Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-30-2005, 10:15 PM
|
#1
|
LQ Newbie
Registered: Aug 2005
Distribution: Fedora Core 6
Posts: 21
Rep:
|
BIND 9 Permission denied when chmod is 777 o_O
Hi,
I've been fiddling with this for 2 days now and I still can't get it to work. I have all the directories up to my pid file chmoded to 755 (and I've tried it with all of them 777) and they are all owned by named and I know BIND is running as named but it still says "cannot open file ".../named.pid" : Permission denied".
Now here's the really weird part, when I run "named -u named -t /var/named/chroot -g" everything works fine, but when I run "service named start" it fails and it says Permission denied. o_O weird huh? Any ideas?
Thanks,
Brandon
|
|
|
08-30-2005, 11:58 PM
|
#2
|
Member
Registered: Aug 2004
Location: Newmarket, Ontario
Distribution: OpenSuse 10.2
Posts: 184
Rep:
|
Is your named process chrooted? If so, you may not following the correct path to the named.pid file. What distro are you using?
|
|
|
08-31-2005, 12:04 AM
|
#3
|
LQ Newbie
Registered: Aug 2005
Distribution: Fedora Core 6
Posts: 21
Original Poster
Rep:
|
My bind is chrooted and the path I have to the named.pid file is (absolute path) /var/named/chroot/var/run/named.pid I've tried many other paths and they all give the same error. I'm running Fedora Core 4.
EDIT: Another problem I just rememberd, whenever I run it in the foreground, it should still technically be running. If I make changes to the domains I am DNSing then it should update them when I restart right? I originally configured the domains with the wrong IPs so now that I've fixed it and I run it in the foreground, shouldn't a "host" command retrieve the updates instead?
EDIT2: Experimenting with dig, I discovered that my nameserver finally updated and nslookup and host said the same, but now it says that the connection was refused when I try to go to www.unnaturalfusion.com. My firewall and router are setup correctly, any ideas?
Last edited by KasperLotus; 08-31-2005 at 12:24 AM.
|
|
|
08-31-2005, 04:40 AM
|
#4
|
Member
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620
Rep:
|
Are you talking about the dig query was refused? i.e. status REFUSED
Code:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 46206
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
If thats the case, then I'd be willing to bet you have accidentally configured bind to refuse queries outside its authoritative zones (I can't tell from your post).
A couple of things to check:
1) Is recursion on?
2) What is the setting for "allow-query" either globally or within the zone statements?
|
|
|
08-31-2005, 10:51 AM
|
#5
|
LQ Newbie
Registered: Aug 2005
Distribution: Fedora Core 6
Posts: 21
Original Poster
Rep:
|
How do I set and check recursion? And the dig connection wasn't refused, a firefox connection was refused.
|
|
|
08-31-2005, 09:48 PM
|
#6
|
Member
Registered: Feb 2003
Location: United States
Distribution: RHEL, Slackware, Gentoo, Fedora, CentOS, Ubuntu, Debian
Posts: 66
Rep:
|
Quote:
Originally posted by KasperLotus
How do I set and check recursion? And the dig connection wasn't refused, a firefox connection was refused.
|
Usually recursion is on by default, however you can double check it by setting the
recursion on;
in the named.conf. Recursion needs to be on for local dns or for the machine to cache answers in my experience.
|
|
|
09-04-2005, 10:27 PM
|
#7
|
Member
Registered: Aug 2004
Location: Newmarket, Ontario
Distribution: OpenSuse 10.2
Posts: 184
Rep:
|
If you were refused trying to access a website then it's most likely an setting on the web server. Double check the settings if it's your own server or contact the admin of that server to find out about the issue.
|
|
|
09-05-2005, 12:54 AM
|
#8
|
Member
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296
Rep:
|
One answer chcon
for your name server.
the problem is that although named starts off as root it is still denied when it tryes to write the pid file. this is because it does not, by default, have the correct setup for the directory (this problem is that same with apache and other system run processes)
fixing this
cd /var/run/
ls -Z
should return
## I have the chmod high because i was stumped by the permisson denied, this will change
Code:
drwxrwxr-x named named system_u:object_r:named_var_run_t named
However, the important part is system_u (the user) and named_var_run_t (the type) if this is not what you see the following should fix this.
Code:
chcon -u system_u -t named_var_run_t /var/run/named/
next restart bind with user named
To make sure all went well its always good to check /var/log/messages incase something went wrong with start up or zonefiles.
for apache (2) -
basically the same thing only difference is the -t (type)
//this must be set for all directory's you wish to have apache webserver access
Code:
chcon -Rt httpd_sys_content_t /your/DocumentRoot/
just to check and make sure everything works ok
should return
Code:
drwxr-xr-x your_user its_group system_u:object_r:httpd_sys_content_t YOUR-DOCUMENT-ROOT
Note that if the user is not system_u then you should change it , and all sub-direcotrys with
Code:
chcon -Ru system_u /your/DocumentRoot
hope this helps!!
edited to disable smiles
Last edited by Fredstar; 09-05-2005 at 12:59 AM.
|
|
|
09-05-2005, 07:40 PM
|
#9
|
LQ Newbie
Registered: Aug 2005
Distribution: Fedora Core 6
Posts: 21
Original Poster
Rep:
|
After the chcon command on several directories which were problematic, I ran "service named start" and got this error in the log file. It failed to start.
audit(1125967391.931:21): avc: denied { write } for pid=2967 comm="named" name=named dev=hda1 ino=613281 scontext=root:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir
Apparently, root is still the user, but when I run ls -Z it appears that system_u is the user....o_O
edited to disable smilies
|
|
|
09-06-2005, 09:16 PM
|
#10
|
Member
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296
Rep:
|
Odd..
Did you make sure to set the type correctly?
Cause that was the big problem mine had when it wasn't running.
|
|
|
09-07-2005, 12:20 AM
|
#11
|
LQ Newbie
Registered: Aug 2005
Distribution: Fedora Core 6
Posts: 21
Original Poster
Rep:
|
Yeah, I made sure of that. I actually got it working by turning off the SELinux protection for the name server daemon and voila, it ran without an error. Thanks for all your help though.
Cheers.
|
|
|
All times are GMT -5. The time now is 01:15 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|