install logging configuration after relinquishing root privileges

to ensure that log files specified in named.conf are created as the unprivileged user
2025-08-28 21:17:54 +00:00 · 2000-04-18 22:17:27 +00:00 · 2000-04-18 22:17:27 +00:00 · a8277d18aa
commit a8277d18aa
parent e0a43acbb7
1 changed files with 10 additions and 3 deletions
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -1292,8 +1292,18 @@ load_configuration(const char *filename, ns_server_t *server,
 		server->tkeyctx = t;
 	}

+	/*
+	 * Relinquish root privileges.
+	 */
+	if (first_time)
+		ns_os_changeuser(ns_g_username);
+
 	/*
 	 * Configure the logging system.
+	 * 
+	 * Do this after changing UID to make sure that any log 
+	 * files specified in named.conf get created by the
+	 * unprivileged user, not root.
 	 */
 	if (ns_g_logstderr) {
 		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
@ -1322,9 +1332,6 @@ load_configuration(const char *filename, ns_server_t *server,
 		}
 	}

-	if (first_time)
-		ns_os_changeuser(ns_g_username);
-
 	if (dns_c_ctx_getpidfilename(cctx, &pidfilename) ==
 	    ISC_R_NOTFOUND)
 		pidfilename = ns_g_defaultpidfile;