can't exec /usr/sbin/named-xfer: Permission denied

Brian Elliott Finley brian at
Tue Mar 27 16:17:27 UTC 2001

Thus spake Bill Larson (wllarso at

> With there little information, anything that anyone provides will be
> guess work.  Maybe you could provide more information, such as the
> version of BIND and your OS.

Here is some helpful output:
$ named -v
named 8.2.2-P7-NOESW Sat Nov 11 16:09:54 MST 2000
        bdale at winfree:/home/bdale/tmp/bind-tmp/bind-8.2.2p7/src/bin/named

$ uname -a
Linux dr-jeckyl 2.2.18pre11-i686-smp #1 SMP Fri Feb 16 03:52:29 PST 2001 i686 unknown

> Just as another guess, I am assuming that you compiled BIND to
> use shared libraries.  Maybe your shared libraries cannot be
> loaded.  Are ther permissions/ownership of the files in the
> chroot jail /usr/lib the same as in the real /usr/lib?
> Bill Larson

Yes.  named-xfer works fine when invoked by hand.  See message below for

Here is my original post.

I am running named in a chrooted jail on Debian 2.2 "potato".

named works fine, but named-xfer consistently farts with this

 "can't exec /usr/sbin/named-xfer: Permission denied"

named is started with this command:

 "/usr/sbin/named -d 3 -u bind -g bind -t /chrootd/bind"

What am I missing?

I've tried running it manually with a chroot as the user it should be
running as (bind) and everything works fine.  I've tried increasing the
debug level of named, but can't get any more info than the message above
in my logs.

If you're curious about my configuration, I've set it up with this



# Copyright (C) 2001 Brian Elliott Finley <brian at>
# This file is: setup_chrooted_bind
# This script can be run on a Debian system to set up a chrooted
# BIND environment.  The idea behind this configuration is that 
# you can continue to modify your files in the standard locations,
# and you can continue to upgrade bind with the standard Debian
# package management schemes.
# By running this script each time before you start bind, your 
# modified zone files will be transferred to the chrooted environment.
# If you do get cracked, then no worrying about trying to salvage your 
# configuration -- simply blow away /chrootd/bind/ and run this script
# again to re-populate your chrooted environment with your zone and
# configuration files that are safe in the standard locations.
# This script creates miniature libraries for the chroot jailed BIND 
# binaries.  In order for this to work properly, you must install the
# boot-floppies package and it's dependencies.
#  "apt-get install boot-floppies"
# Have fun! -Brian Finley <brian at>

DIRS="/etc/bind/ /dev /usr/sbin/ /var/cache/bind/ /var/run/ /lib/"
FILES="/etc/bind/ /etc/localtime /dev/null /usr/sbin/named /usr/sbin/named-xfer /etc/services /etc/protocols /etc/resolv.conf /etc/ /etc/nsswitch.conf"

for DIR in ${DIRS}
  echo Making ${DESTINATION}${DIR}...
  mkdir -p ${DESTINATION}${DIR} || exit 1

for FILE in ${FILES}
  echo Copying ${FILE}...
  rsync -aL ${FILE} ${DESTINATION}${FILE} || exit 1

grep ^bind: /etc/group > ${DESTINATION}/etc/group || exit 1

${MKLIBS} -v -d ${DESTINATION}/lib ${DESTINATION}/usr/sbin/* || exit 1
chown -R bind.bind ${DESTINATION}/var/cache/bind/

More information about the bind-users mailing list