Ubuntu
bind9 package

rndc.key permission denied

Bug #585121 reported by robs
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BIND
Fix Released
Unknown
bind9 (Debian)
New
Undecided
Unassigned
bind9 (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Binary package hint: bind9

root@server:/etc# named -g
24-May-2010 21:49:45.797 starting BIND 9.7.0-P1 -g
24-May-2010 21:49:45.797 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
[SNIP] ....
24-May-2010 21:49:45.831 none:0: open: /etc/bind/rndc.key: permission denied
24-May-2010 21:49:45.831 couldn't add command channel 127.0.0.1#953: permission denied
24-May-2010 21:49:45.831 none:0: open: /etc/bind/rndc.key: permission denied
24-May-2010 21:49:45.831 couldn't add command channel ::1#953: permission denied

This is currently in Lucid.
Fix is simple:
in /etc/bind/named.conf add line:
include "/etc/bind/rndc.key";

change mode to root.bind 640 /etc/bind/rndc.key

See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=386791

Thank you,
Roberto Sebastiano

Bug Watch Updater (bug-watch-updater)
Changed in bind:
status: Unknown → Fix Released
Chuck Short (zulcss)
Changed in bind9 (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
robs (roberto-sebastiano) wrote :

I would add that without the fix, bind with dlz-mysql doesn't work entirely, I don't know exactly why

Revision history for this message
Simon Déziel (sdeziel) wrote :

Marking as fix released because on 22.04, /etc/bind/rndc.key looks like this:

# ll /etc/bind/rndc.key
-rw-r----- 1 bind bind 100 Apr 4 2022 /etc/bind/rndc.key

And bind9/named runs as the "bind" user:

# grep OPTIONS /etc/default/named
OPTIONS="-u bind"

Changed in bind9 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.