[Opendnssec-user] permissions on signed zone files

Jan-Piet Mens list at mens.de
Thu Mar 7 18:51:07 UTC 2024

>that file is in the primary zone directly put there by ods-signer after
>signing.  bind can not read it because of the restrictive perms.

unless these are permissions explicitly set by OpenDNSSEC (which imo would be a
bug), it looks a bit as though umask is 066 when the signer is launched.

Can you modify ODS' startup to explicitly set umask 022?


More information about the Opendnssec-user mailing list