From: Wouter Wijngaards Date: Fri, 27 May 2016 07:51:35 +0000 (+0000) Subject: - Document write permission to directory of trust anchor needed. X-Git-Tag: release-1.5.9rc1~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=709d450bd7a84b40c8880977cc042125b20e5d71;p=thirdparty%2Funbound.git - Document write permission to directory of trust anchor needed. git-svn-id: file:///svn/unbound/trunk@3730 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 5521c6400..5e9009787 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 27 May 2016: Wouter - Fix #770: Small subgroup attack on DH used in unix pipe on localhost if unbound control uses a unix local named pipe. + - Document write permission to directory of trust anchor needed. 26 May 2016: Wouter - Updated patch from Charles Walker. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 41ef66c71..2b08411be 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -706,7 +706,9 @@ File with trust anchor for one zone, which is tracked with RFC5011 probes. The probes are several times per month, thus the machine must be online frequently. The initial file can be one with contents as described in \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, -so the unbound user must have write permission. +so the unbound user must have write permission. Write permission to the file, +but also to the directory it is in (to create a temporary file, which is +necessary to deal with filesystem full events). .TP .B trust\-anchor: \fI<"Resource Record"> A DS or DNSKEY RR for a key to use for validation. Multiple entries can be