statistics file initially created with incorrect permissions
Dan Langille
dan at langille.org
Mon Jan 21 15:53:02 UTC 2019
I'm running bind911-9.11.5P1_2 on FreeBSD 11.2-RELEASE-p8
bind is running fine, except for the statistics file, which gets created with root:bind vs bind:bind and I do not know why.
named runs as the user bind:
$ ps auwwx | grep named
bind 79879 0.0 0.1 69028 47120 - IsJ 21:18 2:35.88 /usr/local/sbin/named -u bind -c /usr/local/etc/namedb/named.conf
The configuration setting point to the right location:
$ grep stat /usr/local/etc/namedb/named.conf
statistics-file "/var/run/named/stats";
zone-statistics yes;
The permissions of a running / working configuration:
$ ls -l /var/run/named
total 20
-rw-r--r-- 1 bind bind 6 Jan 21 15:16 pid
-rw------- 1 bind bind 102 Jan 21 15:16 session.key
-rw-r--r-- 1 bind bind 9461 Jan 21 15:45 stats
$ ls -ld /var/run/named
drwxr-xr-x 2 bind bind 5 Jan 21 15:20 /var/run/named
When named first creates this file, it is created chown root:bind and statistics fails:
20-Jan-2019 16:30:22.356 received control channel command 'stats'
20-Jan-2019 16:30:22.356 could not open statistics dump file '/var/run/named/stats': permission denied
20-Jan-2019 16:30:22.356 dumpstats failed: permission denied
A quick 'chown bind /var/run/named/stats' fixes that and everything proceeds fine.
1 - Why does named create this file as root:bind not bind:bind?
Looking at the logs, this file is updated every five minutes. The documentation says:
"The pathname of the file the server appends statistics to when instructed to do so using rndc stats."
named seems to be doing this automatically, as opposed to an external cronjob created by myself.
2 - Is the documentation misleading in this regard?
Thank you.
--
Dan Langille - BSDCan / PGCon
dan at langille.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190121/94c3e217/attachment.bin>
More information about the bind-users
mailing list