root.hints permissions

[brotherla]

sometimes, during interface reset, unbound config is regenerated/reloaded and I'm getting errors in unbound log like this:

 error: could not read root hints /root.hints: Permission denied

it looks like there could be 2 reasons for that:

1. race condition: /var/unbound/unbound.conf file is regenerated , which triggers unbound process to reread it and thus reload root.hints, but at the same time new root.hints is created
2. actually wrong permissions, default ones are 0600, so if there is some mismatch between file owner and unbound user - unbound cannot read it

so, by moving root.hints generation before unbound.conf generation and setting permissions to 0644 we can eliminate both reasons

usually rename preserves source file permissions, this is why permissions are set before rename, but to be 101% sure - chmod is used again after rename

[fichtner]

I don’t mind adding chmod but moving the spot is probably not a good idea when we already talk race conditions.

[brotherla]

I don’t mind adding chmod but moving the spot is probably not a good idea when we already talk race conditions.

@fichtner why? by moving root.hints file generation before we make sure that during main conf file creation hints are already there and nobody is touching them

[fichtner]

The history of this repeated tweaking is reason enough to be careful if you want to read it don’t take my word for it.

[brotherla]

The history of this repeated tweaking is reason enough to be careful if you want to read it don’t take my word for it.

@fichtner I'm not sure that I understand you, what should I read? why moving the spot is not good idea?