Slave db file permissions
Kevin Darcy
kcd at chrysler.com
Tue Mar 18 00:14:13 UTC 2008
Cherney John-CJC030 wrote:
> I apologize if this has already been answered in the archives or in a
> FAQ. My searches did not discover anything.
>
> How do I set permissions on the slave db files? The /etc/named.conf file
> is updated when a new slave is added to the system, then the named
> process takes over and does the zone transfer to get the new slave file.
> The slave files aren't protected as tightly as the master files are. Is
> there a named.conf zone option I can use? (I didn't see one in my BIND
> books.) Is there a command line option on the named process, like -u/-g?
> (I didn't see anything in the man pages.) Is it handled entirely by the
> umask of the account running the named process?
>
A better question is: why do you care? You and any scripts that you
write shouldn't be looking at the contents of the slave files, since
they could be in flux at any given point in time. Think of them as being
"private" to the instance of named that is running. If you want a dump
of a particular zone, do a zone transfer from the nameserver instance.
Same thing applies, generally speaking, to master files for Dynamic
Update-enabled zones, by the way: you shouldn't be looking at the raw
files. Recent versions of named and rndc understand the "freeze" and
"thaw" commands, but "freeze" causes all Dynamic Updates to be suspended
for the duration, so it's not appropriate in a lot of Dynamic Update
environments.
- Kevin
More information about the bind-users
mailing list