- Document write permission to directory of trust anchor needed.

git-svn-id: file:///svn/unbound/trunk@3730 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2016-05-27 07:51:35 +00:00 · 2016-05-27 07:51:35 +00:00 · 709d450bd7
commit 709d450bd7
parent cffec5e0fe
2 changed files with 4 additions and 1 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,6 +1,7 @@
 27 May 2016: Wouter
 	- Fix #770: Small subgroup attack on DH used in unix pipe on localhost
 	  if unbound control uses a unix local named pipe.
+	- Document write permission to directory of trust anchor needed.

 26 May 2016: Wouter
 	- Updated patch from Charles Walker.
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -706,7 +706,9 @@ File with trust anchor for one zone, which is tracked with RFC5011 probes.
 The probes are several times per month, thus the machine must be online
 frequently.  The initial file can be one with contents as described in
 \fBtrust\-anchor\-file\fR.  The file is written to when the anchor is updated,
-so the unbound user must have write permission.
+so the unbound user must have write permission.  Write permission to the file,
+but also to the directory it is in (to create a temporary file, which is
+necessary to deal with filesystem full events).
 .TP
 .B trust\-anchor: \fI<"Resource Record">
 A DS or DNSKEY RR for a key to use for validation. Multiple entries can be