1. Remove the named_rcng variable. Mike's caution in this area was a good

thing, but we're ready to move on.

2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.

3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].

4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.

5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.

There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.

Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush

2 files changed, 5 insertions, 23 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index fe84b8d6c352..d6b76d805c27 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -145,12 +145,9 @@ inetd_flags="-wW -C 60"		# Optional flags to inetd
 # named.  It may be possible to run named in a sandbox, man security for
 # details.
 #
-named_rcng="NO"			# XXX Temporary. Enable to use new rc
-				#    functionality in support of named. See
-				#    variables below.
 named_enable="NO"		# Run named, the DNS server (or NO).
 named_program="/usr/sbin/named"	# path to named, if you want a different one.
-named_flags="-u bind -g bind"	# Flags for named
+named_flags="-u bind" 		# Flags for named
 named_pidfile="/var/run/named/pid" # Pid file
 named_chrootdir=""		# Chroot directory (or "" not to auto-chroot it)
 named_chroot_autoupdate="YES"	# Automatically install/update chrooted
diff --git a/etc/rc.d/named b/etc/rc.d/named
index 0d4cb9d4b3ed..eb0d4545bca4 100755
--- a/etc/rc.d/named
+++ b/etc/rc.d/named
@@ -13,12 +13,9 @@
 
 name="named"
 rcvar=`set_rcvar`
-command="/usr/sbin/${name}"
 start_precmd="named_precmd"
 required_dirs="$named_chrootdir"	# if it is set, it must exist
 extra_commands="reload"
-nuser=bind
-ngroup=bind
 
 # If running in a chroot cage, ensure that the appropriate files
 # exist inside the cage, as well as helper symlinks into the cage
@@ -64,28 +61,16 @@ make_symlinks()
 {
 	ln -fs "${named_chrootdir}${named_pidfile}" ${named_pidfile}
 	ln -fs "${named_chrootdir}/var/run/ndc" /var/run/ndc
-
 }
 
 named_precmd()
 {
-	! checkyesno named_rcng && return 0
 	# Is the user using a sandbox?
-	if [ -z "$named_chrootdir" ]; then
-		rc_flags="-u $nuser -g $ngroup $rc_flags"
-		return 0
+	if [ -n "$named_chrootdir" ]; then
+		rc_flags="$rc_flags -t $named_chrootdir"
+		checkyesno named_chroot_autoupdate && chroot_autoupdate
+		checkyesno named_symlink_enable && make_symlinks
 	fi
-
-	# Do the following checks only if the user wants them done
-	checkyesno named_chroot_autoupdate && chroot_autoupdate
-
-	# Make the symlinks only if the user wants them done.
-	checkyesno named_symlink_enable && make_symlinks
-
-	#       Change run_rc_commands()'s internal copy of $named_flags
-	#
-	! checkyesno named_rcng && return
-	rc_flags="-u $nuser -g $ngroup -t ${named_chrootdir} $rc_flags"
 }
 
 load_rc_config $name