2486. [func] The default locations for named.pid and lwresd.pid

are now /var/run/named/named.pid and /var/run/lwresd/lwresd.pid respectively. This allows the owner of the containing directory to be set, for "named -u" support, and allows there to be a permanent symbolic link in the path, for "named -t" support. [RT #18306]

2486. [func] The default locations for named.pid and lwresd.pid
are now /var/run/named/named.pid and /var/run/lwresd/lwresd.pid respectively. This allows the owner of the containing directory to be set, for "named -u" support, and allows there to be a permanent symbolic link in the path, for "named -t" support. [RT #18306]
f6f1672b · Mark Andrews · 1f3e0508 · f6f1672b · f6f1672b · f6f1672b
Commit f6f1672b authored Nov 06, 2008 by Mark Andrews
--- a/CHANGES
+++ b/CHANGES
+2486.	[func]		The default locations for named.pid and lwresd.pid
+			are now /var/run/named/named.pid and
+			/var/run/lwresd/lwresd.pid respectively.
+
+			This allows the owner of the containing directory
+			to be set, for "named -u" support, and allows there
+			to be a permanent symbolic link in the path, for
+			"named -t" support.  [RT #18306]
+
 2485.	[bug]		Change update's the handling of obscured RRSIG
 			records.  Not all orphand DS records were being
 			removed. [RT #18828]

--- a/README
+++ b/README
@@ -56,6 +56,9 @@ BIND 9.6.0
        The BIND 8 resolver library, libbind, has been removed from the
        BIND 9 distribution and is now available as a separate download.

+	Change the default pid file location from /var/run to
+	/var/run/{named,lwresd} for improved chroot/setuid support.
+
 BIND 9.5.0

 	BIND 9.5.0 has a number of new features over 9.4,
@@ -451,6 +454,9 @@ Building
 		To disable the default check set.  -DCHECK_SIBLING=0
 		named-checkzone checks out-of-zone addresses by default.
 		To disable this default set.  -DCHECK_LOCAL=0
+		To create the default pid files in ${localstatedir}/run rather
+		than ${localstatedir}/run/{named,lwresd}/ set.
+		  -DNS_RUN_PID_DIR=0

 	    LDFLAGS
 		Linker flags. Defaults to empty string.

--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: config.c,v 1.92 2008/09/27 23:35:31 jinmei Exp $ */
+/* $Id: config.c,v 1.93 2008/11/06 05:30:24 marka Exp $ */

 /*! \file */

@@ -69,7 +69,7 @@ options {\n\
 	memstatistics-file \"named.memstats\";\n\
 	multiple-cnames no;\n\
 #	named-xfer <obsolete>;\n\
-#	pid-file \"" NS_LOCALSTATEDIR "/named.pid\"; /* or /lwresd.pid */\n\
+#	pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\
 	port 53;\n\
 	recursing-file \"named.recursing\";\n\
 "

--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: globals.h,v 1.77 2008/10/24 01:08:21 marka Exp $ */
+/* $Id: globals.h,v 1.78 2008/11/06 05:30:24 marka Exp $ */

 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
@@ -42,6 +42,10 @@
 #define INIT(v)
 #endif

+#ifndef NS_RUN_PID_DIR
+#define NS_RUN_PID_DIR 1
+#endif
+
 EXTERN isc_mem_t *		ns_g_mctx		INIT(NULL);
 EXTERN unsigned int		ns_g_cpus		INIT(0);
 EXTERN isc_taskmgr_t *		ns_g_taskmgr		INIT(NULL);
@@ -109,9 +113,17 @@ EXTERN isc_boolean_t		ns_g_foreground		INIT(ISC_FALSE);
 EXTERN isc_boolean_t		ns_g_logstderr		INIT(ISC_FALSE);

 EXTERN const char *		ns_g_defaultpidfile 	INIT(NS_LOCALSTATEDIR
-							     "/run/named.pid");
+							     "/run/"
+#if NS_RUN_PID_DIR
+							     "named/"
+#endif
+ 						     	     "named.pid");
 EXTERN const char *		lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
-							    "/run/lwresd.pid");
+							     "/run/"
+#if NS_RUN_PID_DIR
+							     "lwresd/"
+#endif
+							     "lwresd.pid");
 EXTERN const char *		ns_g_username		INIT(NULL);

 EXTERN int			ns_g_listen		INIT(3);

--- a/bin/named/lwresd.docbook
+++ b/bin/named/lwresd.docbook
@@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- $Id: lwresd.docbook,v 1.17 2008/09/25 04:02:38 tbox Exp $ -->
+<!-- $Id: lwresd.docbook,v 1.18 2008/11/06 05:30:24 marka Exp $ -->
 <refentry>
  <refentryinfo>
    <date>June 30, 2000</date>
@@ -199,7 +199,7 @@
          <para>
            Use <replaceable class="parameter">pid-file</replaceable> as the
            PID file instead of the default,
-            <filename>/var/run/lwresd.pid</filename>.
+            <filename>/var/run/lwresd/lwresd.pid</filename>.
          </para>
        </listitem>
      </varlistentry>

--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- $Id: named.docbook,v 1.22 2008/09/23 17:25:47 jinmei Exp $ -->
+<!-- $Id: named.docbook,v 1.23 2008/11/06 05:30:24 marka Exp $ -->
 <refentry id="man.named">
  <refentryinfo>
    <date>June 30, 2000</date>
@@ -391,7 +391,7 @@
      </varlistentry>

      <varlistentry>
-        <term><filename>/var/run/named.pid</filename></term>
+        <term><filename>/var/run/named/named.pid</filename></term>
        <listitem>
          <para>
            The default process-id file.

--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: os.c,v 1.87 2008/10/24 01:44:48 tbox Exp $ */
+/* $Id: os.c,v 1.88 2008/11/06 05:30:24 marka Exp $ */

 /*! \file */

@@ -645,6 +645,9 @@ ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
 	pid_t pid;
 	char strbuf[ISC_STRERRORSIZE];
 	void (*report)(const char *, ...);
+	unsigned int mode;
+	char *slash;
+	int n;

 	/*
 	 * The caller must ensure any required synchronization.
@@ -667,6 +670,27 @@ ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
 	/* This is safe. */
 	strcpy(pidfile, filename);

+	/*
+	 * Make the containing directory if it doesn't exist.
+	 */
+	slash = strrchr(pidfile, '/');
+	if (slash != NULL && slash != pidfile) {
+		*slash = '\0';
+		mode = S_IRUSR | S_IWUSR | S_IXUSR;	/* u=rwx */
+		mode |= S_IRGRP | S_IXGRP;		/* g=rx */
+		mode |= S_IROTH | S_IXOTH;		/* o=rx */
+		n = mkdir(pidfile, mode);
+		if (n == -1 && errno != EEXIST) {
+			isc__strerror(errno, strbuf, sizeof(strbuf));
+			(*report)("couldn't mkdir %s': %s", filename,
+				  strbuf);
+			free(pidfile);
+			pidfile = NULL;
+			return;
+		}
+		*slash = '/';
+	}
+
 	fd = safe_open(filename, ISC_FALSE);
 	if (fd < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));

--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->
  
-<!-- File: $Id: Bv9ARM-book.xml,v 1.378 2008/11/04 01:55:59 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.379 2008/11/06 05:30:24 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
  <title>BIND 9 Administrator Reference Manual</title>
  
@@ -4797,7 +4797,8 @@ category notify { null; };
            <listitem>
              <para>
                The pathname of the file the server writes its process ID
-                in. If not specified, the default is <filename>/var/run/named.pid</filename>.
+                in. If not specified, the default is
+		<filename>/var/run/named/named.pid</filename>.
                The pid-file is used by programs that want to send signals to
                the running
                name server. Specifying <command>pid-file none</command> disables the