[Bug 999324] Re: DDNS dynamic file creation permission denied
Jamie Strandboge
jamie at ubuntu.com
Thu May 17 02:31:40 UTC 2012
The server guide is wrong-- the bind9 packaging has specified /var/lib/bind for journal files and DDNS for a long time. From README.Debian:
"Zones subject to automatic updates (such as via DHCP and/or nsupdate) should be stored in /var/lib/bind, and specified with full pathnames."
This path was added to the apparmor profile in Ubuntu 8.04 LTS and was added to the package during the 8.04 LTS development cycle:
bind9 (1:9.4.2-2) unstable; urgency=low
...
* bind9: deliver /var/lib/bind directory, and document.
Closes: #248771, #200253, #202981, #209022
This separation is by design so that named does not have write access to
/etc/bind/* such that a flaw in bind9 doesn't result in writes to
authoritative zone data (which is found in /etc/bind). I suggest the
server guide documentation be updated to use the paths as specified in
the package. In the meantime, people can update
/etc/apparmor.d/local/usr.bin.named to add write access to /etc/bind if
they desire (or adjust their configuration).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/999324
Title:
Server guide gives wrong examples for bind9 (was: DDNS dynamic file
creation permission denied)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions
More information about the Ubuntu-server-bugs
mailing list