Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm having problems getting include statements to work.
I am running fedora core 4, with the standard bind install.
I am using the default named.conf file which loads bind without a problem, and it has one include statement in it already:
include "/etc/rndc.key";
However, when I attempt to load a second include statement such as:
include "/etc/rndc.key";
include "/var/named/chroot/etc/acl.conf";
I get this error message when I attempt to load bind:
[root@localhost ~]# service named start
Starting named:
Error in named configuration:
/etc/named.conf:68: open: /var/named/chroot/etc/acl.conf: file not found
[FAILED]
The permissions on acl.conf are as follows:
-rw-r--r-- 1 root named 40 Jan 6 10:08 /var/named/chroot/etc/acl.conf
The permissions on rndc.key are as follows:
-rw-r--r-- 1 root named 132 Jan 5 14:54 /var/named/chroot/etc/rndc.key
Any Ideas? I don't understand how the file can't be found when i'm looking right at it.
Since it seems to be in a "chroot jail", you may want to try using
"/etc/acl.conf" instead.
When a chroot jail is used, the "/" directory actually changes.
So if you chroot to /var/named/chroot/ then the new "/" directory is actually the
directory /var/named/chroot/. So, "/etc/acl.conf" in the chroot jail is the same as
/var/named/chroot/etc/acl.conf on your real filesystem.
Same goes for /etc/rndc.key. Your example clearly shows that the include of "rndc.key" is done inside
the chroot jail (since you've put /etc/rndc.key, not /var/named/chroot/etc/rndc.key, which would cause an error). Do the same for acl.conf and it should do the trick...
Is there anyway I can remove the "chroot jail" so I can use absolute paths? I have several include files that have very specific paths such as /etc/smbind/smbind.conf being written to by apache.
First of all, the chroot jail you indicated seems to only apply to "named", the DNS server program.
Other programs, like Apache, may use a different jail or no jail at all.
The fact that you have a chroot jail for "named", doesn't mean you have the same jail for all your programs.
Secondly, even inside a jail, you can still use absolute paths. You just need to keep in mind that all files
need to be stored as if the chroot directory is your / directory.
For instance:
let's say I'm setting up a chroot jail in /my/chroot/.
Under this directory, I'll need to create subdirectories like "etc", "bin", etc, just like under the regular /
directory. Once I've chroot'ed to /my/chroot/, that directory will become my new "/" directory. All programs and files in the normal /etc/, /bin/, /usr/bin, ... will become unreachable.
But nothing prevents me from copying any files from the normal /etc/ to /my/chroot/etc/, from /bin to /my/chroot/bin (but you'll need to execute these copy operations before you chroot).
My final point is that your "named" chroot jail is probably in place for security.
Breaking out of it is not so easy and I strongly recommend against it (it defeats it's security purpose).
It may be possible to configure your DNS system to not use a chroot jail, but that can also cause security issues.
Yeah I just turned off the chroot jail in the install, works great now. I appreciate the security side of it, but it must work with smbind and phpmyadmin and a mysql database, there is far too much f*$king around to be playing with a chroot jail and relinking all the paths of these programs, i think i'll stick to good ol' /var/named for now.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.