installing on SLES 10sp3
Chris Buxton
chris.p.buxton at gmail.com
Sun Sep 12 02:31:32 UTC 2010
On Sep 9, 2010, at 5:02 PM, Lyle Giese wrote:
> wllarso wrote:
>>
>> I'm not any sort of Linux expert but this started my mind thinking.
>>
>> Take a look at the BIND FAQ, it comes with the sources. There are some Linux specific comments about file and directory permissions. Bind running under Linux drops special 'root' permissions when it starts up.
>>
> I am not using the -u option nor am I running in a CHROOT environment. ps shows root owning the named process.
>> Also, there are specific issues when running the Security Enhanced Linux. This may be your situation, or not. We can't tell.
>>
> I have never on purpose enabled SELinux<GRIN>!
On SLES, look for AppArmor. You may find that an AppArmor profile is stifling what named can do. Try disabling it.
IMO, SELinux and AppArmor have their place, but you generally have to create or customize your own security profile to allow services to work the way you want them to. Both SUSE and RHEL/Fedora/CentOS make the assumption that you will use the provided management tools, or none at all, rather than using any 3rd party management system.
Chris Buxton
BlueCat Networks
More information about the bind-users
mailing list