From 4519a0f456283842a8671acbe82843e123d056b8 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Tue, 18 Feb 2020 05:20:50 +0000
Subject: Tue Feb 18 05:20:50 UTC 2020

l/gtk+3-3.24.14-x86_64-2.txz:  Rebuilt.
  Rebuilt with -DG_ENABLE_DEBUG. Thanks to Bindestreck.
  Also built with -DG_DISABLE_CAST_CHECKS and -Dbroadway_backend=true.
l/imagemagick-7.0.9_24-x86_64-1.txz:  Upgraded.
n/bind-9.14.10-x86_64-2.txz:  Rebuilt.
  rc.bind: make sure it works with a non-root user specified in $NAMED_OPTIONS.
  Thanks to Luigi Trovato.
n/tin-2.4.4-x86_64-1.txz:  Upgraded.
xap/blackbox-0.76-x86_64-1.txz:  Upgraded.
testing/packages/PAM/libcap-2.32-x86_64-1_pam.txz:  Upgraded.
---
 source/n/bind/rc.bind | 51 ++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 38 insertions(+), 13 deletions(-)

(limited to 'source/n/bind/rc.bind')

diff --git a/source/n/bind/rc.bind b/source/n/bind/rc.bind
index 6d77d73d9..d58dc1e3e 100644
--- a/source/n/bind/rc.bind
+++ b/source/n/bind/rc.bind
@@ -1,15 +1,13 @@
 #!/bin/sh
 # Start/stop/restart the BIND name server daemon (named).
 
-
 # Start bind. In the past it was more secure to run BIND as a non-root
 # user (for example, with '-u daemon'), but the modern version of BIND
 # knows how to use the kernel's capability mechanism to drop all root
 # privileges except the ability to bind() to a privileged port and set
-# process resource limits, so -u should not be needed.  If you wish to
-# use it anyway, chown the /var/run/named and /var/named directories to
-# the non-root user. The command options can be set like this in
-# /etc/default/named :
+# process resource limits, so running as a non-root user is not needed.
+# But if you want to run as a non-root user anyway, the command options
+# can be set like this in /etc/default/named:
 #       NAMED_OPTIONS="-u daemon"
 # So you will not have to edit this script.
 
@@ -17,7 +15,7 @@
 # a discussion of which may be found in
 # /usr/doc/Linux-HOWTOs/Chroot-BIND-HOWTO.
  
-# One last note:  rndc has a lot of other nice features that it is not
+# One last note: rndc has a lot of other nice features that it is not
 # within the scope of this start/stop/restart script to support.
 # For more details, see "man rndc" or just type "rndc" to see the options.
 
@@ -25,17 +23,45 @@
 if [ -f /etc/default/named ] ; then . /etc/default/named ; fi
 if [ -f /etc/default/rndc ] ; then . /etc/default/rndc ; fi
 
-# Sanity check.  If /usr/sbin/named is missing then it
+# Sanity check. If /usr/sbin/named is missing then it
 # doesn't make much sense to try to run this script:
 if [ ! -x /usr/sbin/named ]; then
   echo "/etc/rc.d/rc.bind:  no /usr/sbin/named found (or not executable); cannot start."
   exit 1
 fi
 
-# Start BIND.  As many times as you like.  ;-)
+# Function to find the user BIND is running as in $NAMED_OPTIONS:
+find_bind_user() {
+  if echo $NAMED_OPTIONS | grep -wq "\-u" ; then
+    unset BIND_USER USER_FOUND
+    echo $NAMED_OPTIONS | tr ' ' '\n' | while read element ; do
+      if [ "$USER_FOUND" = "true" ]; then
+        BIND_USER="$element"
+        echo $BIND_USER
+        break
+      elif [ "$element" = "-u" ]; then
+        USER_FOUND="true"
+      fi
+    done
+  else
+    echo "root"
+  fi
+}
+
+# Start BIND. As many times as you like. ;-)
 # Seriously, don't run "rc.bind start" if BIND is already
 # running or you'll get more than one copy running.
 bind_start() {
+  # If we are running as a non-root user, we'll need to be sure that
+  # /var/run/named exists, and /var/run/named and /var/named are
+  # chowned properly to that user:
+  BIND_USER="$(find_bind_user)"
+  if [ ! "$BIND_USER" = "root" ]; then
+    mkdir -p /var/run/named
+    chown -R $BIND_USER /var/run/named /var/named
+  else # prevent error if switching back to running as root:
+    chown -R root /var/run/named /var/named
+  fi
   if [ -x /usr/sbin/named ]; then
     echo "Starting BIND:  /usr/sbin/named $NAMED_OPTIONS"
     /usr/sbin/named $NAMED_OPTIONS
@@ -49,8 +75,8 @@ bind_start() {
     if ps axc | grep -q named ; then
       echo "SUCCESS:  named started."
     else
-      echo "FAILED:  Sorry, a second attempt to start named has also failed."
-      echo "There may be a configuration error that needs fixing.  Good luck!"
+      echo "FAILED: Sorry, a second attempt to start named has also failed."
+      echo "There may be a configuration error that needs fixing. Good luck!"
     fi
   fi
 }
@@ -62,8 +88,8 @@ bind_stop() {
   # A problem with using "/usr/sbin/rndc stop" is that if you
   # managed to get multiple copies of named running it will
   # only stop one of them and then can't stop the others even
-  # if you run it again.  So, after doing things the nice way
-  # we'll do them the old-fashioned way.  If you don't like
+  # if you run it again. So, after doing things the nice way
+  # we'll do them the old-fashioned way. If you don't like
   # it you can comment it out, but unless you have a lot of
   # other programs you run called "named" this is unlikely
   # to have any ill effects:
@@ -109,4 +135,3 @@ case "$1" in
 *)
   echo "usage $0 start|stop|reload|restart|status"
 esac
-
-- 
cgit v1.2.3