Resolve error 'the working directory is not writable' by switching into the /tmp/bind directory before executing the bind process

Updated for: Updated for: 9.16.6-r0
Locked down permissions for /etc/bind to absolutely needed ones, while still making sure mapped volumes have the needed permissions to start the container
2020-12-14 11:27:06 +10:30 · 2020-08-31 10:41:33 -04:00 · 2020-05-12 02:04:44 -04:00 · 2020-04-29 23:04:40 -04:00
4 changed files with 14 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
-### ISC BIND9 Container (Stable: 9.14.8_xx) built on top of Alpine
+### ISC BIND9 Container (Stable: 9.16.6_xx) built on top of Alpine
-### Last update: 2-6-20
+### Last update: 8-31-20
-### Latest Stable Docker Tag: 9.14.8-r5
+### Latest Stable Docker Tag: 9.16.6-r0
 NOTE: "Last Update" is the date of the latest DockerHub build.
--- a/container/Dockerfile
+++ b/container/Dockerfile
@ -17,7 +17,7 @@ env BIND_LOG -g
 # NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
 # &
 # Get latest bind.keys
-RUN mkdir -m 0770 -p /etc/bind && chown -R root:named /etc/bind ; \
+RUN mkdir -m 0750 -p /etc/bind && chown -R root:named /etc/bind ; \
    mkdir -m 0770 -p /var/cache/bind && chown -R named:named /var/cache/bind ; \
    wget -q -O /etc/bind/bind.keys https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11 ; \
    rndc-confgen -a
--- a/container/configs/default-zones/db.root
+++ b/container/configs/default-zones/db.root
@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ; 
-;       last update:     January 30, 2018 
+;       last update:     April 29, 2020 
-;       related version of root zone:     2018013001
+;       related version of root zone:     2020042901
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;
--- a/container/entrypoint.sh
+++ b/container/entrypoint.sh
@ -1,9 +1,14 @@
 #!/bin/sh
 OPTIONS=$@
 # "Run Time" changes - needed for when creating a *new* directory/first-time volume map
 # A great example of this is "/var/cache/bind" for dynamic configs, and mapping it in
 # The first time around, it will not be owned by named:named, and thus it won't be writable
 mkdir /tmp/bind
 chown -R root:named /etc/bind /var/run/named
-chown -R named:named /var/cache/bind
+chown -R named:named /var/cache/bind /tmp/bind
-chmod -R 770 /var/cache/bind /var/run/named
+chmod -R 770 /etc/bind /var/cache/bind /var/run/named
-chmod -R 750 /etc/bind
+find /etc/bind /var/cache/bind -type f -exec chmod 640 -- {} +
 # By default - run in foreground and log to STDERR (console)
 # can be changed by running container with: -e "BIND_LOG=-f"
 cd /tmp/bind
 exec /usr/sbin/named -c /etc/bind/named.conf $BIND_LOG -u named $OPTIONS
Author	SHA1	Message	Date
Cory	5a61e5047b	Resolve error 'the working directory is not writable' by switching into the /tmp/bind directory before executing the bind process	2020-12-14 11:27:06 +10:30
Ventz Petkov	17161d55f9	Updated for: Updated for: 9.16.6-r0	2020-08-31 10:41:33 -04:00
Ventz Petkov	d8691b7076	Locked down permissions for /etc/bind to absolutely needed ones, while still making sure mapped volumes have the needed permissions to start the container	2020-05-12 02:04:44 -04:00
Ventz Petkov	b2983bd53f	TWO MAJOR CHANGES: Updated ROOT HINTS file from InterNIC as it was updated 4-29-2020. Also changed the permissions both build and entrypoint (run-time change) to match least permissions needed. This should tighten up the permissions for dynamically generated zones	2020-04-29 23:04:40 -04:00