LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 10-27-2008, 07:23 PM   #1
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Rep: Reputation: 0
Ubuntu 8.04 Hardy Heron server: inode_permission” requested_mask=”a::”


I have two questions. And, I'm logged in as root as I do this stuff.

One:
I'm trying to setup logging on our DNS server. I have the following msg in syslog. Can somebody clue me in as to what I may need to do to fix it? I'm guessing it has something to do with umask.

kernel: audit : type=1503 operation=”inode_permission” requested_mask=”a::” name=”/var/log/query.log” pid=5819 profile=”/usr/sbin/named” namespace=”default”

named: logging channel ‘query’ file ‘/var/log/query.log’: permission denied


I searched the forum and found a thread about Apparmor being the culprit so I set it to complain mode, restarted named, but no joy.

Here's my logging statement straight out of Ubuntu's documentation.

logging {
channel query.log {
file "/var/log/query.log";
// Set the severity to dynamic to see all the debug messages.
severity debug 3;
};

category queries { query.log; };
};

ls -al /var/log/query.log
returns
-rw-r--r-- 1 bind bind 0 date time query.log

I've also tried this statement out of Mark Sobell's "A Practical Guide to Ubuntu Linux" book. No joy.
Should either one of these statements work once I have the "permissions denied" problem resolved?

logging {
channel "query" {
file "/var/log/query.log";
// Set the severity to dynamic to see all the debug messages.
severity debug 3;
};

category queries { "query"; };

};

Two:
Why can't I view the contents of usr.sbin.named?
When I run the cmd "more /etc/usr.sbin.named" it returns "No such file or directory."
ls -al /etc/usr.sbin.named
returns
-rw-r--r-- 1 root root 742 date time usr.sbin.named
 
Old 10-27-2008, 09:26 PM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
Shouldn't the usr.bin.named file be in /etc/apparmor.d/ instead of /etc
 
Old 10-28-2008, 03:07 PM   #3
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
Yes, my mistake. It is in /etc/apparmor.d.
 
Old 10-28-2008, 06:48 PM   #4
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
This is the contents of my /etc/apparmor.d/usr.sbin.named

Code:
# vim:syntax=apparmor
# Last Modified: Fri Jun  1 16:43:22 2007
#include <tunables/global>

/usr/sbin/named {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,

  # /etc/bind should be read-only for bind
  # /var/lib/bind is for dynamically updated zone (and journal) files.
  # /var/cache/bind is for slave/stub data, since we're not the origin of it.
  # See /usr/share/doc/bind9/README.Debian.gz
  /etc/bind/** r,
  /var/lib/bind/** rw,
  /var/cache/bind/** rw,

  /proc/net/if_inet6 r,
  /usr/sbin/named mr,
  /var/run/bind/run/named.pid w,
  # support for resolvconf
  /var/run/bind/named.options r,
}
 
Old 10-29-2008, 05:56 PM   #5
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
The problem is with apparmor, with it disabled, no problems. My usr.sbin.named file is almost identical to yours. The exception, I added the line /var/log/** rw,

Do you have logging setup in named.conf.local?
 
Old 10-29-2008, 07:44 PM   #6
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
No, mine appears to log through syslog instead of directly to a file. I have no additional logging parameters set up.
 
Old 10-30-2008, 10:32 AM   #7
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
I've read that's logging to syslog is the default action if you don't have logging setup. If you have any other idea's or come across a thread or link the might be helpful let me know.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ubuntu 8.04 (Hardy Heron) LAMP Server Setup LXer Syndicated Linux News 1 10-15-2008 03:02 PM
LXer: XEN On An Ubuntu Hardy Heron (8.04) Server System (amd64) - High Performance LXer Syndicated Linux News 0 06-06-2008 08:30 AM
LXer: Installing Xen On An Ubuntu 8.04 (Hardy Heron) Server From The Ubuntu Repositor LXer Syndicated Linux News 0 05-08-2008 03:10 PM
LXer: Set Up A Linux Playstation 3 Media Server (Ubuntu Hardy Heron) LXer Syndicated Linux News 0 05-05-2008 02:20 PM
LXer: The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) LXer Syndicated Linux News 0 04-27-2008 07:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 06:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration