[Bug 1086775] Re: Maintainer scripts mishandle /var/cache/bind permissions

Alex Bligh ubuntu at alex.org.uk
Sat Dec 8 09:48:02 UTC 2012 

** Description changed:

  Affects: 1:9.7.0.dfsg.P1-1ubuntu0.8, 1:9.8.1.dfsg.P1-4ubuntu0.4, 1:9.8.4
  .dfsg-1ubuntu1.
  
  bind9.postinst only sets permissions on
  /var/cache/bind on a fresh install. When the bind9 package is removed
  but not purged, /var/cache/bind is removed, but /etc/bind is left alone
  (as expected). When the bind9 package is reinstalled from this state,
  the postinst fails to correct the default 755 permissions on
  /var/cache/bind.
  
  This is particularly a problem for users upgrading from Lucid, since this
- situation causes 100% CPU usage due to bug 695264.
+ situation causes 100% CPU usage due to bug 1038199.
  
  Steps to reproduce:
  
  1. Start with a Lucid system
  2. apt-get install bind9
  3. apt-get remove bind9
  4. apt-get install bind9
  
  Note broken permissions in /var/cache/bind.
  
  This isn't directly reproducible in Raring because files are now
  left behind in /var/cache/bind causing /var/cache/bind to not be removed
  when the package is removed (is this a separate bug?)
  
  However, if from Lucid you then do:
  
  5. do-release-upgrade
  
  Then the problem propagates to Raring, and you'll see bug 1038199 (100%
  CPU usage).
  
  Workaround:
  
  # chown root.bind /var/cache/bind
  # chmod 775 /var/cache/bind
  # service bind9 restart
  
  Logs from the upgraded machine (see 'working directory not writeable'
  and 'permission denied')
  
  05-Dec-2012 12:23:35.719 found 2 CPUs, using 2 worker threads
  05-Dec-2012 12:23:35.720 using up to 4096 sockets
  05-Dec-2012 12:23:35.726 loading configuration from '/etc/bind/named.conf'
  05-Dec-2012 12:23:35.727 reading built-in trusted keys from file '/etc/bind/bind.keys'
  05-Dec-2012 12:23:35.727 using default UDP/IPv4 port range: [1024, 65535]
  05-Dec-2012 12:23:35.728 using default UDP/IPv6 port range: [1024, 65535]
  05-Dec-2012 12:23:35.729 listening on IPv6 interfaces, port 53
  05-Dec-2012 12:23:35.731 listening on IPv4 interface lo, 127.0.0.1#53
  05-Dec-2012 12:23:35.732 listening on IPv4 interface eth0, 10.40.0.5#53
  05-Dec-2012 12:23:35.734 listening on IPv4 interface eth1, 10.157.128.1#53
  05-Dec-2012 12:23:35.735 listening on IPv4 interface eth1, 10.161.208.1#53
  05-Dec-2012 12:23:35.736 listening on IPv4 interface eth0.60, 10.157.16.12#53
  05-Dec-2012 12:23:35.738 generating session key for dynamic DNS
  05-Dec-2012 12:23:35.738 sizing zone task pool based on 7 zones
  05-Dec-2012 12:23:35.744 using built-in root key for view _default
  05-Dec-2012 12:23:35.744 set up managed keys zone for view _default, file 'managed-keys.bind'
  05-Dec-2012 12:23:35.744 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
  05-Dec-2012 12:23:35.744 automatic empty zone: 254.169.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 2.0.192.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 100.51.198.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 113.0.203.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: D.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 8.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 9.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: A.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: B.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
  05-Dec-2012 12:23:35.749 command channel listening on 127.0.0.1#953
  05-Dec-2012 12:23:35.749 command channel listening on ::1#953
  05-Dec-2012 12:23:35.749 the working directory is not writable
  05-Dec-2012 12:23:35.749 ignoring config file logging statement due to -g option
  05-Dec-2012 12:23:35.750 zone 0.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.750 zone 157.10.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.751 zone 127.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.752 zone 255.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.753 zone extility.install/IN: loaded serial 1300877104
  05-Dec-2012 12:23:35.754 zone localhost/IN: loaded serial 2
  05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
  05-Dec-2012 12:23:35.754 managed-keys.bind.jnl: create: permission denied
  05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: sync_keyzone:dns_journal_open -> unexpected error

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1086775

Title:
  Maintainer scripts mishandle /var/cache/bind permissions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1086775/+subscriptions

More information about the Ubuntu-server-bugs mailing list