Ubuntu This forum is for the discussion of Ubuntu Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-27-2008, 07:23 PM
|
#1
|
LQ Newbie
Registered: Oct 2008
Posts: 10
Rep:
|
Ubuntu 8.04 Hardy Heron server: inode_permission” requested_mask=”a::”
I have two questions. And, I'm logged in as root as I do this stuff.
One:
I'm trying to setup logging on our DNS server. I have the following msg in syslog. Can somebody clue me in as to what I may need to do to fix it? I'm guessing it has something to do with umask.
kernel: audit : type=1503 operation=”inode_permission” requested_mask=”a::” name=”/var/log/query.log” pid=5819 profile=”/usr/sbin/named” namespace=”default”
named: logging channel ‘query’ file ‘/var/log/query.log’: permission denied
I searched the forum and found a thread about Apparmor being the culprit so I set it to complain mode, restarted named, but no joy.
Here's my logging statement straight out of Ubuntu's documentation.
logging {
channel query.log {
file "/var/log/query.log";
// Set the severity to dynamic to see all the debug messages.
severity debug 3;
};
category queries { query.log; };
};
ls -al /var/log/query.log
returns
-rw-r--r-- 1 bind bind 0 date time query.log
I've also tried this statement out of Mark Sobell's "A Practical Guide to Ubuntu Linux" book. No joy.
Should either one of these statements work once I have the "permissions denied" problem resolved?
logging {
channel "query" {
file "/var/log/query.log";
// Set the severity to dynamic to see all the debug messages.
severity debug 3;
};
category queries { "query"; };
};
Two:
Why can't I view the contents of usr.sbin.named?
When I run the cmd "more /etc/usr.sbin.named" it returns "No such file or directory."
ls -al /etc/usr.sbin.named
returns
-rw-r--r-- 1 root root 742 date time usr.sbin.named
|
|
|
10-27-2008, 09:26 PM
|
#2
|
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Rep:
|
Shouldn't the usr.bin.named file be in /etc/apparmor.d/ instead of /etc
|
|
|
10-28-2008, 03:07 PM
|
#3
|
LQ Newbie
Registered: Oct 2008
Posts: 10
Original Poster
Rep:
|
Yes, my mistake. It is in /etc/apparmor.d.
|
|
|
10-28-2008, 06:48 PM
|
#4
|
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Rep:
|
This is the contents of my /etc/apparmor.d/usr.sbin.named
Code:
# vim:syntax=apparmor
# Last Modified: Fri Jun 1 16:43:22 2007
#include <tunables/global>
/usr/sbin/named {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz
/etc/bind/** r,
/var/lib/bind/** rw,
/var/cache/bind/** rw,
/proc/net/if_inet6 r,
/usr/sbin/named mr,
/var/run/bind/run/named.pid w,
# support for resolvconf
/var/run/bind/named.options r,
}
|
|
|
10-29-2008, 05:56 PM
|
#5
|
LQ Newbie
Registered: Oct 2008
Posts: 10
Original Poster
Rep:
|
The problem is with apparmor, with it disabled, no problems. My usr.sbin.named file is almost identical to yours. The exception, I added the line /var/log/** rw,
Do you have logging setup in named.conf.local?
|
|
|
10-29-2008, 07:44 PM
|
#6
|
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Rep:
|
No, mine appears to log through syslog instead of directly to a file. I have no additional logging parameters set up.
|
|
|
10-30-2008, 10:32 AM
|
#7
|
LQ Newbie
Registered: Oct 2008
Posts: 10
Original Poster
Rep:
|
I've read that's logging to syslog is the default action if you don't have logging setup. If you have any other idea's or come across a thread or link the might be helpful let me know.
|
|
|
All times are GMT -5. The time now is 06:49 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|