Maintained by: NLnet Labs

[Unbound-users] could not open autotrust file for writing

Phil Pennock
Tue Jul 30 21:14:19 CEST 2013


On 2013-07-30 at 13:38 +1000, shmick at riseup.net wrote:
> im getting permission denied for updating root.key but the permissions
> are as follows with read/write for unbound user/group
> 
> -rw-rw-r-- 1 unbound unbound 139 Jul 27 16:28
> /usr/local/etc/unbound/root.key
> 
> there's no other way to update the anchor other than running as root

Use the `auto-trust-anchor-file` option in `unbound.conf` to move the
trust anchor into a different directory, one which is owned by
unbound:unbound.

For instance:

    newrk=/usr/local/etc/unbound/runtime/root.key
    sudo mkdir $(dirname $newrk)
    sudo chown unbound:unbound $(dirname $newrk)
    sudo sed -i -e \
      $'s,^\\([ \t]*auto-trust-anchor-file:[ \t]*"\\).*$,\\1'"$newrk\"," \
      /usr/local/etc/unbound/unbound.conf

The last command is just an automatic edit of the config file to change
the value of `auto-trust-anchor-file` without having to start a
text-editor, so that you can copy/paste.  It assumes the option is
already uncommented (enabled).

Regards,
-Phil