zeha
commented
8 years ago Note: on Debian pdns.conf is owned by root:root. IIRC there is no reason for the pdns user to read it.
Also needs consideration in recursor (for allow-from-file...)
Open maikzumstrull opened 8 years ago
zeha
commented
8 years ago Note: on Debian pdns.conf is owned by root:root. IIRC there is no reason for the pdns user to read it.
Also needs consideration in recursor (for allow-from-file...)
maikzumstrull
commented
8 years ago The reason why I changed that (and why it's questionable as a default) is pdnsutil and #3386. pdnsutil needs the same access as pdns_server, but doesn't start as root and then become pdns.
Habbie
commented
7 years ago Recursor does need to read it after startup and priv drop, yes.
The current (4.0alpha3) auth unit file says
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT. Notably, this does not include root's usual ability to read any file. So if the PowerDNS configuration file is e.g.pdns:pdns 0600, the daemon won't be able to read the config, because it tries to do so while running asroot:root, before setuid().Not sure this has one obvious correct fix, but it can be somewhat confusing for the admin. For my usecase, I'm trying to have the file set to
root:pdns 0660.