Bug 194098 - Incorrect permissions on bind chroot 'master' directory
Summary: Incorrect permissions on bind chroot 'master' directory
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Mathieu Arnold
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-02 18:42 UTC by Matt Pounsett
Modified: 2019-11-12 06:45 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Pounsett 2014-10-02 18:42:49 UTC 
According to /etc/mtree/BIND.chroot.dist the permissions of /var/named/etc/named/master inherits an owner:group of root:wheel with the mode 0755.   This should either be bind:wheel 0755 or root:bind 0775.  

Turning on ixfr-from-differences will cause BIND to try to write a journal file to the master directory, which it will attempt using the user:group of bind:bind.  There is no way to force the journal file to any other directory except where the master file resides.

How-To-Repeat: 
* enable ixfr-from-differences in the options stanza
* update a zone with type master
* issue an 'rndc reload' for the zone

A temporary workaround of moving master files into /var/named/etc/namedb/dynamic is possible, but ignores the conceptual separation of zone types.
Comment 1 Eugene Grosbein freebsd_committer freebsd_triage 2019-10-31 09:37:09 UTC 
Mathieu, can you please take a look?
Comment 2 Matt Pounsett 2019-11-08 15:24:15 UTC 
I'd be a little surprised if this was still an issue.  When I submitted the PR (in 2014!) 9.3-RELEASE was the going thing, and BIND was part of the base system.  The specific details have certainly changed, as /var/named isn't even listed in the mtree files anymore.