LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   named in slave mode not copying files (https://www.linuxquestions.org/questions/red-hat-31/named-in-slave-mode-not-copying-files-4175457385/)

jfmays 04-08-2013 12:44 PM
named in slave mode not copying files
 
Running RHEL 6.1 named. Have it running in primary mode on one server, and slave mode on the other. The slave version gets the zones from the primary version, but it is not capable of creating the slave files. So it works, but I'm aware that if the secondary ever rebooted while the primary was down, neither would work.

I believe I had the persmissions correct on the directories, but I even went beyond that and changed /var, /var/named and everything under /var/named to 777 permissions. In /etc/sysconfig/named I have set --

ENABLE_ZONE_WRITE=yes
named_write_master_zones=yes

Still get the following error --

Code:
Apr  8 12:18:14 postgres-02 named[6248]: dumping master file: /var/named/slaves/tmp-6QzqbnrkFm: open: permission denied
Apr  8 12:18:14 postgres-02 kernel: type=1400 audit(1365441494.693:264460): avc:  denied  { write } for  pid=6251 comm="named" name="slaves" dev=dm-0 ino=131232 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
Apr  8 12:18:14 postgres-02 named[6248]: dumping master file: /var/named/slaves/tmp-R9d4zgBXzF: open: permission denied
Apr  8 12:18:14 postgres-02 kernel: type=1400 audit(1365441494.703:264461): avc:  denied  { write } for  pid=6251 comm="named" name="slaves" dev=dm-0 ino=131232 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
What am I overlooking?

ArcLinux 04-08-2013 02:16 PM
SElinux or apparmor?

most likely the issue.

jfmays 04-08-2013 02:22 PM
I didn't set up this server, so I'm not 100% certain if SElinux or apparmor is running, but if they are, shouldn't the settings I mentioned in /etc/sysconfig/named give the appropriate permissions?

How do I tell if selinux or apparmor is running? If they are, how do I set them to allow named to write files?

chrism01 04-08-2013 08:57 PM
Those avc warnings are from SELinux, but I'd try to find out why its not working rather than turn SELinux off.
Possibly its a bug and one of the SELinux types is wrong.
http://www.linuxtopia.org/online_boo...hel_6_selinux/

Also, normally named is chrooted these days, so maybe it should be writing elsewhere viz:
Quote:
If you have installed the bind-chroot package, the BIND service will run in the /var/named/chroot environment. All configuration files will be moved there. As such, named.conf will be located in /var/named/chroot/etc/named.conf, and so on.


All times are GMT -5. The time now is 01:59 AM.