Fixed
Created: Aug 28, 2013
Updated: Mar 14, 2016
Resolved Date: Sep 29, 2013
Previous ID: LIN5-7993
Found In Version: 5.0.1
Fix Version: 5.0.1.8
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Userspace
Many of the directories used by bind have not had their ownerships changed to match. This means that bind no longer has permission to write to these directories.
These are their observations and I have confirmed the same here with RCPL 6 installed:
1. The volatile dirs setup for bind is not writable by the bind user.
bind 30724 0.0 0.0 22268 5688 ? Ss 09:01 0:00
/usr/sbin/named -u bind -t /var/named/chroot
d root root 0755 /var/run/named none
d root root 0755 /var/run/bind/run none
d root root 0755 /var/cache/bind none
# ls -ld /var/run/named /var/run/bind/run /var/cache/bind
drwxr-xr-x 2 root root 40 Aug 27 14:53 /var/cache/bind
drwxrwxr-x 2 root bind 40 Aug 27 14:53 /var/run/bind/run
drwxr-xr-x 2 root root 80 Aug 28 09:01 /var/run/named
2. /var/run/bind/run has other owner and permissions compared to the volatiles.04_bind config file.
3. The start script creates some of the dirs, that are already handled by volatiles.04_bind
# dirs under /var/run can go away on reboots.
mkdir -p /var/run/named
mkdir -p /var/cache/bind
mkdir -p /var/run/bind/run
chmod 775 /var/run/bind/run
chown root:bind /var/run/bind/run >/dev/null 2>&1 || true
4. -t is /var/named/chroot but that is not a volatile dir (and owned by root)
# ls -ld /var/named/chroot
drwxr-xr-x 5 root root 4096 Aug 27 14:46 /var/named/chroot
5. Also the volatile config file does not follow the general naming convention.
# ls -l /etc/default/volatiles/
total 28
-rw-r--r-- 3 root root 1626 Aug 26 15:44 00_core
-rw-r--r-- 3 root root 174 Aug 27 14:14 01_sgsn_extra
-rwxr-xr-x 3 root root 41 Aug 27 14:16 03_syslog-ng
-rw-r--r-- 3 root root 40 Aug 26 15:40 99_pam
-rw-r--r-- 3 root root 34 Aug 26 15:45 99_sysstat
-rw-r--r-- 3 root root 44 Aug 26 15:44 99_vsftpd
-rw-r--r-- 3 root root 167 Aug 26 15:46 volatiles.04_bind
$ configure --enable-board=qemux86-64 --enable-rootfs=glibc_cgl --enable-kernel=cgl
$ make
$ make start-target
Log in and examine the dirs as described.