LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-04-2005, 05:06 AM   #1
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 356

Rep: Reputation: 40
Fedora bind-chroot permissions wrong


Hi,

I am running Bind chrooted on my FC3 machine.

this causes the files to be relative to /var/named/chroot.

In this folder I have an etc/named.conf telling the files are stored in /var/named/. (And this is, again, relative to above directory).

All files are there, that's good. the daemon works well and can find all files...

Additionally, I am using dynamic updates, so DHCP can register new hosts (and I use dns updates using the dynamic update mechanism, not by editing the zone files directly. This results the named daemon to write to journal. All still fine, as long as the files are existent.

As soon as named wants to create a new file though, it bounces back because the '/var/named' folder is owned by root:named and has mode 750. (this is default from the RPM)

Every fifteen minutes I see these log entries:

Aug 4 11:43:53 server named[16187]: dumping master file: tmp-XXXXAVqYmz: open: permission denied
Aug 4 11:43:53 server named[16187]: zone homenet.local/IN: dump failed: permission denied
Aug 4 11:43:53 server named[16187]: dumping master file: tmp-XXXXOE76Mf: open: permission denied
Aug 4 11:43:53 server named[16187]: zone 0.168.192.in-addr.arpa/IN: dump failed: permission denied

As soon as I either chown the directory to named:named, or make it mode 770, the daemon can do its work again... But why would I need to do this action every time my RPMs get updated?

What I mean is: the bind-chroot package is simply not correct in my opinion, unless I have some sort of configuration error...

Can anybody clarify this or help me resolve this issue?
 
Old 08-07-2005, 09:47 PM   #2
antus
LQ Newbie
 
Registered: Oct 2003
Posts: 13

Rep: Reputation: 0
Hi,

Ive just found this post, as ive been receiving the same error while trying to configure a dns secondary on my FC3 server. I have now solved my problem however as there was no reply here I thought i'd come back and add one.

Firstly, named should not need to write anything outside of its chroot, not should it be able to, so therefore the default permissions would seem to be correct. I dont know why your config would be trying to do this?

In my case the problem was as a secondary it was trying to transfer the zone (full path shown, but chrooted operation) /var/named/chroot/var/named/ which was incorrect. I modified my config for my case (adding slaves/)

// serve as secondary for internal
zone "internal" IN {
type slave;
file "slaves/named.internal"; <-- added slaves/ here
// where the primary nameserver lives
masters { 10.0.0.1; };
};

And the permission error went away and all now works well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot and bind rickl Linux - General 2 01-12-2011 02:21 PM
yum Error: NetworkManager conflicts with bind-chroot btb Fedora 1 10-21-2005 03:55 AM
Chroot bind 9.3.0 in slackware 10 - noobie houler Linux - Security 8 04-01-2005 05:53 PM
Bind chroot problem dementiaa Linux - Software 3 12-26-2004 04:14 AM
Bind 9 - Chroot problems Nauseous Linux - Networking 2 11-01-2003 04:51 AM


All times are GMT -5. The time now is 12:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration