Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 604920

Summary: net-dns/pdns-4.0.1: wrong permissions on /etc/powerdns
Product: Gentoo Linux Reporter: Marcel Pennewiß <gentoo>
Component: Current packagesAssignee: Sven Wegener <swegener>
Status: UNCONFIRMED ---    
Severity: normal CC: vamp
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Marcel Pennewiß 2017-01-07 12:27:08 UTC 
PowerDNS' configuration folder is /etc/powerdns.

Ebuild sets permissions to 700 and user/group is root. PowerDNS drops privileges after start and runs (sub-)processes as pdns/pdns. For example using bind backend fails, because pdns can't read files in /etc/powerdns.

Error:
Jan  7 13:21:53 host2 pdns[27158]: Distributor caught fatal exception: Unable to open '/etc/powerdns/named.conf': Permission denied

Steps to Reproduce:
1. emerge net-dns/pdns
2. ls -l /etc | grep powerdns
 
Actual Results:
drwx------ 2 root root  4096 Jan  5 22:52 powerdns

Expected Results:
drwx------ 2 pdns pdns  4096 Jan  5 22:52 powerdns

or

drwxr-xr-x 2 root root  4096 Jan  5 22:52 powerdns

Both expexted results fix this issue. IMHO setting to pdns:pdns seems to be the best way, because pdns started as root has permissions implicit.
Comment 1 Ruslan Kh. 2020-09-16 15:14:03 UTC 
setting /etc/powerdns to pdns:pdns not the best way.

the pdns_server and pdns_recursor only needs access to read configuration files
best way is to set recursive permissions for /etc/powerdns to root:pdns

chown -R root:pdns /etc/powerdns
chmod 750 /etc/powerdns
chmod 640 /etc/powerdns/*.conf

affected not only 4.0 , also 4.3 latest in portage tree.
Comment 2 Anna Tikhomirova 2020-09-22 15:46:54 UTC 
If you use systemd, after installing version 4.3.0 it is even impossible to start a service until permissions are fixed as shown above.
Comment 3 Chris Pritchard 2023-11-19 13:42:19 UTC 
This is still a problem, would it be possible to amend the ebuild to set the directory to root:pdns and permissions to 750?
Comment 4 Chris Pritchard 2023-11-19 13:43:04 UTC 
(In reply to Chris Pritchard from comment #3)
> This is still a problem, would it be possible to amend the ebuild to set the
> directory to root:pdns and permissions to 750?

Sorry, I meant 640!