installing on SLES 10sp3

Lyle Giese lyle at lcrcomputer.net
Fri Sep 10 00:02:58 UTC 2010


wllarso wrote:
> I'm not any sort of Linux expert but this started my mind thinking.
>
> Take a look at the BIND FAQ, it comes with the sources. There are some
> Linux specific comments about file and directory permissions. Bind
> running under Linux drops special 'root' permissions when it starts up.
>
I am not using the -u option nor am I running in a CHROOT environment.  
ps shows root owning the named process. 
> Also, there are specific issues when running the Security Enhanced
> Linux. This may be your situation, or not. We can't tell.
>
I have never on purpose enabled SELinux<GRIN>!

Lyle Giese
>
> Sent from Garminfone by T-Mobile.
>
> Lyle Giese wrote:
>
>     David Forrest wrote:
>     > On Thu, 9 Sep 2010, Lyle Giese wrote:
>     >
>     >> David Forrest wrote:
>     >>> On Thu, 9 Sep 2010, Lyle Giese wrote:
>     >>>
>     >>>> I am trying to install bind 9.7.1-P2 from source on a SLES 10
>     SP3
>     >>>> server.
>     >>>>
>     >>>> When I run named from the command line, it runs, but fails to
>     open
>     >>>> and write any of the zone files it downloaded.
>     >>>>
>     >>>> named -c /etc/named.conf (yes I am running this a root)
>     >>>>
>     >
>     > [snipped]
>     >
>     >>
>     >> I checked the version of named and named-checkconf using -v and -V
>     >> and tried running it via the full path. They have the right
>     version
>     >> number 9.7.1-P2.
>     >>
>     >> Lyle Giese
>     >
>     > Lyle, since it runs from the command line, it would seem that
>     you're
>     > left with the zone files and those special files named needs. From
>     > the named-checkconf man:
>     > "Note: files that named reads in separate parser contexts, such as
>     > rndc.key and bind.keys, are not automatically read by
>     named-checkconf.
>     > Configuration errors in these files may cause named to fail to run,
>     > even if named-checkconf was successful. named-checkconf can be
>     run on
>     > these files explicitly, however."
>     >
>     > I have also found some pesky errors in my zone files by running
>     > named-checkzone on them. That may be indicated as you can run
>     but the
>     > zones don't open.
>     >
>     > Dave
>     >
>     the more I play, the more it looks like named just plain won't
>     write out
>     to disk anything except via syslog.
>
>     The issue I saw with named-checkconf was user error. (bad command
>     line).
>
>     I am starting named as root and it shows up in ps as owned by
>     root. In
>     the global options section I have set:
>
>     directory "/etc/named";
>
>     This directory is owned by root and is set to 777 and named still
>     won't
>     write to it.
>
>     The only thing I can come up with it's a problem with SLES 10 SP3.
>     That's the only thing that makes sense, but I should be able to work
>     through that.
>
>     When starting named, I see this for all zones. The function to dump
>     master file fails with an open: permission denied.
>
>     Sep 9 15:30:32 linuxps named[16342]: transfer of
>     '100.0.10.in-addr.arpa/IN' from 209.172.152.3#53: Transfer
>     completed: 1
>     messages, 260 records, 6103 bytes, 0.224 secs (27245 bytes/sec)
>     Sep 9 15:30:32 linuxps named[16342]: zone 100.0.10.in-addr.arpa/IN:
>     sending notifies (serial 2010081601)
>     Sep 9 15:30:32 linuxps named[16342]: dumping master file:
>     /etc/named/tmp-EKfXmnQngI: open: permission denied
>
>     ( I set the above zone for file
>     "/etc/named/100.0.10.in-addr.arpa"; and
>     it appears that named wants to drop a temp file and rename it)
>
>     Sep 9 15:30:33 linuxps named[16342]: transfer of
>     '102.0.10.in-addr.arpa/IN' from 209.172.152.3#53: Transfer
>     completed: 1
>     messages, 261 records, 5636 bytes, 0.283 secs (19915 bytes/sec)
>     Sep 9 15:30:33 linuxps named[16342]: zone 102.0.10.in-addr.arpa/IN:
>     sending notifies (serial 2010081601)
>     Sep 9 15:30:33 linuxps named[16342]: dumping master file:
>     tmp-wS5yINBtho: open: permission denied
>
>     And rndc dumpdb -all yields this error:
>
>     Sep 9 15:46:03 linuxps named[16342]: received control channel command
>     'dumpdb -all'
>     Sep 9 15:46:03 linuxps named[16342]: could not open dump file
>     'named_dump.db': permission denied
>
>     Lyle Giese
>     LCR Computer Services, Inc.
>
>     _______________________________________________
>     bind-users mailing list
>     bind-users at lists.isc.org
>     https://lists.isc.org/mailman/listinfo/bind-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100909/e8f38b4c/attachment.html>


More information about the bind-users mailing list