Re: [knot-dns-users] knot 1.2.0 dropping privileges too early

Hi Erwin, are you by any chance starting it with knotc? I realized there is a problem, because knotc needs to create an empty PID file to indicate that knotd instance is starting. But it mustn't drop privileges before starting knotd so it could result in PID file created in an inaccessible location. I have corrected this behavior and knotc start should work well in this case as well (will be included in the next release). In meantime, you can start it with running knotd directly (or knotd -d for daemonized mode). This should correctly drop privileges and run. I am almost thinking that keeping 'knotc start/stop' doesn't bring any extra benefit since it doesn't do anything extra. Cheers, Marek On 23 April 2013 13:13, Erwin Lansing <erwin(a)dk-hostmaster.dk> wrote: Thanks for the 1.2.0, some really nice features in there. I especially like the zonestatus command. I have one problem though. It seems that knot drops its root privileges too early, before trying to bind to the interface. Configured with: system { user bind.bind }; Results in: Apr 23 12:26:26 l knot[25585]: [error] Could not bind to UDP interface 127.0.0.1 port 53. Apr 23 12:26:26 l knot[25585]: [error] Could not bind to UDP interface ::1 port 53. Changing to root.bind, makes it work, hence my guess it's related to dropping privileges. This is on FreeBSD 9.0. Any hints appreciated. Best, Erwin -- Med venlig hilsen/Best Regards Erwin Lansing Network and System Administrator DK Hostmaster A/S Kalvebod Brygge 45, 3. sal 1560 København V Tlf. 33 64 60 60 Fax.: 33 64 60 66 Email: erwin(a)dk-hostmaster.dk Homepage: http://www.dk-hostmaster.dk .dk Danmarks plads på Internettet ------------------------------------------------------------------------- Dette er en e-mail fra DK Hostmaster A/S. Denne e-mail kan indeholde fortrolig information, som kun er til brug for den tiltænkte modtager. Hvis du ved en fejl har modtaget denne e-mail, bedes du venligst straks give afsenderen besked om dette og slette e-mailen fra dit system uden at offentliggøre, videresende eller tage kopi af meddelelsen. This is an email from DK Hostmaster A/S. This message may contain confidential information and is intended solely for the use of the intended addressee. If you are not the intended addressee please notify the sender immediately and delete this e-mail from your system. You are not permitted to disclose, distribute or copy the information in this e-mail. -------------------------------------------------------------------------- _______________________________________________ knot-dns-users mailing list knot-dns-users(a)lists.nic.cz https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users