[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Named PID File (can't create)
- Subject: [cobalt-users] Named PID File (can't create)
- From: "Craig Napier" <craignapier@xxxxxxxxxxx>
- Date: Thu Apr 12 14:08:00 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Apr 11 23:25:19 blue named[27721]: couldn't create pid file
'/var/run/named.pid'
You probably changed the named user, from root to named
now user named does not have rights to /var or /var/run
or /var/run/named.pid
Yes we did and I think so did quite a few others on this list who were
trying to get "named" to stop running as "root" (IMHO very bad idea).
But it doesn't make any sense, because obviously it's writing a file under
/var/run/named.pid as user "named"...<??>
-rw-r--r-- 1 named named 6 Apr 11 00:09 named.pid
It only generates this error (in the logs) when you save changes to DNS
records via the GUI. But everything seems to be saved and work correctly.
Here's the only two changes performed:
useradd -c "Named" -u 25 -s /bin/false -r -d /etc/named named 2>/dev/null ||
:
This creates group/user "named" and sends any connections to a null device.
Then we changed the two "daemon named" references in /etc/rc.d/init.d/named
to:
daemon named -u named -g named
Starting "named" as user "named" instead of as user "root".
Of couse I could change this back to "daemon named" and restart everything
as user root, but that kinda defeats the purpose of trying to get "named" to
run as something else other than "root" -which in my opinion is just aking
for trouble come the next BIND hack/exploit.
Any ideas?
Cheers!
Craig
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com