- Document write permission to directory of trust anchor needed.

git-svn-id: file:///svn/unbound/trunk@3730 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 5521c64005b1d849cc505d79e8ae9e7c0c7b5772..5e900978722733ac306a4ad0db287282175b3b89 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 27 May 2016: Wouter
        - Fix #770: Small subgroup attack on DH used in unix pipe on localhost
          if unbound control uses a unix local named pipe.
+       - Document write permission to directory of trust anchor needed.
 
 26 May 2016: Wouter
        - Updated patch from Charles Walker.

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 41ef66c711e025481bcb8e8fca545611e3abc9b5..2b08411be473237755b88df002998ca5022893a8 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -706,7 +706,9 @@ File with trust anchor for one zone, which is tracked with RFC5011 probes.
 The probes are several times per month, thus the machine must be online
 frequently.  The initial file can be one with contents as described in
 \fBtrust\-anchor\-file\fR.  The file is written to when the anchor is updated,
-so the unbound user must have write permission.
+so the unbound user must have write permission.  Write permission to the file,
+but also to the directory it is in (to create a temporary file, which is
+necessary to deal with filesystem full events).
 .TP
 .B trust\-anchor: \fI<"Resource Record">
 A DS or DNSKEY RR for a key to use for validation. Multiple entries can be