[Bug 341817] Re: dhcpd wont start due to rndc.key permissions
Jamie Strandboge
jamie at ubuntu.com
Fri Jun 29 12:37:57 UTC 2012
I like this idea much better. Whether packaging creates a special
dynamic dns updates key or uses a keys directory, these keys are
actually specifically designed for use with dynamic updates and totally
appropriate to add to the apparmor profile. Unrelated to this bug, if
packaging is being adjusted to make adding dynamic dns work easier, it
should probably default to 'off' (which is a secure default) but with a
preseedable debconf option to enable it (but this should probably be
discussed elsewhere).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/341817
Title:
dhcpd wont start due to rndc.key permissions
Status in “isc-dhcp” package in Ubuntu:
Fix Committed
Bug description:
Binary package hint: dhcp3-server
System information:
#lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
#apt-cache policy dhcp3-server
dhcp3-server:
Installed: 3.0.6.dfsg-1ubuntu9
Candidate: 3.0.6.dfsg-1ubuntu9
Version table:
*** 3.0.6.dfsg-1ubuntu9 0
500 http://nl.archive.ubuntu.com hardy/main Packages
100 /var/lib/dpkg/status
#apt-cache policy bind9
bind9:
Installed: 1:9.4.2.dfsg.P2-2ubuntu0.1
Candidate: 1:9.4.2.dfsg.P2-2ubuntu0.1
Version table:
*** 1:9.4.2.dfsg.P2-2ubuntu0.1 0
500 http://nl.archive.ubuntu.com hardy-updates/main Packages
500 http://security.ubuntu.com hardy-security/main Packages
100 /var/lib/dpkg/status
1:9.4.2-10 0
500 http://nl.archive.ubuntu.com hardy/main Packages
Problem:
dhcpd wont start - "/etc/bind/rndc.key: Permission denied"
Workaround found but is a potential security issue ("/etc/bind/rndc.conf" world readable)
Brief:
Trying to get dhcp3-server and bind9 to work together nicely.
The "/etc/bind/rndc.key" file is owned by bind:bind w. 640 perms by default and dhcpd3 process runs under user "dhcpd". Adding user "dhcpd" to group "bind" does not seem to work. Permissions of "/etc/bind/rndc.key" need to be changed to 644 for dhcp3-server to start (I could find no other solution - after a few hours of google and 30 minutes of play, at least ;-)
Steps:
- Install & configure bind9 (configuration tested and working)
- Install & configure dhcp3-server
- sudo /etc/init.d/dhcp3-server start
Expected result:
dhcpd starts
Actual result:
#/etc/init.d/dhcp3-server start
dhcpd self-test failed. Please fix the config file.
The error was:
Can't open /etc/bind/rndc.key: Permission denied
#ls -l `which dhcpd3`
-rwxr-xr-x 1 root root 516164 2008-04-02 15:38 /usr/sbin/dhcpd3
#ls -l /etc/bind/rndc.key
-rw-r----- 1 bind bind 77 2009-03-12 14:30 /etc/bind/rndc.key
#id -a dhcpd
uid=111(dhcpd) gid=122(dhcpd) groups=122(dhcpd),121(bind)
Workaround:
- Change permissions of /etc/bind/rndc.key to world readable (from 640 -> 644)
note: adding 'dhcpd' user to 'bind' group does not work for some reason
- Start dhcpd:
#chmod 644 /etc/bind/rndc.key
#/etc/init.d/dhcp3-server start
* Starting DHCP server dhcpd3 [ OK ]
#ps -ef | grep dhcpd
dhcpd 3292 1 0 17:11 ? 00:00:00 /usr/sbin/dhcpd3 -q -pf /var/run/dhcp3-server/dhcpd.pid -cf /etc/dhcp3/dhcpd.conf eth0
root 3298 3090 0 17:11 pts/0 00:00:00 grep dhcpd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/341817/+subscriptions
More information about the foundations-bugs
mailing list