BIND 9.4.x vs 9.6.x - pid-file check and creation
Jan Arild Lindstrøm
jal at telenor.net
Mon Jan 26 07:42:15 UTC 2009
Hi,
I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a
strange "bug" in BIND 9.6.0-P1.
Exact same config for 9.4.3 and 9.6.0-P1, only added "new" to files that
are written to (namednew.log, confignew.log and namednew.pid).
OS: Solaris 10.
Using:
pid-file "/var/run/named/namednew.pid";
.. result in the following:
namednew.log:
26-Jan-2009 08:14:22.723 general: couldn't mkdir /var/run/named/namednew.pid': Permission denied
26-Jan-2009 08:14:22.728 general: exiting (due to early fatal error)
BIND 9.6.0-P1 truss.out:
--CUT--
25123/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) = 0
25123/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) = 9
25123/65: fcntl(9, F_GETFL) = 8320
25123/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) = 0
25123/65: setgid(21) = 0
25123/65: setuid(21) = 0
25123/65: access(".", W_OK) = 0
25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
25123/65: lseek(10, 0, SEEK_END) = 332
25123/65: close(10) = 0
25123/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
25123/65: lseek(10, 0, SEEK_END) = 0
25123/65: close(10) = 0
25123/65: mkdir("/var/run/named", 0755) Err#13 EACCES [ALL]
25123/65: stat("/var/log/namednew.log", 0xFFFFFFFF79D0F3C0) = 0
25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
25123/65: lseek(10, 0, SEEK_END) = 332
25123/65: fstat(10, 0xFFFFFFFF79D0E540) = 0
25123/65: fstat(10, 0xFFFFFFFF79D0E410) = 0
25123/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E47C) Err#25 ENOTTY
25123/65: write(10, 0x10502E754, 97) = 97
25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 3 g e n e r a l
25123/65: : c o u l d n ' t m k d i r / v a r / r u n / n a m e d /
25123/65: n a m e d n e w . p i d ' : P e r m i s s i o n d e n i e d
25123/65: \n
25123/65: write(10, 0x10502E754, 69) = 69
25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 8 g e n e r a l
25123/65: : e x i t i n g ( d u e t o e a r l y f a t a l e r
25123/65: r o r )\n
25123/65: _exit(1)
It fails because it tries to just create the /var/run/named directory instead
of cheking if the directory exist and if it can write to it.
ns12(root) named 515# ls -la /var/run/named
total 40
drwxr-s--- 4 named named 307 Jan 26 06:51 ./
drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ../
-rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid
So /var/run/named exists and is fully writable by user named.
User "named" should of course not be able to crate diretories below
"/var/run". Especially since many other things on Solaris 10 uses that
directory also.
If I use:
pid-file "/var/run/named/named/namednew.pid";
... everything works fine, since it now can run mkdir without getting "EACCES".
Instead it gets "EEXIST" and is OK with that.
BIND 9.6.0-P1 truss.out:
--CUT--
25404/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) = 0
25404/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) = 9
25404/65: fcntl(9, F_GETFL) = 8320
25404/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) = 0
25404/65: setgid(21) = 0
25404/65: setuid(21) = 0
25404/65: access(".", W_OK) = 0
25404/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
25404/65: lseek(10, 0, SEEK_END) = 498
25404/65: close(10) = 0
25404/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
25404/65: lseek(10, 0, SEEK_END) = 0
25404/65: close(10) = 0
25404/65: mkdir("/var/run/named/named", 0755) Err#17 EEXIST
25404/65: stat("/var/run/named/named/namednew.pid", 0xFFFFFFFF79D0F980) Err#2 ENOENT
25404/65: unlink("/var/run/named/named/namednew.pid") Err#2 ENOENT
25404/65: open("/var/run/named/named/namednew.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 10
25404/65: fcntl(10, F_GETFD, 0x000001A4) = 0
25404/65: getpid() = 25404 [25403]
25404/65: fstat(10, 0xFFFFFFFF79D0E9D0) = 0
25404/65: fstat(10, 0xFFFFFFFF79D0E8A0) = 0
25404/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E90C) Err#25 ENOTTY
25404/65: write(10, " 2 5 4 0 4\n", 6) = 6
25404/65: close(10) = 0
--CUT--
Trussing 9.4.3 I see that it does it differently:
--CUT--
25730/10: access(".", W_OK) = 0
25730/10: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
25730/10: lseek(10, 0, SEEK_END) = 2625
25730/10: close(10) = 0
25730/10: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
25730/10: lseek(10, 0, SEEK_END) = 0
25730/10: close(10) = 0
25730/10: stat("/var/run/named/namednew.pid", 0xFFFFFFFF7D90F660) Err#2 ENOENT
25730/10: unlink("/var/run/named/namednew.pid") Err#2 ENOENT
25730/10: open("/var/run/named/namednew.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 10
25730/10: fcntl(10, F_GETFD, 0x000001A4) = 0
25730/10: getpid() = 25730 [25729]
25730/10: fstat(10, 0xFFFFFFFF7D90E6B0) = 0
25730/10: fstat(10, 0xFFFFFFFF7D90E580) = 0
25730/10: ioctl(10, TCGETA, 0xFFFFFFFF7D90E5EC) Err#25 ENOTTY
25730/10: write(10, " 2 5 7 3 0\n", 6) = 6
--CUT--
It seems that someone has "shorted" the code to create and/or check the pid-file.
Maybe that "shortcut" will work on Linux, but it for sure does not work on Solaris 10.
Having to use .../named/named/... in the pid-file option is of course possible, but I
guess that it is not the way it is supposed to be...(?)...
Help? Ideas?
Regards
Jan Arild Lindstrøm
More information about the bind-users
mailing list