I have had some problems with permissions when using net-dns/bind. Especially when it comes to the pid-file. When looking online it seems I am not alone. In /etc/init.d/named there is a couple of checks (e.g, named-checkconf, checkpath). If possible and if time is available, I would like to request a new feature, "a check for sane permissions on folders and files" when starting named. Examples of folders are: ${CHROOT}/var/bind ${CHROOT}/etc/bind ${CHROOT}/var/run/named Best wishes Niklas
I am really bad in bash and ebuild scripts but I tried to do an implementation. It is probably horrible but at least I tried. permission_user_match() { file_id=$(stat --format="%u" $2) user_id=$(id -u $1) if [ "$user_id" != "$file_id" ]; then eerror "$1 has the wrong user permission" fi } permission_group_match() { file_gid=$(stat --format="%g" $2) user_gid=$(id -g $1) if [ "$user_gid" != "$file_gid" ]; then eerror "$1 has the wrong group permission" fi } user_may_write() { access=$(stat --format="%A" $2) if [ "${access:2:1}" != "w" ]; then eerror "$1 may not write to $2" fi } group_may_write() { access=$(stat --format="%A" $2) if [ "${access:5:1}" != "w" ]; then eerror "$1 may not write to $2" fi } checkpermissions() { ebegin "Checking named permissions" permission_group_match named ${CHROOT}/var/bind permission_group_match named ${CHROOT}/etc/bind permission_group_match named ${CHROOT}/var/run/named group_may_write named ${CHROOT}/var/bind group_may_write named ${CHROOT}/etc/bind group_may_write named ${CHROOT}/var/run/named eend 0 return 0 }
