I have been unable to find a fix or good solution for this. Since it is bad
for the unbound daemon to have privileges to write to the root.key file, can
we not make unbound not try to write to it at all and have a cronjob that
runs to update it every so often to make sure it is the correct key? It is
not a big deal since it just writes a line in the /var/log/daemon log every
so often. I was just wondering if we could turn that option to write to
root.key in unbound off and then do it with a script that would then change
the owner and permissions of the file to read only and owned by unbound.
Again I couldn't find anything on this to stop the error in the
/var/log/daemon log that didn't give the daemon writeable access to a file
it doesn't need to really have writable access to.