Maintained by: NLnet Labs

[Unbound-users] could not open autotrust file for writing

shmick at riseup.net
Thu Aug 1 04:24:38 CEST 2013


thanka phil, changing the DIR perms certainly did the trick

Phil Pennock:
> On 2013-07-30 at 13:38 +1000, shmick at riseup.net wrote:
>> im getting permission denied for updating root.key but the permissions
>> are as follows with read/write for unbound user/group
>>
>> -rw-rw-r-- 1 unbound unbound 139 Jul 27 16:28
>> /usr/local/etc/unbound/root.key
>>
>> there's no other way to update the anchor other than running as root
> 
> Use the `auto-trust-anchor-file` option in `unbound.conf` to move the
> trust anchor into a different directory, one which is owned by
> unbound:unbound.
> 
> For instance:
> 
>     newrk=/usr/local/etc/unbound/runtime/root.key
>     sudo mkdir $(dirname $newrk)
>     sudo chown unbound:unbound $(dirname $newrk)
>     sudo sed -i -e \
>       $'s,^\\([ \t]*auto-trust-anchor-file:[ \t]*"\\).*$,\\1'"$newrk\"," \
>       /usr/local/etc/unbound/unbound.conf
> 
> The last command is just an automatic edit of the config file to change
> the value of `auto-trust-anchor-file` without having to start a
> text-editor, so that you can copy/paste.  It assumes the option is
> already uncommented (enabled).
> 
> Regards,
> -Phil
>