Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 604920 - net-dns/pdns-4.0.1: wrong permissions on /etc/powerdns
Summary: net-dns/pdns-4.0.1: wrong permissions on /etc/powerdns
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Wegener
Depends on:
Reported: 2017-01-07 12:27 UTC by Marcel Pennewiß
Modified: 2020-09-22 15:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcel Pennewiß 2017-01-07 12:27:08 UTC
PowerDNS' configuration folder is /etc/powerdns.

Ebuild sets permissions to 700 and user/group is root. PowerDNS drops privileges after start and runs (sub-)processes as pdns/pdns. For example using bind backend fails, because pdns can't read files in /etc/powerdns.

Jan  7 13:21:53 host2 pdns[27158]: Distributor caught fatal exception: Unable to open '/etc/powerdns/named.conf': Permission denied

Steps to Reproduce:
1. emerge net-dns/pdns
2. ls -l /etc | grep powerdns
Actual Results:
drwx------ 2 root root  4096 Jan  5 22:52 powerdns

Expected Results:
drwx------ 2 pdns pdns  4096 Jan  5 22:52 powerdns


drwxr-xr-x 2 root root  4096 Jan  5 22:52 powerdns

Both expexted results fix this issue. IMHO setting to pdns:pdns seems to be the best way, because pdns started as root has permissions implicit.
Comment 1 Ruslan Kh. 2020-09-16 15:14:03 UTC
setting /etc/powerdns to pdns:pdns not the best way.

the pdns_server and pdns_recursor only needs access to read configuration files
best way is to set recursive permissions for /etc/powerdns to root:pdns

chown -R root:pdns /etc/powerdns
chmod 750 /etc/powerdns
chmod 640 /etc/powerdns/*.conf

affected not only 4.0 , also 4.3 latest in portage tree.
Comment 2 Anna Tikhomirova 2020-09-22 15:46:54 UTC
If you use systemd, after installing version 4.3.0 it is even impossible to start a service until permissions are fixed as shown above.