On 28/03/2019 14:40, Gasoo wrote: Hi Stephan,
> Mar 25 16:41:56 dnsserver named[1348]: unable to set effective uid to 0: > Operation not permitted [snip] > Why does named want to set the uid of itself back to 0? > Has anyone seen this as well? I'm not sure why it's doing that, but I think I know the reason for this error message. The release notes of 9.14.0 say that on Linux, BIND uses libcap to set certain privileges. However, if the /usr/sbin/named binary is not marked as being able to use privileges, then it won't be able to set certain privileges. There are 2 possible options: 1. The simple one is to configure BIND with the "--disable-linux-caps" option. The notes say that this comes at the cost of some security, but it's not clear what the risks are. 2. In your SPEC file, you could mark the /usr/sbin/named binary specially, so that it can use linux capabilities. For example, in the %files section, you'd do something like: %caps(cap_net_raw=ep) /path/to/named But I still don't actually know what capabilities need to be set. The above is just an example. Perhaps one of the BIND developers can shed some light here. Later when I have some time, I'm going to try and do some process tracing to figure it out as well. Regards, Anand Buddhdev RIPE NCC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
