diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2020-02-18 05:20:50 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-02-18 17:59:47 +0100 |
commit | 4519a0f456283842a8671acbe82843e123d056b8 (patch) | |
tree | c27062f6f543c25386fe4ea4be2d11d50445588e /source/n/bind/rc.bind | |
parent | d8da2d3be01cee6dd09daa56912b02ffe0747b57 (diff) | |
download | current-4519a0f456283842a8671acbe82843e123d056b8.tar.gz current-4519a0f456283842a8671acbe82843e123d056b8.tar.xz |
Tue Feb 18 05:20:50 UTC 202020200218052050
l/gtk+3-3.24.14-x86_64-2.txz: Rebuilt.
Rebuilt with -DG_ENABLE_DEBUG. Thanks to Bindestreck.
Also built with -DG_DISABLE_CAST_CHECKS and -Dbroadway_backend=true.
l/imagemagick-7.0.9_24-x86_64-1.txz: Upgraded.
n/bind-9.14.10-x86_64-2.txz: Rebuilt.
rc.bind: make sure it works with a non-root user specified in $NAMED_OPTIONS.
Thanks to Luigi Trovato.
n/tin-2.4.4-x86_64-1.txz: Upgraded.
xap/blackbox-0.76-x86_64-1.txz: Upgraded.
testing/packages/PAM/libcap-2.32-x86_64-1_pam.txz: Upgraded.
Diffstat (limited to 'source/n/bind/rc.bind')
-rw-r--r-- | source/n/bind/rc.bind | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/source/n/bind/rc.bind b/source/n/bind/rc.bind index 6d77d73d9..d58dc1e3e 100644 --- a/source/n/bind/rc.bind +++ b/source/n/bind/rc.bind @@ -1,15 +1,13 @@ #!/bin/sh # Start/stop/restart the BIND name server daemon (named). - # Start bind. In the past it was more secure to run BIND as a non-root # user (for example, with '-u daemon'), but the modern version of BIND # knows how to use the kernel's capability mechanism to drop all root # privileges except the ability to bind() to a privileged port and set -# process resource limits, so -u should not be needed. If you wish to -# use it anyway, chown the /var/run/named and /var/named directories to -# the non-root user. The command options can be set like this in -# /etc/default/named : +# process resource limits, so running as a non-root user is not needed. +# But if you want to run as a non-root user anyway, the command options +# can be set like this in /etc/default/named: # NAMED_OPTIONS="-u daemon" # So you will not have to edit this script. @@ -17,7 +15,7 @@ # a discussion of which may be found in # /usr/doc/Linux-HOWTOs/Chroot-BIND-HOWTO. -# One last note: rndc has a lot of other nice features that it is not +# One last note: rndc has a lot of other nice features that it is not # within the scope of this start/stop/restart script to support. # For more details, see "man rndc" or just type "rndc" to see the options. @@ -25,17 +23,45 @@ if [ -f /etc/default/named ] ; then . /etc/default/named ; fi if [ -f /etc/default/rndc ] ; then . /etc/default/rndc ; fi -# Sanity check. If /usr/sbin/named is missing then it +# Sanity check. If /usr/sbin/named is missing then it # doesn't make much sense to try to run this script: if [ ! -x /usr/sbin/named ]; then echo "/etc/rc.d/rc.bind: no /usr/sbin/named found (or not executable); cannot start." exit 1 fi -# Start BIND. As many times as you like. ;-) +# Function to find the user BIND is running as in $NAMED_OPTIONS: +find_bind_user() { + if echo $NAMED_OPTIONS | grep -wq "\-u" ; then + unset BIND_USER USER_FOUND + echo $NAMED_OPTIONS | tr ' ' '\n' | while read element ; do + if [ "$USER_FOUND" = "true" ]; then + BIND_USER="$element" + echo $BIND_USER + break + elif [ "$element" = "-u" ]; then + USER_FOUND="true" + fi + done + else + echo "root" + fi +} + +# Start BIND. As many times as you like. ;-) # Seriously, don't run "rc.bind start" if BIND is already # running or you'll get more than one copy running. bind_start() { + # If we are running as a non-root user, we'll need to be sure that + # /var/run/named exists, and /var/run/named and /var/named are + # chowned properly to that user: + BIND_USER="$(find_bind_user)" + if [ ! "$BIND_USER" = "root" ]; then + mkdir -p /var/run/named + chown -R $BIND_USER /var/run/named /var/named + else # prevent error if switching back to running as root: + chown -R root /var/run/named /var/named + fi if [ -x /usr/sbin/named ]; then echo "Starting BIND: /usr/sbin/named $NAMED_OPTIONS" /usr/sbin/named $NAMED_OPTIONS @@ -49,8 +75,8 @@ bind_start() { if ps axc | grep -q named ; then echo "SUCCESS: named started." else - echo "FAILED: Sorry, a second attempt to start named has also failed." - echo "There may be a configuration error that needs fixing. Good luck!" + echo "FAILED: Sorry, a second attempt to start named has also failed." + echo "There may be a configuration error that needs fixing. Good luck!" fi fi } @@ -62,8 +88,8 @@ bind_stop() { # A problem with using "/usr/sbin/rndc stop" is that if you # managed to get multiple copies of named running it will # only stop one of them and then can't stop the others even - # if you run it again. So, after doing things the nice way - # we'll do them the old-fashioned way. If you don't like + # if you run it again. So, after doing things the nice way + # we'll do them the old-fashioned way. If you don't like # it you can comment it out, but unless you have a lot of # other programs you run called "named" this is unlikely # to have any ill effects: @@ -109,4 +135,3 @@ case "$1" in *) echo "usage $0 start|stop|reload|restart|status" esac - |