[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Named PID File (can't create)
- Subject: Re: [cobalt-users] Named PID File (can't create)
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Thu Apr 12 15:16:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Please, excuse that erroneous reply, I thought I was hitting
reply, but, already did that, so it was "send" :-]
> > >Apr 11 23:25:19 blue named[27721]: couldn't create pid file
> > >'/var/run/named.pid'
> > >
> > >>You probably changed the named user, from root to named
> > >>now user named does not have rights to /var or /var/run
> > >>or /var/run/named.pid
> >
> > Yes we did and I think so did quite a few others on this list who were
> > trying to get "named" to stop running as "root" (IMHO very bad idea).
> >
> > But it doesn't make any sense, because obviously it's writing a file under
> > /var/run/named.pid as user "named"...<??>
> >
> > -rw-r--r-- 1 named named 6 Apr 11 00:09 named.pid
> >
> > It only generates this error (in the logs) when you save changes to DNS
> > records via the GUI. But everything seems to be saved and work correctly.
It actually will generate this error anytime named starts.
if you command "ndc restart" or /etc/rc.d/init.d/named start
it will attempt to write the process id to /var/run/named.pid.
> > Here's the only two changes performed:
> > useradd -c "Named" -u 25 -s /bin/false -r -d /etc/named named 2>/dev/null ||
> > :
I assume the above is a typo "named" not Named?
> > This creates group/user "named" and sends any connections to a null device.
> > Then we changed the two "daemon named" references in /etc/rc.d/init.d/named
> > to:
> > daemon named -u named -g named
> > Starting "named" as user "named" instead of as user "root".
> > Of couse I could change this back to "daemon named" and restart everything
> > as user root, but that kinda defeats the purpose of trying to get "named" to
> > run as something else other than "root" -which in my opinion is just aking
> > for trouble come the next BIND hack/exploit.
No, I don't think that is a good idea.
And, I really don't have a solution, I am sure someone on the list does.
And, I may be completely full of sh**, but I think it's a permissions issue.
Gerald