> >> The configuration setting point to the right location: >> >> $ grep stat /usr/local/etc/namedb/named.conf >> statistics-file "/var/run/named/stats"; >> zone-statistics yes; >> >> The permissions of a running / working configuration: >> >> $ ls -l /var/run/named >> total 20 >> -rw-r--r-- 1 bind bind 6 Jan 21 15:16 pid >> -rw------- 1 bind bind 102 Jan 21 15:16 session.key >> -rw-r--r-- 1 bind bind 9461 Jan 21 15:45 stats >> >> $ ls -ld /var/run/named >> drwxr-xr-x 2 bind bind 5 Jan 21 15:20 /var/run/named >> >> When named first creates this file, it is created chown root:bind and >> statistics fails: >> >> 20-Jan-2019 16:30:22.356 received control channel command 'stats' >> 20-Jan-2019 16:30:22.356 could not open statistics dump file >> '/var/run/named/stats': permission denied >> 20-Jan-2019 16:30:22.356 dumpstats failed: permission denied >> >> A quick 'chown bind /var/run/named/stats' fixes that and everything proceeds >> fine. >> >> 1 - Why does named create this file as root:bind not bind:bind? > > Named opens the file with the permissions of the user it is running as. I > would be looking > for a external program that is creating the file as part of log rotation.
There is no log rotation for this. That was something I eliminated when this issue first came to light. Since your reply, I realized that snmpd is invoking 'rndc stats'. Now I know where to make adjustments so the permissions issue does not arise. > >> Looking at the logs, this file is updated every five minutes. The >> documentation says: >> >> "The pathname of the file the server appends statistics to when instructed >> to do so using rndc stats." >> >> named seems to be doing this automatically, as opposed to an external >> cronjob created by myself. > > Please LOOK at the log messages that you cut and pasted. They indicate that > named received a > 'rndc stats' command. Yes, yes, they do. My novice eyes did not equate 'control channel command' with rndc. That, combined with not knowing/realizing that rndc was being invoked by snmpd had me wondering how this was being done. Thank you. -- Dan Langille - BSDCan / PGCon d...@langille.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
