Debian Bug report logs - #386791
bind: Wrong permissions on /etc/bind/rndc.key break bind with every update

version graph

Package: bind9; Maintainer for bind9 is LaMont Jones <lamont@debian.org>; Source for bind9 is src:bind9.

Reported by: Gunther Stammwitz <gstammw@gmx.net>

Date: Sun, 10 Sep 2006 10:03:02 UTC

Severity: important

Merged with 169577, 177960, 216659, 320460, 388537, 405075, 409166, 500277

Found in versions 1:9.2.1-2.woody.1, 1:9.2.1-6, 1:9.2.1-7, 1:9.2.3+9.2.4-rc2-1, 1:9.2.4-1sarge1, 9.2.4-1sarge2, 9.3.2-p1.0-1, bind9/1:9.2.4-1, bind9/1:9.3.1-2, bind9/1:9.3.4-2etch3, bind9/1:9.5.0.dfsg.P2-4

Fixed in versions bind9/1:9.5.0.dfsg.P2-1, 1:9.6.1.dfsg.P1-1

Done: LaMont Jones <lamont@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. Full text and rfc822 format available.

Acknowledgement sent to Gunther Stammwitz <gstammw@gmx.net>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Gunther Stammwitz <gstammw@gmx.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bind: Wrong permissions on /etc/bind/rndc.key break bind with every update
Date: Sun, 10 Sep 2006 11:41:35 +0200
Package: bind9
Version: 1:9.2.4-1sarge1
Severity: important
File: bind


Wrong permissions in /etc/bind prevent bind from reading the
RNDC-key-file. This causes rndc to stop working after an upgrade of bind
because the permissions get set to the bad values with every update of
the bind package. Bind reports the following errors: none:0: open:
/etc/bind/rndc.key: permission denied and couldn't add command channel
127.0.0.1#953: permission denied. The permissions of get set to
-rw-r----- and user/group: bind. When manually chowning the file to the
user root and letting the group bind as it is everything is just working
fine.


m System Information:
Debian Release: 3.1
Architecture: i386 (i586)
Kernel: Linux 2.4.18
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages bind9 depends on:
ii  adduser               3.63               Add and remove users and groups
ii  libc6                 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii  libdns16              1:9.2.4-1sarge1    DNS Shared Library used by BIND
ii  libisc7               1:9.2.4-1sarge1    ISC Shared Library used by BIND
ii  libisccc0             1:9.2.4-1sarge1    Command Channel Library used by BI
ii  libisccfg0            1:9.2.4-1sarge1    Config File Handling Library used 
ii  liblwres1             1:9.2.4-1sarge1    Lightweight Resolver Library used 
ii  libssl0.9.7           0.9.7e-3sarge1     SSL shared libraries
ii  netbase               4.21               Basic TCP/IP networking system

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. Full text and rfc822 format available.

Acknowledgement sent to Christian Hammers <ch@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #10 received at 386791@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: Debian Bug Tracking System <386791@bugs.debian.org>
Subject: Re: Wrong permissions on /etc/bind/rndc.key break bind with...
Date: Mon, 11 Sep 2006 10:35:19 +0200
Package: bind9
Version: 1:9.2.4-1
Followup-For: Bug #386791

Hello

I can confirm this, it happend on all servers after todays DSA updates:

named[2660]: stopping command channel on 127.0.0.1#953
named[2660]: stopping command channel on ::1#953
named[2660]: exiting
named[10886]: starting BIND 9.2.4
named[10886]: none:0: open: /etc/bind/rndc.key: permission denied
named[10886]: couldn't add command channel 127.0.0.1#953: permission denied
named[10886]: none:0: open: /etc/bind/rndc.key: permission denied
named[10886]: couldn't add command channel ::1#953: permission denied

I don't understand why there is a permission denied as bind itself runs
as user bind and should be able to read the file. Maybe it's a kind of
security check that prevents bind from starting when the file is
writable for the daemon.

The daemon itself seems to work correctly, answering on all interface
addresses. Probably only the rndc command does not work.

Regarding the proposed solution I get a 
  # rndc reload 127.in-addr.arpa
  rndc: connect failed: connection refused
even after chowning the file to root and restarting the daemon :(

bye,

-christian-

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686-smp
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15) (ignored: LC_ALL set to de_DE@euro)

Versions of packages bind9 depends on:
ii  adduser               3.63               Add and remove users and groups
ii  libc6                 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii  libdns16              1:9.2.4-1          DNS Shared Library used by BIND
ii  libisc7               1:9.2.4-1          ISC Shared Library used by BIND
ii  libisccc0             1:9.2.4-1          Command Channel Library used by BI
ii  libisccfg0            1:9.2.4-1          Config File Handling Library used 
ii  liblwres1             1:9.2.4-1          Lightweight Resolver Library used 
ii  libssl0.9.7           0.9.7e-3sarge1     SSL shared libraries
ii  netbase               4.21               Basic TCP/IP networking system

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. Full text and rfc822 format available.

Acknowledgement sent to Pascal Arpizou <pascal@plouf.fr.eu.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #15 received at 386791@bugs.debian.org (full text, mbox):

From: Pascal Arpizou <pascal@plouf.fr.eu.org>
To: 386791@bugs.debian.org
Subject: Re: Wrong permissions on /etc/bind/rndc.key break bind with every update
Date: Tue, 12 Sep 2006 15:40:38 +0200
Hello,

I experienced the same problem on my two Debian sarge systems after 
bind9's security upgrade from version 1:9.2.4-1 to 1:9.2.4-1sarge1. On 
both systems named runs as user 'root' (this is needed because of 
dynamic network interfaces), /etc/bind/rndc.key was owned by 'root' 
until the upgrade and rndc was running fine. It seems that bind9's 
postinst script changes the owner of /etc/bind/rndc.key from 'root' to 
'bind' whenever the file /etc/defaults/bind9 already exists, whether it 
contains "-u bind" or not. The file existed on my systems, but without 
"-u bind".

I observed that named wants /etc/bind/rndc.key to be owned by 'root' 
when run as root, and accepts /etc/bind/rndc.key to be owned by 'bind' 
or 'root' when run as root.

Isn't there a bug in bind9's postinst script which can change the owner 
of /etc/bind/rndc.key to 'bind' without checking that named runs as user 
'bind' ?

Also I don't understand that the choice of writing OPTIONS="" or 
OPTIONS="-u bind" in /etc/defaults/bind9 depends on the fact that 
/etc/bind/named.conf[.local] have been modified or not.



Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. Full text and rfc822 format available.

Acknowledgement sent to Pascal Arpizou <pascal@plouf.fr.eu.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #20 received at 386791@bugs.debian.org (full text, mbox):

From: Pascal Arpizou <pascal@plouf.fr.eu.org>
To: 386791@bugs.debian.org
Subject: Re: Wrong permissions on /etc/bind/rndc.key break bind with every update
Date: Tue, 12 Sep 2006 16:31:46 +0200
> I observed that named wants /etc/bind/rndc.key to be owned by 'root' 
> when run as root, and accepts /etc/bind/rndc.key to be owned by 'bind' 
> or 'root' when run as root.

I meant "[named] accepts /etc/bind/rndc.key to be owned by user 'bind' 
or 'root' when run as user 'bind'". Sorry for the mistake.



Forcibly Merged 169577 177960 216659 320460 386791 388537 405075 409166. Request was from Mark Purcell <msp@debian.org> to control@bugs.debian.org. (Sat, 04 Oct 2008 05:48:03 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 1:9.5.0.dfsg.P2-1. Request was from Mark Purcell <msp@debian.org> to control@bugs.debian.org. (Sat, 04 Oct 2008 07:03:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. (Sun, 26 Jul 2009 18:27:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Steven G. Johnson" <stevenj.mit@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Sun, 26 Jul 2009 18:27:07 GMT) Full text and rfc822 format available.

Message #29 received at 386791@bugs.debian.org (full text, mbox):

From: "Steven G. Johnson" <stevenj.mit@gmail.com>
To: 386791@bugs.debian.org
Subject: same problem in 2009
Date: Sun, 26 Jul 2009 14:22:03 -0400
We experienced what seems to be exactly the same problem with Debian/ 
lenny using

Package: bind9
Priority: optional
Section: net
Installed-Size: 636
Maintainer: LaMont Jones <lamont@debian.org>
Architecture: amd64
Version: 1:9.5.1.dfsg.P2-1+lenny1

Our syslog had:

open: /etc/bind/rndc.key: permission denied

As a result, we would get errors of the form:

# /etc/init.d/bind9 restart
Stopping domain name service...: bind9rndc: connect failed:  
127.0.0.1#953: connection refused.
Starting domain name service...: bind9.

(Although it claimed to start bind9 up, it would not, and we would not  
get new configuration changes.)

The workaround, as noted by others, was to do:

chown root:bind /etc/bind/rndc.key

That file had somehow been set to be owned by user identd, group  
telnetd.

This bug report has been open for YEARS now.  Any sign of progress?

Regards,
Steven G. Johnson




Forcibly Merged 169577 177960 216659 320460 386791 388537 405075 409166 500277. Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Wed, 29 Jul 2009 13:09:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. (Wed, 16 Dec 2009 16:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Juan Maia <jaamfi@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Wed, 16 Dec 2009 16:24:03 GMT) Full text and rfc822 format available.

Message #36 received at 386791@bugs.debian.org (full text, mbox):

From: Juan Maia <jaamfi@gmail.com>
To: 386791@bugs.debian.org
Date: Wed, 16 Dec 2009 14:21:31 -0200
[Message part 1 (text/plain, inline)]
maladireta:/etc/bind# /etc/init.d/bind9 restart
Stopping domain name service...: bind9rndc: connect failed: 127.0.0.1#953:
connection refused
.
Starting domain name service...: bind9 failed!


No idea why this happen, does any one know how to fix this?
email-me please!
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. (Thu, 14 Jan 2010 04:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bart Massey <bart.massey@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 14 Jan 2010 04:12:03 GMT) Full text and rfc822 format available.

Message #41 received at 386791@bugs.debian.org (full text, mbox):

From: Bart Massey <bart.massey@gmail.com>
To: 386791@bugs.debian.org
Subject: Come on, fix the package already...
Date: Wed, 13 Jan 2010 20:08:27 -0800
[Message part 1 (text/plain, inline)]
This is several years old now, and the fix is pretty well understood:

  1) Add to /etc/bind/named.conf the line
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. (Thu, 14 Jan 2010 04:12:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bart Massey <bart.massey@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 14 Jan 2010 04:12:05 GMT) Full text and rfc822 format available.

Message #46 received at 386791@bugs.debian.org (full text, mbox):

From: Bart Massey <bart.massey@gmail.com>
To: 386791@bugs.debian.org
Subject: Let's try again
Date: Wed, 13 Jan 2010 20:10:48 -0800
[Message part 1 (text/plain, inline)]
This bug can be fixed by:
  1) Adding a line that says
      include "/etc/bind/rndc.key";
  to /etc/bind/named.conf
and then
  2) Making /etc/bind/rndc.key be owner root:bind mode 640

Given the number of years this bug has been outstanding, it would be really
nice if someone would fix it.
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. (Thu, 17 Nov 2011 08:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian Stubbs <usenetmuelltonne@nurfuerspam.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 17 Nov 2011 08:03:04 GMT) Full text and rfc822 format available.

Message #51 received at 386791@bugs.debian.org (full text, mbox):

From: Christian Stubbs <usenetmuelltonne@nurfuerspam.de>
To: 386791@bugs.debian.org
Subject: same problem in 2011
Date: Thu, 17 Nov 2011 08:58:01 +0100
It happened just again with the latest security update.

Version: 1:9.7.3.dfsg-1~squeeze4




Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#386791; Package bind9. (Sun, 07 Apr 2013 06:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andrew Spiers <andrew@andrewspiers.net>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Sun, 07 Apr 2013 06:33:04 GMT) Full text and rfc822 format available.

Message #56 received at 386791@bugs.debian.org (full text, mbox):

From: Andrew Spiers <andrew@andrewspiers.net>
To: 386791@bugs.debian.org
Date: Sun, 7 Apr 2013 16:29:39 +1000
I am sorry to report that this seems to be happening again.

Package: bind9
State: partially configured
Automatically installed: no
Version: 1:9.7.3.dfsg-1~squeeze10
Priority: optional
Section: net
Maintainer: LaMont Jones <lamont@debian.org>

Chowning rndc.key to root:bind means I can start up the service again,
but the next attempt to install this package re-runs the post-install
script,
which chowns it back to bind:bind, which means the service can't
start, leaving the package partially configured.



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 30 Nov 2013 07:43:25 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 16:20:27 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.