Preferred log location with ISC copr package
John Thurston
john.thurston at alaska.gov
Tue May 21 16:42:09 UTC 2019
On 5/21/2019 5:08 AM, Michał Kępień wrote:
>> A directory was created as part of the package installation:
>> /var/opt/isc/isc-bind/log/
> Correct, this directory is a part of the standard Software Collection
> runtime which is created at package build time according to macros
> provided by Red Hat.
>
>> Since I'm new the "Software Collection" paradigm, I don't know if this is an
>> acceptable location for my operational logs.
> It is as acceptable as any other location to which named has write
> access. The default path I mentioned above is set up automatically upon
> package installation; if you would like to log to a different file, you
> will have to take care of ensuring proper filesystem permissions and
> SELinux labelling yourself. You can also consider logging to a syslog
> daemon and configuring it to your liking as an alternative to logging
> directly to a file.
>
I did a fresh installation from isc/bind-esv onto CentOS 7. It doesn't
look to me like the permissions on the log directory were set correctly.
> drwxr-xr-x. 2 root root 6 May 15 23:29 /var/opt/isc/isc-bind/log
> drwxr-x---. 3 root named 18 May 20 15:01 /var/opt/isc/isc-bind/named
> drwxrwx---. 2 named named 77 May 20 15:52 /var/opt/isc/isc-bind/named/data
The helpful suggestion above had me expecting the log directory would be
set similar to the named/data directory, with write permissions for the
process UID.
My follow-up question is: Should the package installation have set
different owner:group and permissions on /var/opt/isc/isc-bind/log?
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
More information about the bind-users
mailing list