re: CVS commit: src/external/bsd/bind/dist/bin/named

[christos%zoulas.com@localhost (Christos Zoulas)]

On Apr 25,  1:31am, mrg%eterna.com.au@localhost (matthew green) wrote:
-- Subject: re: CVS commit: src/external/bsd/bind/dist/bin/named

|    Perhaps you are confusing this directory with /var/chroot/named/etc/namedb?
| 
| i'm saying that named should be configured to have this dir as
| the cwd and then the permissions check you removed will pass.

I take it that "this dir" means /var/chroot/named/etc/namedb, then perhaps
yes. I agree although not 100%, since my current tree looks like:

$ ls -al /var/chroot/named/etc/namedb
drwxr-xr-x  6 root   wheel   512 Jul 19  2008 ./
drwxr-xr-x  4 root   wheel   512 Jul 19  2008 ../
-rw-r--r--  1 root   wheel   259 Dec  3  2004 127
-r--r--r--  1 root   wheel  1525 May 30  2008 Makefile
drwxr-xr-x  2 root   wheel   512 Feb 15  2006 RCS/
drwxr-xr-x  2 named  named   512 Nov  4  2004 cache/
drwxr-xr-x  3 named  named   512 Apr 23  2007 pri/
-r--r--r--  1 root   wheel  2517 Nov  1  2007 root.cache
drwxr-xr-x  2 named  named  3584 Apr 24 11:40 sec/

[my primary zones are in pri and my secondary zones in sec]

And I don't really see the need to make the whole namedb directory owned
by named. Even the pri directory does not need to be writable by named.

| the bug here is that your named is running chrooted an unprived
| in /var/chroot/named with cwd, not the etc/namedb subdir.

Well, it needs to chroot there, but then it could chdir() to etc/namedb.
I will look if this is feasible when I get some cycles. For now commenting
out the test is the same behavior that we had in the previous versions
of named.

christos