[CentOS] Bind data directory borked on update from 5.3 to 5.4
Bowie_Bailey at BUC.com
Thu Jan 21 14:45:51 UTC 2010
Brian Mathis wrote:
> On Thu, Jan 21, 2010 at 8:20 AM, Kai Schaetzl <maillists at conactive.com> wrote:
>> Kai Schaetzl wrote on Thu, 21 Jan 2010 13:00:48 +0100:
>>> I wonder now if the owner of
>>> that directory should actually be named?
>> Hm, after looking on other machines that have named installed but not in
>> use it's excactly the same there. So, if named wants write permission
>> there, but the rpm always removes that permission - isn't the rpm wrong
>> then? Should I report this as a bug?
> I don't think you'd want a compromised named to be able to make
> changes to your authoritative DNS records, which is what could happen
> if you have permissions set that way.
1) The directory he was referring to does not contain the zone files.
2) The directory that does contain the zone files appears to be owned by
named with write permissions by default.
3) All of my master zone files are owned by root with 644 permissions,
so regardless of the directory permissions, named can't mess with them.
4) The secondary server's zone files have to be writable by named so
they can update from the master.
I don't see a problem here.
More information about the CentOS