[Opendnssec-user] nsd + ods interaction
paul at cypherpunks.ca
Tue Feb 14 06:26:56 UTC 2012
I ran into some failures when interacting between nsd and ods.
The nsd runs as user/group nsd. opendnssec runs as user/group ods.
Since /etc/nsd contained keys teh directory /etc/nsd was made 750 with
group nsd. I then changed the configuration of /etc/opendnssec/conf.xml
to use user ods, group nsd.
I stopped the enforcer and the signerd. I chgrped /var/opendnssec and
/etc/opendnssec to user nsd. (recursively)
I then started the daemons again using ods-control start. It immediately
started to fail reading files. ps aux told me that one of the ods-
daemons ran as user 'nsd' and the other ran as user 'ods'.
I fixed it by adding the nsd user to the ods group and visa versa. But
I think there might be a bug where setuid/setgid might be mixed up,
but not noticed because everyone runs the same name for user and group.
More information about the Opendnssec-user