diff options
| -rw-r--r-- | etc/defaults/rc.conf | 3 | ||||
| -rwxr-xr-x | etc/rc.d/named | 67 | ||||
| -rw-r--r-- | share/man/man5/rc.conf.5 | 7 |
3 files changed, 53 insertions, 24 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 0acb903..3c28fdb 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -197,8 +197,9 @@ inetd_flags="-wW -C 60" # Optional flags to inetd # named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # path to named, if you want a different one. -named_flags="-u bind" # Flags for named +#named_flags="" # Flags for named named_pidfile="/var/run/named/pid" # Must set this in named.conf as well +named_uid="bind" # User to run named as named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) named_chroot_autoupdate="YES" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. diff --git a/etc/rc.d/named b/etc/rc.d/named index e2246ff..bcfdd71 100755 --- a/etc/rc.d/named +++ b/etc/rc.d/named @@ -1,24 +1,25 @@ #!/bin/sh # -# $NetBSD: named,v 1.10 2002/03/22 04:33:59 thorpej Exp $ # $FreeBSD$ # # PROVIDE: named # REQUIRE: SERVERS cleanvar -# BEFORE: DAEMON # KEYWORD: shutdown . /etc/rc.subr name="named" -rcvar=`set_rcvar` -command="/usr/sbin/${name}" +rcvar=named_enable + +command="/usr/sbin/named" +extra_commands="reload" + start_precmd="named_precmd" start_postcmd="make_symlinks" +reload_cmd="named_reload" +stop_cmd="named_stop" stop_postcmd="named_poststop" -required_dirs="$named_chrootdir" # if it is set, it must exist -extra_commands="reload" # If running in a chroot cage, ensure that the appropriate files # exist inside the cage, as well as helper symlinks into the cage @@ -33,7 +34,7 @@ chroot_autoupdate() { # Create (or update) the chroot directory structure # - if [ -f /etc/mtree/BIND.chroot.dist ]; then + if [ -r /etc/mtree/BIND.chroot.dist ]; then mtree -deU -f /etc/mtree/BIND.chroot.dist \ -p ${named_chrootdir} else @@ -54,7 +55,6 @@ chroot_autoupdate() else # Make sure it points to the right place. ln -shf ${named_chrootdir}/etc/namedb /etc/namedb - fi # Mount a devfs in the chroot directory if needed @@ -66,9 +66,9 @@ chroot_autoupdate() # Copy local timezone information if it is not up to date. # - if [ -f /etc/localtime ]; then - cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \ - cp -p /etc/localtime "${named_chrootdir}/etc/localtime" + if [ -r /etc/localtime ]; then + cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || + cp -p /etc/localtime "${named_chrootdir}/etc/localtime" fi } @@ -77,25 +77,40 @@ chroot_autoupdate() make_symlinks() { checkyesno named_symlink_enable && - ln -fs "${named_chrootdir}${pidfile}" ${pidfile} + ln -fs "${named_chrootdir}${pidfile}" ${pidfile} +} + +named_reload() +{ + rndc reload +} + +named_stop() +{ + echo -n "Stopping named" + if rndc stop 2>/dev/null; then + echo . + else + echo -n ": rndc failed, trying killall: " + if killall named; then + echo . + fi + fi } named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then umount ${named_chrootdir}/dev 2>/dev/null || true fi } named_precmd() { - local confgen_chroot - # Is the user using a sandbox? # if [ -n "$named_chrootdir" ]; then rc_flags="$rc_flags -t $named_chrootdir" - confgen_chroot="-t${named_chrootdir} -u bind" checkyesno named_chroot_autoupdate && chroot_autoupdate else named_symlink_enable=NO @@ -103,16 +118,26 @@ named_precmd() # Create an rndc.key file for the user if none exists # - if [ ! -f "${named_chrootdir}/etc/namedb/rndc.key" -a \ - ! -f "${named_chrootdir}/etc/namedb/rndc.conf" ]; then - rndc-confgen -a -b256 ${confgen_chroot} + if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then + return 0 + fi + confgen_command="rndc-confgen -a -b256 -u $named_uid \ + -c ${named_chrootdir}/etc/namedb/rndc.key" + if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then + if [ ! `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` = \ + "$named_uid" ]; then + $confgen_command + fi + else + $confgen_command fi } load_rc_config $name -# The following variable requires that rc.conf be loaded first +# Updating the following variables requires that rc.conf be loaded first # required_dirs="$named_chrootdir" # if it is set, it must exist -pidfile="${named_pidfile:-/var/run/${name}/pid}" +pidfile="${named_pidfile:-/var/run/named/pid}" +command_args="-u ${named_uid:=root}" run_rc_command "$1" diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index d4d4627..c430d5a 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 3, 2006 +.Dd February 13, 2006 .Dt RC.CONF 5 .Os .Sh NAME @@ -1448,8 +1448,11 @@ these are the flags to pass to This is the default path to the .Xr named 8 daemon's PID file. -Change it if you change the location in +This must match the location in .Xr named.conf 5 . +.It Va named_uid +.Pq Vt str +The user that the named process should be run as. .It Va named_chrootdir .Pq Vt str The root directory for a name server run in a |
