BIND 9.4.x vs 9.6.x - pid-file check and creation
Mark Andrews
Mark_Andrews at isc.org
Mon Jan 26 21:41:05 UTC 2009
In message <200901260955.n0Q9tnVm010781 at mail43.nsc.no>, Jan Arild =?iso-8859-1?
Q?Lindstr=F8m?= writes:
> At 09:33 26/01/2009, Mark Andrews wrote:
>
> >In message <200901260742.n0Q7gJqN029792 at mail46.nsc.no>, Jan Arild=
> =3D?iso-8859-1?
> >Q?Lindstr=3DF8m?=3D writes:
> >>=20
> >> Hi,
> >>=20
> >> I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a =
> =3D
> >>=20
> >> strange "bug" in BIND 9.6.0-P1.
> >>=20
> >> Exact same config for 9.4.3 and 9.6.0-P1, only added "new" to files that=
> =3D
> >>=20
> >> are written to (namednew.log, confignew.log and namednew.pid).
> >>=20
> >> OS: Solaris 10.
> >>=20
> >> Using:
> >> pid-file "/var/run/named/namednew.pid";
> >>=20
> >> .. result in the following:
> >>=20
> >> namednew.log:
> >> 26-Jan-2009 08:14:22.723 general: couldn't mkdir=
> /var/run/named/namednew.pi=3D
> >> d': Permission denied
> >> 26-Jan-2009 08:14:22.728 general: exiting (due to early fatal error)
> >
> > The log message should say couldn't mkdir /var/run/named.
> > The wrong path is being logged.
> >
> > You either need to create /var/run/named with appropriate
> > permissions so that named can write to it or change /var/run's
>
> It does exists as you can see from the "ls" output I included. And "named"=
> is
> owner of it and hence have full permissions on it (/var/run/named/).
>
> Problem is that Solaris returnes EACCESS and not EEXISTS. So just running=
> mkdir=20
> to check if a directory exists does not work on Solaris. One gets an EACCES=
> and the=20
> code fails.
What are all of the permissions involved as it should work
as demonstrated by the test below.
thing1:marka 21:31 {109} % mkdir /foo
mkdir: Failed to make directory "/foo"; Permission denied
thing1:marka 21:31 {110} % mkdir /tmp
mkdir: Failed to make directory "/tmp"; File exists
thing1:marka 21:31 {111} % uname -a
SunOS thing1 5.10 Generic_120011-14 sun4u sparc SUNW,Ultra-80
thing1:marka 21:33 {112} %
e.g.
ls -ld / /var /var/run /var/run/named
Mark
> > permissions so that named can create /var/run/named.
> >
> > Named will continue if mkdir(/var/run/named) returns EEXISTS.
>
> Wich it will not on Solaris if you do not have the perm to create it, even=
> though it=20
> exists and you have full perm on it.
>
> ?
>
> >=20
> > Mark
> >
> > /*
> > * Make the containing directory if it doesn't exist.
> > */
> > slash =3D strrchr(pidfile, '/');
> > if (slash !=3D NULL && slash !=3D pidfile) {
> > *slash =3D '\0';
> > mode =3D S_IRUSR | S_IWUSR | S_IXUSR; /* u=3Drwx */
> > mode |=3D S_IRGRP | S_IXGRP; /* g=3Drx */
> > mode |=3D S_IROTH | S_IXOTH; /* o=3Drx */
> > n =3D mkdir(pidfile, mode);
> > if (n =3D=3D -1 && errno !=3D EEXIST) {
> > isc__strerror(errno, strbuf, sizeof(strbuf));
> > (*report)("couldn't mkdir %s': %s", filename,
> > strbuf);
> > free(pidfile);
> > pidfile =3D NULL;
> > return;
> > }
> > *slash =3D '/';
> > }
> >
> >> BIND 9.6.0-P1 truss.out:
> >> --CUT--
> >> 25123/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D3D 0
> >> 25123/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D3D 9
> >> 25123/65: fcntl(9, F_GETFL) =3D3D=
> 8320
> >> 25123/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D3D 0
> >> 25123/65: setgid(21) =3D3D 0
> >> 25123/65: setuid(21) =3D3D 0
> >> 25123/65: access(".", W_OK) =3D3D 0
> >> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,=
> 06=3D
> >> 66) =3D3D 10
> >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 332
> >> 25123/65: close(10) =3D3D 0
> >> 25123/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,=
> 0=3D
> >> 666) =3D3D 10
> >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 0
> >> 25123/65: close(10) =3D3D 0
> >> 25123/65: mkdir("/var/run/named", 0755) Err#13=
> EACC=3D
> >> ES [ALL]
> >> 25123/65: stat("/var/log/namednew.log", 0xFFFFFFFF79D0F3C0) =3D3D 0
> >> 25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,=
> 06=3D
> >> 66) =3D3D 10
> >> 25123/65: lseek(10, 0, SEEK_END) =3D3D 332
> >> 25123/65: fstat(10, 0xFFFFFFFF79D0E540) =3D3D 0
> >> 25123/65: fstat(10, 0xFFFFFFFF79D0E410) =3D3D 0
> >> 25123/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E47C) Err#25=
> ENOT=3D
> >> TY
> >> 25123/65: write(10, 0x10502E754, 97) =3D3D 97
> >> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 3 g e=
> n =3D
> >> e r a l
> >> 25123/65: : c o u l d n ' t m k d i r / v a r / r u n / n=
> a =3D
> >> m e d /
> >> 25123/65: n a m e d n e w . p i d ' : P e r m i s s i o n d=
> e =3D
> >> n i e d
> >> 25123/65: \n
> >> 25123/65: write(10, 0x10502E754, 69) =3D3D 69
> >> 25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 8 g e=
> n =3D
> >> e r a l
> >> 25123/65: : e x i t i n g ( d u e t o e a r l y f a t=
> a =3D
> >> l e r
> >> 25123/65: r o r )\n
> >> 25123/65: _exit(1)
> >>=20
> >> It fails because it tries to just create the /var/run/named directory=
> inste=3D
> >> ad
> >> of cheking if the directory exist and if it can write to it. =3D
> >>=20
> >>=20
> >> ns12(root) named 515# ls -la /var/run/named
> >> total 40
> >> drwxr-s--- 4 named named 307 Jan 26 06:51 ./
> >> drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ../
> >> -rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid
> >>=20
> >> So /var/run/named exists and is fully writable by user named.
> >>=20
> >> User "named" should of course not be able to crate diretories below
> >> "/var/run". Especially since many other things on Solaris 10 uses that
> >> directory also.
> >>=20
> >>=20
> >> If I use:
> >> pid-file "/var/run/named/named/namednew.pid";
> >>=20
> >> ... everything works fine, since it now can run mkdir without getting=
> "EACC=3D
> >> ES". =3D
> >>=20
> >> Instead it gets "EEXIST" and is OK with that.
> >>=20
> >> BIND 9.6.0-P1 truss.out:
> >> --CUT--
> >> 25404/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) =3D3D 0
> >> 25404/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) =3D3D 9
> >> 25404/65: fcntl(9, F_GETFL) =3D3D=
> 8320
> >> 25404/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) =3D3D 0
> >> 25404/65: setgid(21) =3D3D 0
> >> 25404/65: setuid(21) =3D3D 0
> >> 25404/65: access(".", W_OK) =3D3D 0
> >> 25404/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,=
> 06=3D
> >> 66) =3D3D 10
> >> 25404/65: lseek(10, 0, SEEK_END) =3D3D 498
> >> 25404/65: close(10) =3D3D 0
> >> 25404/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,=
> 0=3D
> >> 666) =3D3D 10
> >> 25404/65: lseek(10, 0, SEEK_END) =3D3D 0
> >> 25404/65: close(10) =3D3D 0
> >> 25404/65: mkdir("/var/run/named/named", 0755) Err#17=
> EEXI=3D
> >> ST
> >> 25404/65: stat("/var/run/named/named/namednew.pid",=
> 0xFFFFFFFF79D0F98=3D
> >> 0) Err#2 ENOENT
> >> 25404/65: unlink("/var/run/named/named/namednew.pid") Err#2=
> ENOENT
> >> 25404/65: open("/var/run/named/named/namednew.pid",=
> O_WRONLY|O_CREAT|=3D
> >> O_EXCL, 0644) =3D3D 10
> >> 25404/65: fcntl(10, F_GETFD, 0x000001A4) =3D3D 0
> >> 25404/65: getpid() =3D3D=
> 25404 [=3D
> >> 25403]
> >> 25404/65: fstat(10, 0xFFFFFFFF79D0E9D0) =3D3D 0
> >> 25404/65: fstat(10, 0xFFFFFFFF79D0E8A0) =3D3D 0
> >> 25404/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E90C) Err#25=
> ENOT=3D
> >> TY
> >> 25404/65: write(10, " 2 5 4 0 4\n", 6) =3D3D 6
> >> 25404/65: close(10) =3D3D 0
> >> --CUT--
> >>=20
> >>=20
> >> Trussing 9.4.3 I see that it does it differently:
> >>=20
> >> --CUT--
> >> 25730/10: access(".", W_OK) =3D3D 0
> >> 25730/10: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT,=
> 06=3D
> >> 66) =3D3D 10
> >> 25730/10: lseek(10, 0, SEEK_END) =3D3D=
> 2625
> >> 25730/10: close(10) =3D3D 0
> >> 25730/10: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT,=
> 0=3D
> >> 666) =3D3D 10
> >> 25730/10: lseek(10, 0, SEEK_END) =3D3D 0
> >> 25730/10: close(10) =3D3D 0
> >> 25730/10: stat("/var/run/named/namednew.pid", 0xFFFFFFFF7D90F660)=
> Err=3D
> >> #2 ENOENT
> >> 25730/10: unlink("/var/run/named/namednew.pid") Err#2=
> ENOENT
> >> 25730/10: open("/var/run/named/namednew.pid",=
> O_WRONLY|O_CREAT|O_EXCL=3D
> >> , 0644) =3D3D 10
> >> 25730/10: fcntl(10, F_GETFD, 0x000001A4) =3D3D 0
> >> 25730/10: getpid() =3D3D=
> 25730 [=3D
> >> 25729]
> >> 25730/10: fstat(10, 0xFFFFFFFF7D90E6B0) =3D3D 0
> >> 25730/10: fstat(10, 0xFFFFFFFF7D90E580) =3D3D 0
> >> 25730/10: ioctl(10, TCGETA, 0xFFFFFFFF7D90E5EC) Err#25=
> ENOT=3D
> >> TY
> >> 25730/10: write(10, " 2 5 7 3 0\n", 6) =3D3D 6
> >> --CUT--
> >>=20
> >>=20
> >> It seems that someone has "shorted" the code to create and/or check the=
> pid=3D
> >> -file.
> >>=20
> >> Maybe that "shortcut" will work on Linux, but it for sure does not work=
> on =3D
> >> Solaris 10.
> >>=20
> >> Having to use .../named/named/... in the pid-file option is of course=
> possi=3D
> >> ble, but I =3D
> >>=20
> >> guess that it is not the way it is supposed to be...(?)...
> >>=20
> >> Help? Ideas?
> >>=20
> >> Regards
> >> Jan Arild Lindstr=3DF8m
> >>=20
> >> _______________________________________________
> >> bind-users mailing list
> >> bind-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >--=20
> >Mark Andrews, ISC
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
> Regards
> Jan Arild Lindstr=F8m
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list