[Pdns-users] pdns-recursor Permissions Error
Brian Candler
b.candler at pobox.com
Fri Jan 10 11:30:05 UTC 2020
On 10/01/2020 11:07, Sharone wrote:
> I have attempted to comment out the line /extend pdns-rec
> /usr/local/bin/pdns_stats /in snmpd.conf file and still gotten the
> same error, however changing permissions to the entire directory to
> rwx worked but like you mentioned this indeed brings about a security
> issue.
Oh well, if that works, you just do tighter permissions - e.g. changing
the directory *group* to "snmp" or "Debian-snmp" as appropriate, and
setting mode 775.
This is what out-of-box recursor has:
root at cache1:~# ls -ld /var/run/pdns-recursor
drwxr-xr-x 2 pdns pdns 60 Dec 12 12:49 /var/run/pdns-recursor
root at cache1:~# ls -l /var/run/pdns-recursor/
total 0
srwxr-xr-x 1 pdns pdns 0 Dec 12 12:49 pdns_recursor.controlsocket
Using pdns:snmp and mode 775 should be fine.
See also the perms for the socket itself:
https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode
HTH,
Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200110/a8c2c37c/attachment.htm>
More information about the Pdns-users
mailing list