Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 174084

Summary: net-dns/bind - make permissions on bind zone files stricter
Product: Gentoo Linux Reporter: Joshua Pettett <bugs.gentoo.devel>
Component: New packagesAssignee: BIND Maintainers (DISABLED) <bind+disabled>
Status: RESOLVED FIXED    
Severity: enhancement CC: henson, notordoktor, radek
Priority: Highest    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 302361    
Bug Blocks:    

Description Joshua Pettett 2007-04-10 20:25:06 UTC 
Is there any reason why bind zone files should be writeable by the named user by default?  If not, I recommend making var/bind owned by root:named .  While we're at it, perhaps we should chmod o-rwx named.conf as well?
Comment 1 Paul B. Henson 2010-01-26 19:53:46 UTC 
Looks like this bug is pretty old, but I'd second the recommendation. Unless a zone is dynamic it shouldn't really be writable by the bind service account.
Comment 2 Doktor Notor 2010-03-12 11:29:09 UTC 
It's needed for dynamic zones only. Considering that Gentoo doesn't install any preconfigured dynamic zones at all, no point for these that get installed to be named-writeable indeed.
Comment 3 Christian Ruppert (idl0r) gentoo-dev 2010-05-13 01:23:53 UTC 
Sorry for the delay...
Its fixed in bind-9.7.0_p1 ;)