[conspire] Other notes from the Debian 5.0.1/Lenny to 6.0/Squeeze upgrade

Nick Moffitt nick at zork.net
Wed Aug 25 01:59:10 PDT 2010


Rick Moen:
> It had to do with all of those backup files on the Solaris remote host.
> Because Solaris had munged a lot of the ownerships, among the things
> that got the wrong ownership was directory /var/run/named/ .  

> Somehow, manually running /usr/sbin/named was clearing?  chowning? the
> pid file left over in /var/run/named and making it possible for the
> BIND9 startup script to write a new one there, without which startup 
> silently failed.

I suspect your manual run as root was creating a bind:bind pid file in a
root-owned directory, and since you weren't using the init script it
wasn't clearing it out afterward (or some such thing).  Thus when you
ran the init script it was able to drop privilege to the bind user and
still toss a pid into that file.

So the bind user couldn't create any new files in the root-owned
directory, but it could write to any bind-owned files in that directory
it liked.

Alas, /var/run is a mess sometimes.  When Ubuntu switched it over to a
tmpfs they found some amazing race conditions (wait, you mean you
mounted /var/run AFTER I wrote that pid file?).

-- 
You are not entitled to your opinions.




More information about the conspire mailing list