Odd permissions in /var/named
Hi Everyone,
It would appear that the permissions for /var/named are being changed across several of our cPanel machines to the following:
and this is causing logrotate to fail with this message:
You can reproduce the error by testing logrotate with while those permissions are set: logrotate -d /etc/logrotate.d/named Once I changed permissions back to what many of our other cPanel boxes have, it completes successfully again: chmod 0755 /var/named Also the user and group on my testing machine are named:named, where as the ownership on these affected machines with the error are root:named. I mostly want to know if anyone else has been running into this.
drwxrwx--T 6 root named 4.0K Jan 5 07:40 named/
and this is causing logrotate to fail with this message:
error: skipping "/var/named/named.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.You can reproduce the error by testing logrotate with while those permissions are set: logrotate -d /etc/logrotate.d/named Once I changed permissions back to what many of our other cPanel boxes have, it completes successfully again: chmod 0755 /var/named Also the user and group on my testing machine are named:named, where as the ownership on these affected machines with the error are root:named. I mostly want to know if anyone else has been running into this.
-
The permissions I'm encountering can be set by doing these: chmod 1750 /var/named
Then:chmod o-x /var/named
Sets the sticky bit then removes execute permissions from OTHER.0 -
Hello @El Directo Do you have any examples of this prior to modification? You can see the attributes by using lsattr I don't see why the sticky bit wouldn't be set, as that's not the default. 0
Please sign in to leave a comment.
Comments
2 comments