installing on SLES 10sp3
Lyle Giese
lyle at lcrcomputer.net
Fri Sep 10 00:02:58 UTC 2010
wllarso wrote:
> I'm not any sort of Linux expert but this started my mind thinking.
>
> Take a look at the BIND FAQ, it comes with the sources. There are some
> Linux specific comments about file and directory permissions. Bind
> running under Linux drops special 'root' permissions when it starts up.
>
I am not using the -u option nor am I running in a CHROOT environment.
ps shows root owning the named process.
> Also, there are specific issues when running the Security Enhanced
> Linux. This may be your situation, or not. We can't tell.
>
I have never on purpose enabled SELinux<GRIN>!
Lyle Giese
>
> Sent from Garminfone by T-Mobile.
>
> Lyle Giese wrote:
>
> David Forrest wrote:
> > On Thu, 9 Sep 2010, Lyle Giese wrote:
> >
> >> David Forrest wrote:
> >>> On Thu, 9 Sep 2010, Lyle Giese wrote:
> >>>
> >>>> I am trying to install bind 9.7.1-P2 from source on a SLES 10
> SP3
> >>>> server.
> >>>>
> >>>> When I run named from the command line, it runs, but fails to
> open
> >>>> and write any of the zone files it downloaded.
> >>>>
> >>>> named -c /etc/named.conf (yes I am running this a root)
> >>>>
> >
> > [snipped]
> >
> >>
> >> I checked the version of named and named-checkconf using -v and -V
> >> and tried running it via the full path. They have the right
> version
> >> number 9.7.1-P2.
> >>
> >> Lyle Giese
> >
> > Lyle, since it runs from the command line, it would seem that
> you're
> > left with the zone files and those special files named needs. From
> > the named-checkconf man:
> > "Note: files that named reads in separate parser contexts, such as
> > rndc.key and bind.keys, are not automatically read by
> named-checkconf.
> > Configuration errors in these files may cause named to fail to run,
> > even if named-checkconf was successful. named-checkconf can be
> run on
> > these files explicitly, however."
> >
> > I have also found some pesky errors in my zone files by running
> > named-checkzone on them. That may be indicated as you can run
> but the
> > zones don't open.
> >
> > Dave
> >
> the more I play, the more it looks like named just plain won't
> write out
> to disk anything except via syslog.
>
> The issue I saw with named-checkconf was user error. (bad command
> line).
>
> I am starting named as root and it shows up in ps as owned by
> root. In
> the global options section I have set:
>
> directory "/etc/named";
>
> This directory is owned by root and is set to 777 and named still
> won't
> write to it.
>
> The only thing I can come up with it's a problem with SLES 10 SP3.
> That's the only thing that makes sense, but I should be able to work
> through that.
>
> When starting named, I see this for all zones. The function to dump
> master file fails with an open: permission denied.
>
> Sep 9 15:30:32 linuxps named[16342]: transfer of
> '100.0.10.in-addr.arpa/IN' from 209.172.152.3#53: Transfer
> completed: 1
> messages, 260 records, 6103 bytes, 0.224 secs (27245 bytes/sec)
> Sep 9 15:30:32 linuxps named[16342]: zone 100.0.10.in-addr.arpa/IN:
> sending notifies (serial 2010081601)
> Sep 9 15:30:32 linuxps named[16342]: dumping master file:
> /etc/named/tmp-EKfXmnQngI: open: permission denied
>
> ( I set the above zone for file
> "/etc/named/100.0.10.in-addr.arpa"; and
> it appears that named wants to drop a temp file and rename it)
>
> Sep 9 15:30:33 linuxps named[16342]: transfer of
> '102.0.10.in-addr.arpa/IN' from 209.172.152.3#53: Transfer
> completed: 1
> messages, 261 records, 5636 bytes, 0.283 secs (19915 bytes/sec)
> Sep 9 15:30:33 linuxps named[16342]: zone 102.0.10.in-addr.arpa/IN:
> sending notifies (serial 2010081601)
> Sep 9 15:30:33 linuxps named[16342]: dumping master file:
> tmp-wS5yINBtho: open: permission denied
>
> And rndc dumpdb -all yields this error:
>
> Sep 9 15:46:03 linuxps named[16342]: received control channel command
> 'dumpdb -all'
> Sep 9 15:46:03 linuxps named[16342]: could not open dump file
> 'named_dump.db': permission denied
>
> Lyle Giese
> LCR Computer Services, Inc.
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100909/e8f38b4c/attachment.html>
More information about the bind-users
mailing list