Hi, I am putting together a front end for managing DNS records via a web interface and the only thing left is getting it to read and write the actual files in the chroot/var/named directory. I am a little green on permissions so I need a bit of help on this, thanks.
I guess the web interface is running with the permissions of the Apache user? Then the Apache user needs write permissions for the chroot/var/named directory.
The permissions on the /var/named directory from the bind package with Fedora Core 1 & 2 installed with root.named ownership and 750 permissions. This disallows the named daemon (running as the named user) to write files to this location. This breaks things like running a slave server: When a zone transfer ocours, named will try to write the updated/new zone file in /var/named and can't the result is "access denied" written to syslog, which may make some folks think that the zone tranfer is disallowed, instead of it being a local permissions issue (although the phrasing of the error message is not a problem with the RPM!). This breaks other things too, like where rndc stats and rndc dump_db are not able to write the corresponding log files to the /var/named directory where they belong. I would suggest installing this directory mode 770 instead of the current 750 to resolve this issue. If there is a compelling reason not to do this, I'd love to be educated.
