Don Jackson wrote:
Today I began testing named on a freshly installed OpenBSD 4.4 amd64
machine, using my old named.conf file from 4.3 (which was still running
named version 9.4.2)
When the machine first boots after the install, /etc/rc determines there is
no rndc.key, and generates one:
rndc-confgen: generating new shared secret... done.
starting named
Here are the owner, group, and file modes of the two different copies of
rndc.key that are generated:
# ls -lAF /etc/rndc.key /var/named/etc/rndc.key
-rw------- 1 root wheel 77 Nov 11 12:24 /etc/rndc.key
-rw-r----- 1 root wheel 77 Nov 11 12:24 /var/named/etc/rndc.key
named only cares about the rndc.key in /var/named/etc
Looking at the logs: /var/log/daemon, one can see:
Nov 11 12:24:10 svn01 named[142]: none:0: open: /etc/rndc.key: permission
denied
Nov 11 12:24:10 svn01 named[142]: couldn't add command channel 127.0.0.1#953:
permission denied
Here is my workaround:
# chown root:named /var/named/etc/rndc.key
# ls -lAF /var/named/etc/rndc.key
-rw-r----- 1 root named 77 Nov 11 12:24 /var/named/etc/rndc.key
Should /etc/rc set the group ownership of /var/named/etc/rndc.key?
Comments?
Hi,
On my system this file is already owned by named:
# ls -al /etc/rndc.key
-rw------- 1 root wheel 77 Oct 7 22:47 /etc/rndc.key
# ls -al /var/named/etc/rndc.key
-rw-r----- 1 root named 77 Oct 7 22:47 /var/named/etc/rndc.key
# uname -a
OpenBSD puffy.localnet 4.4 GENERIC#1074 i386
HTH,
Stijn
