LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   named 9.3.3rc2 log file permission error (https://www.linuxquestions.org/questions/linux-enterprise-47/named-9-3-3rc2-log-file-permission-error-629694/)

jonboede 03-21-2008 01:12 PM
named 9.3.3rc2 log file permission error
 
I am getting:

Mar 21 12:54:42 etcweb named[3220]: logging channel 'log_file' file '/var/named/named.log': permission denied
Mar 21 12:54:42 etcweb named[3220]: isc_log_open '/var/named/named.log' failed: permission denied

From named. My /etc/named.conf has:
Code:
logging {
        channel log_file {
                file "/var/named/named.log" versions 3 size 100M;
                print-time yes;
                print-category yes;
                print-severity yes;
        };
        category lame-servers { null; };
        category default { log_file; };
        category queries { log_file; };
        category xfer-in { log_file; };
        category xfer-out { log_file; };
};
And I have checked that I am not running chroot'd (bind-chroot-admin -d has been run) and when I check it:
Code:
[root@etcweb log]# ps -ef | grep named
named    3220    1  0 12:54 ?        00:00:00 /usr/sbin/named -u named
root      3243  3033  0 12:57 pts/0    00:00:00 grep named
And the permissions on the directory are ok:
Code:
[root@etcweb log]# ls -ld /var /var/named /var/named/named.log
drwxr-xr-x 25 root  root  4096 Mar  3 14:56 /var
drwxr-x---  7 named named 4096 Mar 21 12:47 /var/named
-rw-r--r--  1 named named    0 Mar 21 12:47 /var/named/named.log
But I still get the complaints above in the messages file.

Am running CentOS 5 with bind 9.3.3rc2:
Code:
[root@etcweb log]# uname -r
2.6.18-53.1.14.el5
[root@etcweb log]# named -v
BIND 9.3.3rc2

This is on a slave server. I can see from the master that it's doing zone transfers but the zone files don't seem to be written into the appropriate directories, either.

jonboede 03-21-2008 01:58 PM
Turns out that this is an selinux issue...

See: http://www.isc.org/index.pl?/sw/bind/FAQ.php

Look for: "Why can't named create custom log files?"

unSpawn 03-23-2008 06:23 PM
The direct link is http://www.isc.org/sw/bind/FAQ.php. It provides clear steps how to set up custom named_conf_t, named_cache_t and named_conf_t locations so nobody should need to disable SELinux, which is a good thing.


All times are GMT -5. The time now is 01:45 PM.