tech-security: Re: /etc/security: symlink vs. file (for /etc/named.conf)

Subject: Re: /etc/security: symlink vs. file (for /etc/named.conf)
To: Hubert Feyrer <hubert@feyrer.de>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: tech-security
Date: 01/04/2007 17:26:11

On Thu, Jan 04, 2007 at 05:10:40PM +0100, Hubert Feyrer wrote:
> 
> My /etc/named.conf is a symlink instead of a file, and every day my 
> 'insecurity' output consists of:
> 
> 	Checking special files and directories.
> 	etc/named.conf:
> 	        type (file, link)
> 
> Things I've tried to get rid of this:
> 1) change 'type=' in /etc/mtree/special from 'file' to 'link'
> 2) set 'check_mtree_follow_symlinks=yes' in /etc/security.conf.
> 
> No go in either case - can someone tell me what to do to not see this any 
> more? Thanks a lot!

For a similar issue (chrooted named, isn't it ?) I have in
/etc/mtree/special.local:
/set uname=root gname=wheel
./etc                           type=dir  mode=0755
./etc/namedb                    type=link mode=0755
./etc/named.conf                type=link mode=0755

no changes needed to other files in /etc/mtree/
This is on NetBSD 3.x

-- 
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
     NetBSD: 26 ans d'experience feront toujours la difference
--