From: Michal Nowak <mnowak@isc.org>
Date: Thu, 9 Oct 2025 16:43:25 +0000 (+0200)
Subject: Do not run unwritable dump-file check as root
X-Git-Tag: v9.21.18~28^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea48200a721278163bedbd1f3cc51b6b63506853;p=thirdparty%2Fbind9.git

Do not run unwritable dump-file check as root

When run as root, the "chmod -w" command is not an effective guard
against rndc dumping the DB to file.
---

diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index 9ce0cb03da4..0fc13eb7308 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -326,13 +326,17 @@ status=$((status + ret))
 
 n=$((n + 1))
 echo_i "test 'rndc dumpdb' with an unwritable dump-file ($n)"
-ret=0
-touch ns2/named_dump.db
-chmod -w ns2/named_dump.db
-rndc_dumpdb ns2 2>/dev/null && ret=1
-grep -F "failed: permission denied" "rndc.out.test$n" >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
+if [ "$(id -u)" -ne 0 ]; then
+  ret=0
+  touch ns2/named_dump.db
+  chmod -w ns2/named_dump.db
+  rndc_dumpdb ns2 2>/dev/null && ret=1
+  grep -F "failed: permission denied" "rndc.out.test$n" >/dev/null || ret=1
+  if [ $ret != 0 ]; then echo_i "failed"; fi
+  status=$((status + ret))
+else
+  echo_i "skipped, running as root"
+fi
 
 n=$((n + 1))
 echo_i "test 'rndc dumpdb' on a empty cache ($n)"