Hi, For a couple of weeks, I've been getting strange alerts from my dnssec monitoring about RRSIG expiring too soon. After some investigating, I found that BIND was spitting out errors about permissions, and after some more investigating and adding a cronned script that spitted out the diff of the current and last mtree of my signed zones, I ended up seeing some signed zone files getting their modes changed from 644 to 600, and back to 644 on the next signing, so all in all, the errors were transcient (well, until the next resign, that is). Out of the 1842 zones currently in my ODS, only about 4 random ones have this problem. I also discovered that about the same number of random files in WorkingDirectory have 600, also, files that are not related to the zones files that have 600 mode.
I've browsed ODS's sources, and can't really figure out why it would happen, I can't see anywhere where umask is changed, or even where file modes are used to write to files... I'm wondering if it's something bleeding out of another thread running in softhsm, or ldns, or... I'm thinking about it that way because I don't think umask is thread safe, and thus, changing it, even briefly, in one thread would change it for the other too. -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
