[arch-general] Bind - working directory not writeable issue - a possible fix?

Mike Cloaked mike.cloaked at gmail.com
Sat Feb 9 06:01:33 EST 2013 

For a very long time I have noticed that when starting named there is a log
message or in systemctl status a line complaining about being unable to
write to the working directory as in the 2nd line with date/time from the
command below:

[root at lapmike3 ~]# systemctl status named
named.service - Internet domain name server
          Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
          Active: active (running) since Sat 2013-02-09 09:45:40 GMT; 1h
2min ago
        Main PID: 336 (named)
          CGroup: name=systemd:/system/named.service
                  └─336 /usr/sbin/named -f -u named

Feb 09 09:45:42 lapmike3 named[336]: command channel listening on ::1#953
Feb 09 09:45:42 lapmike3 named[336]: the working directory is not writable
Feb 09 09:45:42 lapmike3 named[336]: managed-keys-zone: loaded serial 0
Feb 09 09:45:42 lapmike3 named[336]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 42
Feb 09 09:45:42 lapmike3 named[336]: zone localhost/IN: loaded serial 42
Feb 09 09:45:42 lapmike3 named[336]: all zones loaded
Feb 09 09:45:42 lapmike3 named[336]: running
Feb 09 10:45:42 lapmike3 named[336]: listening on IPv4 interface wlan0,
10.0.0.69#53
Feb 09 10:45:42 lapmike3 named[336]: could not listen on UDP socket:
permission denied
Feb 09 10:45:42 lapmike3 named[336]: creating IPv4 interface wlan0 failed;
interface ignored


Looking at the permissions of /var/named in arch here on my laptop I see:

drwxr-x---   2 root named  4096 Dec  4 21:23 named

So doing:

[root at lapmike3 ~]# chmod 770 /var/named

Now:
drwxrwx---   2 root named  4096 Dec  4 21:23 named

And
[root at lapmike3 ~]# systemctl restart named
[root at lapmike3 ~]# systemctl status named
named.service - Internet domain name server
          Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
          Active: active (running) since Sat 2013-02-09 10:50:48 GMT; 3s ago
         Process: 3619 ExecStop=/usr/sbin/rndc stop (code=exited,
status=0/SUCCESS)
        Main PID: 3623 (named)
          CGroup: name=systemd:/system/named.service
                  └─3623 /usr/sbin/named -f -u named

Feb 09 10:50:48 lapmike3 named[3623]: automatic empty zone: A.E.F.IP6.ARPA
Feb 09 10:50:48 lapmike3 named[3623]: automatic empty zone: B.E.F.IP6.ARPA
Feb 09 10:50:48 lapmike3 named[3623]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Feb 09 10:50:48 lapmike3 named[3623]: command channel listening on
127.0.0.1#953
Feb 09 10:50:48 lapmike3 named[3623]: command channel listening on ::1#953
Feb 09 10:50:48 lapmike3 named[3623]: managed-keys-zone: loaded serial 0
Feb 09 10:50:48 lapmike3 named[3623]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 42
Feb 09 10:50:48 lapmike3 named[3623]: zone localhost/IN: loaded serial 42
Feb 09 10:50:48 lapmike3 named[3623]: all zones loaded
Feb 09 10:50:48 lapmike3 named[3623]: running

Looks much better now!

But the question is whether or not this is a good thing to do?  Does anyone
know if there are any bad consequences to resolving this problem by
changing the permissions of /var/named as I have done above?  If this is a
good solution shouldn't that permission be set that way when the bind
package (bind 9.9.2.P1-1) is initially installed, so that it does not then
need changing after the install?

-- 
mike c

More information about the arch-general mailing list