Bug 143550 - [PATCH] dns/nsd - Permission related issues with nsd port
Summary: [PATCH] dns/nsd - Permission related issues with nsd port
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Philip M. Gollucci
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-04 11:00 UTC by Marko Njezic
Modified: 2010-02-11 19:54 UTC (History)
0 users

See Also:


Attachments
file.diff (3.55 KB, patch)
2010-02-04 11:00 UTC, Marko Njezic
no flags Details | Diff
nsd.diff (3.67 KB, patch)
2010-02-09 11:00 UTC, Olafur Osvaldsson
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marko Njezic 2010-02-04 11:00:01 UTC
After stopping nsd daemon, its pidfile can't be removed since nsd is not running as root and pidfile is inside root-owned /var/run directory. One solution would be to use the same technique as used in bind, by storing pidfile in separate directory inside /var/run that would be owned by the same user that nsd uses when running.

Also after stopping nsd daemon, it can't store its xfrdfile and diffile inside default /var/db/nsd directory since it's root-owned and nsd is not running as root. The solution is to chown nsd's database directory to the same user that nsd uses when running. The nsd port used to perform chown until port version 3.2.2 when that part was removed from makefile.

It would be nice if nsd startup script would read pidfile location from nsd's configuration file, because if pidfile location is changed (i.e. due to chroot config), startup script would need to be edited by hand, because pidfile location is hard coded.

I've provided patch that fixes above mentioned permission related issues and also modifies nsd startup script to read pidfile location from nsd's configuration.

Fix: Apply the suggested patch file.

Patch attached with submission follows:
How-To-Repeat: [root@vmbsd]:/root> /usr/local/etc/rc.d/nsd start
Starting nsd.
[root@vmbsd]:/root> /usr/local/etc/rc.d/nsd stop
Merging nsd zone transfer changes to zone files.
nsdc: no patch necessary.
Stopping nsd.
[root@vmbsd]:/root> tail -n 3 /var/log/messages
Feb  4 11:25:11 vmbsd nsd[55043]: signal received, shutting down...
Feb  4 11:25:11 vmbsd nsd[55043]: failed to unlink pidfile /var/run/nsd.pid: Permission denied
Feb  4 11:25:11 vmbsd nsd[55044]: xfrd: Could not open file /var/db/nsd/xfrd.state for writing: Permission denied
Comment 1 Edwin Groothuis freebsd_committer 2010-02-04 11:00:15 UTC
Maintainer of dns/nsd,

Please note that PR ports/143550 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/143550

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer 2010-02-04 11:00:18 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Philip M. Gollucci freebsd_committer 2010-02-05 03:49:59 UTC
Responsible Changed
From-To: freebsd-ports-bugs->pgollucci

I'll take it.
Comment 4 Philip M. Gollucci freebsd_committer 2010-02-10 18:01:37 UTC
State Changed
From-To: feedback->open

Maintainer has approved.
Comment 5 dfilter service freebsd_committer 2010-02-11 19:37:20 UTC
pgollucci    2010-02-11 19:37:10 UTC

  FreeBSD ports repository

  Modified files:
    dns/nsd              Makefile pkg-message pkg-plist 
    dns/nsd/files        nsd.in 
  Added files:
    dns/nsd/files        pkg-deinstall.in pkg-install.in 
  Log:
  - Fix permission issues
  
  PR:             ports/143550
  Submitted by:   Marko Njezic <mrmax063@maxempire.com>
  Approved by:    Olafur Osvaldsson <osvaldsson@icelandic.net> (maintainer)
  
  Revision  Changes    Path
  1.46      +15 -2     ports/dns/nsd/Makefile
  1.5       +2 -2      ports/dns/nsd/files/nsd.in
  1.1       +16 -0     ports/dns/nsd/files/pkg-deinstall.in (new)
  1.1       +19 -0     ports/dns/nsd/files/pkg-install.in (new)
  1.2       +4 -0      ports/dns/nsd/pkg-message
  1.8       +1 -1      ports/dns/nsd/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 6 Philip M. Gollucci freebsd_committer 2010-02-11 19:54:35 UTC
State Changed
From-To: open->closed

Committed, Thanks