hi list,
im getting permission denied for updating root.key but the permissions
are as follows with read/write for unbound user/group
-rw-rw-r-- 1 unbound unbound 139 Jul 27 16:28
/usr/local/etc/unbound/root.key
there's no other way to update the anchor other than running as root
?
shmick@riseup.net wrote:
hi list,
im getting permission denied for updating root.key but the permissions
are as follows with read/write for unbound user/group-rw-rw-r-- 1 unbound unbound 139 Jul 27 16:28
/usr/local/etc/unbound/root.keythere's no other way to update the anchor other than running as root
?
i believe unbound-anchor rename()'s the replacement file onto the
existing file, so you will also need permission to write into the
containing directory.
Hi Robert,
Use the `auto-trust-anchor-file` option in `unbound.conf` to move the
trust anchor into a different directory, one which is owned by
unbound:unbound.
For instance:
newrk=/usr/local/etc/unbound/runtime/root.key
sudo mkdir $(dirname $newrk)
sudo chown unbound:unbound $(dirname $newrk)
sudo sed -i -e \
$'s,^\\([ \t]*auto-trust-anchor-file:[ \t]*"\\).*$,\\1'"$newrk\"," \
/usr/local/etc/unbound/unbound.conf
The last command is just an automatic edit of the config file to change
the value of `auto-trust-anchor-file` without having to start a
text-editor, so that you can copy/paste. It assumes the option is
already uncommented (enabled).
Regards,
-Phil
thanka phil, changing the DIR perms certainly did the trick
Phil Pennock: