Opened 9 years ago

Closed 6 years ago

#1042 closed enhancement (wontfix)

default value for sysconfdir

Reported by: cas Owned by:
Priority: medium Milestone: Remaining BIND10 tickets
Component: configuration Version: bind10-old
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: Core Feature Depending on Ticket:
Estimated Difficulty: 2.0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

sysconfdir is currently set to /usr/local/etc by default.

On some installations, the /usr filesystem is mounted read-only

having sysconfdir set to /etc by default would align with the standards of other Unix daemons (such as BIND9)

Subtickets

Change History (8)

comment:1 Changed 9 years ago by shane

  • Milestone changed from New Tasks to Next-Sprint-Proposed

comment:2 Changed 9 years ago by jinmei

Like #1041, I'm not sure if we really want to address it. But I see this is a more convincing issue
in that it's related to compatibility with BIND 9.

comment:3 Changed 9 years ago by stephen

  • Estimated Difficulty changed from 0.0 to 2

comment:4 Changed 8 years ago by jreed

As for me, I always disliked BIND 9's configuration magic for this. It is not standard and causes admins to do an extra step to workaround this, usually after a complete install that they notice is wrong (in other words make it behave like other open source software).

comment:5 Changed 8 years ago by cas

As an Unix admin I expect configuration files in either /etc or /etc/<productname> by default.

I have seen (and actually written and implemented) security policies for Internet facing systems where /usr had to be a read-only mount.

On Solaris and Linux I usually have the DNS Server inside a container (LXC or Solaris Zones) where /usr is mapped/mounted from the host base OS and is read-only. Inside such containers, only /etc and /var are writeable.

This is usually done to prevent an attacker to change the binaries below /usr

comment:6 Changed 8 years ago by shane

Hm... sorry we seem to have dropped this issue! :(

Carsten, can we discuss this on the bind10-dev list and see if we can get wider feedback on how we should do this by default?

(Note that I have no personal preference as I always use /opt/bind10 for my BIND 10 installs.) :)

comment:7 Changed 6 years ago by tomek

  • Milestone set to Remaining BIND10 tickets

comment:8 Changed 6 years ago by tomek

  • Resolution set to wontfix
  • Status changed from new to closed
  • Version set to old-bind10

This issue is related to bind10 code that is no longer part of Kea.

If you are interested in BIND10/Bundy framework or its DNS components,
please check http://bundy-dns.de.

Closing ticket.

Note: See TracTickets for help on using tickets.