LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 04-08-2013, 01:55 PM   #1
jfmays
LQ Newbie
 
Registered: Mar 2013
Posts: 8

Rep: Reputation: Disabled
Named in slave mode not able to create zone files.


Running RHEL 6.1 named. Have BIND running in primary mode on one server, and slave mode on the other. The slave version gets the zones from the primary version, but it is not capable of creating the slave files. So it works, but I'm aware that if the secondary ever rebooted while the primary was down, neither would work.

I believe I had the persmissions correct on the directories, but I even went beyond that and changed /var, /var/named and everything under /var/named to 777 permissions. In /etc/sysconfig/named I have set --

ENABLE_ZONE_WRITE=yes
named_write_master_zones=yes

Still get the following error --

Code:
Apr  8 12:18:14 postgres-02 named[6248]: dumping master file: /var/named/slaves/tmp-6QzqbnrkFm: open: permission denied
Apr  8 12:18:14 postgres-02 kernel: type=1400 audit(1365441494.693:264460): avc:  denied  { write } for  pid=6251 comm="named" name="slaves" dev=dm-0 ino=131232 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
Apr  8 12:18:14 postgres-02 named[6248]: dumping master file: /var/named/slaves/tmp-R9d4zgBXzF: open: permission denied
Apr  8 12:18:14 postgres-02 kernel: type=1400 audit(1365441494.703:264461): avc:  denied  { write } for  pid=6251 comm="named" name="slaves" dev=dm-0 ino=131232 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
What am I overlooking?
 
Old 04-09-2013, 02:01 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,772

Rep: Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294
Hi,

This is a SELinux problem.
Have a look here for help

Regards
 
Old 04-10-2013, 04:48 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 1,697

Rep: Reputation: 426Reputation: 426Reputation: 426Reputation: 426Reputation: 426
Check the labeling of /var/named/slaves, and be sure that named can write to it. Unfortunately, I don't know what the label should be...
 
Old 04-10-2013, 08:42 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5
Posts: 16,086

Rep: Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995
Normally in RHEL I'd expect it to be chrooted http://www.linuxtopia.org/online_boo...5_ch-bind.html
 
Old 04-11-2013, 05:52 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 1,697

Rep: Reputation: 426Reputation: 426Reputation: 426Reputation: 426Reputation: 426
I know it is planned (if not already done). The defaults I have are:
Code:
# cd /var/named
# ls -lZ
drwxr-x---. root  named system_u:object_r:named_conf_t:s0 chroot
drwxrwx---. named named system_u:object_r:named_cache_t:s0 data
drwxrwx---. named named system_u:object_r:named_cache_t:s0 dynamic
-rw-r-----. root  named system_u:object_r:named_conf_t:s0 named.ca
-rw-r-----. root  named system_u:object_r:named_zone_t:s0 named.empty
-rw-r-----. root  named system_u:object_r:named_zone_t:s0 named.localhost
-rw-r-----. root  named system_u:object_r:named_zone_t:s0 named.loopback
drwxrwx---. named named system_u:object_r:named_cache_t:s0 slaves
The CentOS 6 VM I have uses the same, so it does have MAC labels. I don't have bind configured in the VM, so I don't know if there are any more labels needed for slave servers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
named in slave mode not copying files jfmays Red Hat 3 04-08-2013 08:57 PM
BIND Slave Server - Zone DB Files - Default Permission Set harmandeep Linux - Server 0 10-05-2011 06:35 AM
LXer: bind: Create Slave Zone Files LXer Syndicated Linux News 0 06-08-2010 10:00 AM
named cannot find zone files? zarnold Red Hat 4 09-04-2006 11:36 AM
Bind/named can't open zone files for some reason adam_lang Linux - Networking 2 02-02-2004 09:09 PM


All times are GMT -5. The time now is 11:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration