class.RemoteBIND.php assumes bind user is named

pombreda / scalr

Automatically exported from code.google.com/p/scalr

0 stars 0 forks source link

class.RemoteBIND.php assumes bind user is named #8

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

I'm seeing errors in the logs about a chown for the zones file to
non-existent user named. I've tracked it down to class.RemoteBIND.php:

src/LibWebta/library/NET/API/BIND/class.RemoteBIND.php:         
$this->SSH2->Exec("chown named:named {$this->RootPath}/{$name}");

On Ubuntu the bind user is bind and the named user does not exist so this
command will always fail.

Original issue reported on code.google.com by rob.mo...@gmail.com on 8 Jul 2008 at 4:04

GoogleCodeExporter commented 9 years ago

Subsequently I came across the document for creating nameservers
(http://code.google.com/p/scalr/wiki/ConfiguringNameservers) and it has named 
in the
example as the system user. It's not clear in the docs that it must be named.
However, in the event that the choice is taken to use root instead of a system 
user
(as is suggested at the end) then the same error will occur since named doesn't 
exist.

Original comment by rob.mo...@gmail.com on 8 Jul 2008 at 9:38

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

In the case of an Ubuntu installation, the user bind probably is the best choice
because /etc/bind/rndc.key is owned by bind. However, it does require that the 
bind
user's shell be changed to something other than /bin/false (e.g., /bin/sh) and 
it may
raise security concerns (that is, it raises the question as to why bind was 
given a
/bin/false shell in the first place while some other system accounts have 
/bin/sh as
their shell).

So to sum up, it would be nice to have the RemoteBIND class take the user value 
from
a configurable value such as the login username.

Original comment by rob.mo...@gmail.com on 8 Jul 2008 at 9:50

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Also, if the bind user approach is taken then the /etc/bind/named.conf.local 
file and
/etc/bind/zones directory owner need to be changed to bind (or alternatively 
write
permission can be given to the group).

Original comment by rob.mo...@gmail.com on 8 Jul 2008 at 10:59

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Original comment by alex.kovalyov@gmail.com on 16 Jul 2008 at 5:50

Changed state: Accepted
Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Original comment by dicsydel@gmail.com on 5 Jan 2009 at 7:12

Changed state: Fixed
Added labels: ****
Removed labels: ****