LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-31-2009, 05:50 PM   #1
Toadman
Member
 
Registered: Aug 2002
Location: Texas
Distribution: Ubuntu 14.04 LTS
Posts: 167

Rep: Reputation: 15
named - the working directory is not writable


Mandriva 2009.1 Bind 9.6.0-P1. Mandriva downloaded a security update
this yesterday morning for Bind. When restarting I noticed the above line in my syslog. Running

[root@localhost ~]# named-checkconf -z
/etc/named.conf:17: open: /etc/bogon_acl.conf: file not found

The permissions for the files in /var/lib/named/etc are:

-rw-r--r-- 1 root root 1966 2009-07-29 07:57 bogon_acl.conf
-rw-r--r-- 1 root root 42 2009-07-29 07:57 hosts
-rw-r--r-- 1 root root 3543 2009-07-30 17:09 localtime
-rw-r--r-- 1 root root 2165 2009-05-13 20:44 logging.conf
-rw-r--r-- 1 root root 2123 2009-03-08 09:11 logging.conf~
-rw-r--r-- 1 root root 2165 2009-05-03 19:03 logging.conf.rpmsave
-rw-r--r-- 1 root root 3950 2009-05-09 20:06 named.conf
-rw-r--r-- 1 root root 4125 2009-05-09 19:38 named.conf.rpmsave
-rw-r----- 1 root named 350 2009-05-09 19:56 rndc.conf
-rw-r----- 1 root named 350 2009-05-03 15:31 rndc.conf.rpmsave
-rw-r----- 1 root named 259 2009-05-09 19:56 rndc.key
-rw-r----- 1 root named 259 2009-05-03 15:31 rndc.key.rpmsave
-rw-r--r-- 1 root root 627 2009-07-29 07:57 trusted_networks_acl.conf

Permissions for /var/lib/named

[chris@localhost named]$ ls -l
total 16
drwxr-xr-x 2 root root 4096 2009-07-29 07:57 dev/
drwxr-xr-x 2 root root 4096 2009-07-30 17:09 etc/
-rw-r--r-- 1 root root 2954 2009-02-15 05:18 named.ca
dr-xr-xr-x 173 root root 0 2009-07-08 19:44 proc/
drwxr-xr-x 6 root root 4096 2009-07-29 07:57 var/

Permissions for /var/lib/named/var

[chris@localhost var]$ ls -l
total 16
drwxr-xr-x 3 named named 4096 2009-07-29 07:57 log/
drwxr-xr-x 5 root root 4096 2009-07-30 06:11 named/
drwxr-xr-x 2 named named 4096 2009-07-30 17:09 run/
drwxr-xr-x 2 named named 4096 2009-07-29 07:57 tmp/

File permissions in /var/lib/named/var/named:

[chris@localhost named]$ ls -l
total 16
drwxr-xr-x 2 named named 4096 2009-07-30 06:11 master/
-rw-r--r-- 1 root root 2954 2009-07-29 07:57 named.ca
drwxr-xr-x 2 named named 4096 2009-07-30 06:11 reverse/
drwxr-xr-x 2 named named 4096 2009-07-29 07:57 slaves/

Or is everything ok and the the line in the subject can be ignored?

Thanks
Chris

Note - I'm only using bind as a local caching name server on my stand
alone, single user box to speed up spam processing.

Thanks for any advice

Chris
 
Old 08-01-2009, 02:38 PM   #2
rishipandit007
Member
 
Registered: Oct 2006
Distribution: Debian, Ubuntu, Centos
Posts: 36

Rep: Reputation: 17
Hi Chris,

>/etc/named.conf:17: open: /etc/bogon_acl.conf: file not found

Could you try creating a link in /etc using the following command:
#ln -s /var/lib/named/etc/bogon_acl.conf /etc

And possibly, you can fix it right away by giving permissions to the user under which bind is being running(probably named or bind).

#chown bind.bind /var/lib/named/*

And before making this changes please take the backup using the following command:

cp -av /var/lib/named /var/lib/named.bak (just in case, though you have mentioned that you're just using it for caching.)

Hope this helps.
 
Old 08-01-2009, 04:47 PM   #3
Toadman
Member
 
Registered: Aug 2002
Location: Texas
Distribution: Ubuntu 14.04 LTS
Posts: 167

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by rishipandit007 View Post
Hi Chris,

>/etc/named.conf:17: open: /etc/bogon_acl.conf: file not found

Could you try creating a link in /etc using the following command:
#ln -s /var/lib/named/etc/bogon_acl.conf /etc

And possibly, you can fix it right away by giving permissions to the user under which bind is being running(probably named or bind).

#chown bind.bind /var/lib/named/*

And before making this changes please take the backup using the following command:

cp -av /var/lib/named /var/lib/named.bak (just in case, though you have mentioned that you're just using it for caching.)

Hope this helps.
I created the link however when I went to make the backup it choked when copying over the /var/lib/named/proc folder. Named will start with no errors except the "the working directory is not writable" note:

Aug 1 16:40:29 localhost named[7833]: starting BIND 9.6.0-P1 -u named -t /var/lib/named
Aug 1 16:40:29 localhost named[7833]: built with 'i586-mandriva-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/lib' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--x-includes=/usr/include' '--x-libraries=/usr/lib' '--localstatedir=/var' '--disable-openssl-version-check' '--enable-threads' '--enable-largefile' '--enable-ipv6' '--enable-epoll' '--with-openssl=/usr/include/openssl' '--with-gssapi=/usr' '--disable-isc-spnego' '--with-randomdev=/dev/urandom' '--with-libxml2=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-bdb=no' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-odbc=no' '--with-dlz-stub=yes' 'build_alias=i586-mandriva-linux-gnu' 'host_alias=i586-mandriva-linux-gnu' 'target_alias=i586-mandriva-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_F
Aug 1 16:40:29 localhost named[7833]: found 1 CPU, using 1 worker thread
Aug 1 16:40:29 localhost named[7833]: using up to 4096 sockets
Aug 1 16:40:29 localhost named[7833]: loading configuration from '/etc/named.conf'
Aug 1 16:40:29 localhost named[7833]: max open files (1024) is smaller than max sockets (4096)
Aug 1 16:40:29 localhost named[7833]: statistics channel listening on 127.0.0.1#5380
Aug 1 16:40:29 localhost named[7833]: using default UDP/IPv4 port range: [1024, 65535]
Aug 1 16:40:29 localhost named[7833]: using default UDP/IPv6 port range: [1024, 65535]
Aug 1 16:40:29 localhost named[7833]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 1 16:40:29 localhost named[7833]: listening on IPv4 interface eth0, 192.168.2.2#53
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 127.IN-ADDR.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 254.169.IN-ADDR.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: D.F.IP6.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 8.E.F.IP6.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 9.E.F.IP6.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: A.E.F.IP6.ARPA
Aug 1 16:40:29 localhost named[7833]: automatic empty zone: B.E.F.IP6.ARPA
Aug 1 16:40:29 localhost named[7833]: command channel listening on 127.0.0.1#953
Aug 1 16:40:29 localhost named[7833]: the working directory is not writable

Just what is the "working directory"

Chris
 
Old 08-01-2009, 05:07 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,937

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
Quote:
Aug 1 16:40:29 localhost named[7833]: starting BIND 9.6.0-P1 -u named -t /var/lib/named
From the above it looks like you are running named chrooted in /var/lib/named. So your working dir should be /var/lib/named/var/named. Since bind is running under user named, you should:
Code:
chown -R named:named /var/lib/named/var/named

Last edited by bathory; 08-01-2009 at 05:09 PM.
 
Old 08-01-2009, 06:06 PM   #5
Toadman
Member
 
Registered: Aug 2002
Location: Texas
Distribution: Ubuntu 14.04 LTS
Posts: 167

Original Poster
Rep: Reputation: 15
Thank you that seems to have fixed the problem. Perissons look right now:

[root@localhost ~]# ls -l /var/lib/named/var
total 16
drwxr-xr-x 3 named named 4096 2009-07-29 07:57 log/
drwxr-xr-x 5 named named 4096 2009-07-30 06:11 named/
drwxr-xr-x 2 named named 4096 2009-08-01 17:51 run/
drwxr-xr-x 2 named named 4096 2009-07-29 07:57 tmp/

[root@localhost ~]# ls -l /var/lib/named/var/named
total 16
drwxr-xr-x 2 named named 4096 2009-07-30 06:11 master/
-rw-r--r-- 1 root root 2954 2009-07-29 07:57 named.ca
drwxr-xr-x 2 named named 4096 2009-07-30 06:11 reverse/
drwxr-xr-x 2 named named 4096 2009-07-29 07:57 slaves/

I wasn't sure about chaning all permissions using -R so just manually changed those of /var/lib/named/var/named to start. Should the entries in /master /reverse and /slaves as well as named.ca above also be named:named?

[root@localhost ~]# ls -l /var/lib/named/var/named/master
total 12
-rw-r--r-- 1 root root 329 2009-03-17 17:34 empty
-rw-r--r-- 1 root root 198 2009-07-29 07:57 localdomain.zone
-rw-r--r-- 1 root root 195 2009-07-29 07:57 localhost.zone
 
Old 08-02-2009, 03:34 AM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,937

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
Glad to see it worked.
First of all since you're running a caching dns, you don't need these directories. The only thing you need is named.ca (that is the root.hints zone file) and optionally the zone file for the 0.0.127.in-addr.arpa zone (I guess it's localdomain.zone).
Second, the "working" directory must be owned by the user that runs bind, because in some configurations bind has to write things in there (logs, stats, dynamic updates etc). In your case there is no harm to leave it as is.

Regards
 
Old 08-02-2009, 08:22 AM   #7
Toadman
Member
 
Registered: Aug 2002
Location: Texas
Distribution: Ubuntu 14.04 LTS
Posts: 167

Original Poster
Rep: Reputation: 15
Thank you for the help. I've noted the ownership info you gave above. Would have thought Mandriva would have set these correctly when the rpm was installed.

Thanks again
Chris
 
Old 01-08-2010, 10:24 AM   #8
robertwolfe
Member
 
Registered: Apr 2005
Location: Grand Island, NY
Distribution: Ubuntu and Debian
Posts: 57

Rep: Reputation: 16
I have the same problem, except my dir is /var/named/chroot that named runs chroot-ed out of. Tried modifying the instructions above to suit my config here, but on restarting bind, it could not find the directory.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
world writable directory? turbo_acura Linux - Software 8 10-17-2009 07:02 AM
Samba: Problem writing to a group-writable directory pschoenb Linux - Server 5 02-28-2007 06:34 PM
shell script: delete all directories named directory.# except directory.N brian0918 Programming 3 07-13-2005 06:54 PM
Sendmail Group Writable Directory flipcode Linux - Security 0 12-23-2004 03:41 PM
sendmail world writable directory jbrearley Linux - Software 0 07-01-2004 12:16 PM


All times are GMT -5. The time now is 03:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration