From a8277d18aad1adbfbb59e9693529b4453b2bcb8e Mon Sep 17 00:00:00 2001
From: Andreas Gustafsson <source@isc.org>
Date: Tue, 18 Apr 2000 22:17:27 +0000
Subject: [PATCH] install logging configuration after relinquishing root
 privileges to ensure that log files specified in named.conf are created as
 the unprivileged user

---
 bin/named/server.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/bin/named/server.c b/bin/named/server.c
index a64c540f4f..44fa7988d1 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1292,8 +1292,18 @@ load_configuration(const char *filename, ns_server_t *server,
 		server->tkeyctx = t;
 	}
 
+	/*
+	 * Relinquish root privileges.
+	 */
+	if (first_time)
+		ns_os_changeuser(ns_g_username);
+
 	/*
 	 * Configure the logging system.
+	 * 
+	 * Do this after changing UID to make sure that any log 
+	 * files specified in named.conf get created by the
+	 * unprivileged user, not root.
 	 */
 	if (ns_g_logstderr) {
 		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
@@ -1322,9 +1332,6 @@ load_configuration(const char *filename, ns_server_t *server,
 		}
 	}
 
-	if (first_time)
-		ns_os_changeuser(ns_g_username);
-
 	if (dns_c_ctx_getpidfilename(cctx, &pidfilename) ==
 	    ISC_R_NOTFOUND)
 		pidfilename = ns_g_defaultpidfile;