question on minimal file permissions
Chris Thompson
cet1 at cam.ac.uk
Mon Apr 18 16:43:12 UTC 2011
On Apr 18 2011, Tony Finch wrote:
>Zone files that are managed by bind need to be writable by BIND (mode 644
>and owned by BIND).
BIND does not overwrite zone file in place! For those that it does manage
(type slave/stub, or type master with DNS updates allowed) it is the
directory containing the zone file that needs to be writable by BIND, so
that it can create new versions and rename them. After which they will
usually be as Tony suggests, of course, but they don't need to be after,
say, an rndc freeze/thaw sequence - in that case readability by BIND is
all that is required.
OTOH, journal files are updated in place, as well as new versions being
created and renamed when they are shortened.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list