Package: bind9
Version: 1:9.5.1.dfsg.P2-1+lenny1
After doing a security update, rndc did not work any more. I
investigated and found #169577. A bit of investigation on my system
revealed that:
* named was running as root
* /etc/bind/rndc.key was 640 bind.bind
* /etc/default/bind9 OPTIONS was empty
* named complained in daemon.log at startup:
none:0: open: /etc/bind/rndc.key: permission denied
couldn't add command channel 127.0.0.1#953: permission denied
Guessing slightly and going by the comments in #169577, I changed
/etc/default/bind9 to say
OPTIONS="-u bind"
and restarted bind9. That worked.
I think /etc/init.d/bind9 should be changed to automatically add
`-u bind' to named's options unless
(a) some other -u option is already there
OR
(b) a new NAMED_USER option is not set to root
Something like
+NAMED_USER=bind
...
test -f /etc/default/bind9 && . /etc/default/bind9
...
+case " $OPTIONS" in
+*' -u'*) ;;
+*) if [ "x$NAMED_USER" != xroot ]; then
+ OPTIONS="-u $NAMED_USER"
+ fi
+ ;;
+esac
NB I haven't tested this.
Ian.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]