Bug 194098

Summary: Incorrect permissions on bind chroot 'master' directory
Product: Ports & Packages Reporter: Matt Pounsett <matt>
Component: Individual Port(s)Assignee: Mathieu Arnold <mat>
Status: Closed Overcome By Events    
Severity: Affects Some People CC: eugen
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description Matt Pounsett 2014-10-02 18:42:49 UTC 
According to /etc/mtree/BIND.chroot.dist the permissions of /var/named/etc/named/master inherits an owner:group of root:wheel with the mode 0755.   This should either be bind:wheel 0755 or root:bind 0775.  

Turning on ixfr-from-differences will cause BIND to try to write a journal file to the master directory, which it will attempt using the user:group of bind:bind.  There is no way to force the journal file to any other directory except where the master file resides.

How-To-Repeat: 
* enable ixfr-from-differences in the options stanza
* update a zone with type master
* issue an 'rndc reload' for the zone

A temporary workaround of moving master files into /var/named/etc/namedb/dynamic is possible, but ignores the conceptual separation of zone types.
Comment 1 Eugene Grosbein freebsd_committer freebsd_triage 2019-10-31 09:37:09 UTC 
Mathieu, can you please take a look?
Comment 2 Matt Pounsett 2019-11-08 15:24:15 UTC 
I'd be a little surprised if this was still an issue.  When I submitted the PR (in 2014!) 9.3-RELEASE was the going thing, and BIND was part of the base system.  The specific details have certainly changed, as /var/named isn't even listed in the mtree files anymore.