[Opendnssec-user] nsd + ods interaction

Paul Wouters paul at cypherpunks.ca
Tue Feb 14 06:26:56 UTC 2012


I ran into some failures when interacting between nsd and ods.

The nsd runs as user/group nsd. opendnssec runs as user/group ods.

Since /etc/nsd contained keys teh directory /etc/nsd was made 750 with
group nsd. I then changed the configuration of /etc/opendnssec/conf.xml
to use user ods, group nsd.

I stopped the enforcer and the signerd. I chgrped /var/opendnssec and
/etc/opendnssec to user nsd. (recursively)

I then started the daemons again using ods-control start. It immediately
started to fail reading files. ps aux told me that one of the ods-
daemons ran as user 'nsd' and the other ran as user 'ods'.

I fixed it by adding the nsd user to the ods group and visa versa. But
I think there might be a bug where setuid/setgid might be mixed up,
but not noticed because everyone runs the same name for user and group.


More information about the Opendnssec-user mailing list