Re: isc_log_open 'named.run' failed
Ok. I found the answer myself. User named must be able to write to /var/named What would be the right thing ? Leting named own /var/named or having named be member of group wheel and have write permission on group wheel ? I am thinking of security here. /Hasse Hans Almqvist wrote: Hi all! I am running OpenBSD 3.6 on i386 system. When starting named I get the fallowing in my log. named[2541]: starting BIND 9.2.3 -t /var/named -u named -d 3 named[2541]: command channel listening on 127.0.0.1#953 named[2541]: command channel listening on ::1#953 named[2541]: isc_log_open 'named.run' failed: permission denied If I then try to do a # rndc dumpdb I get : named[2541]: could not open dump file: permission denied There seem to be a permission problem somehow but I can't figure out where. I have read that the named_dump.db file should appear in /var/named Here is the permission on /var/named vindfallan# pwd /var/named vindfallan# ls -ld . drwxr-xr-x 8 root wheel 512 Jan 30 2005 . /Hasse
Re: isc_log_open 'named.run' failed
From: Todd C. Miller [mailto:[EMAIL PROTECTED] In message [EMAIL PROTECTED] so spake Hans Almqvist (hasse): Ok. I found the answer myself. User named must be able to write to /var/named What would be the right thing ? Leting named own /var/named or having named be member of group wheel and have write permission on group wheel ? If you know the exact pathnames named is trying to use you may be able to just create them in the right place, owned by user named. Or you could just change the owner of /var/named temporarily. If this is the stock BIND that ships with OpenBSD, shouldn't it just work without any permissions/ownership changes? DS
Re: isc_log_open 'named.run' failed
If this is the stock BIND that ships with OpenBSD, shouldn't it just work without any permissions/ownership changes? OpenBSD does not ship with a stock BIND. It has privilege seperation added, which has already saved us from problems a few times. Yes, that means there might be some new small problems with some tweaky options they wrote wrong, which noone uses...
Re: isc_log_open 'named.run' failed
In message [EMAIL PROTECTED] so spake Todd C. Miller (Todd.Miller): If you know the exact pathnames named is trying to use you may be able to just create them in the right place, owned by user named. If all you need to write is the dump file you should be able to add something like: dump-file /subdir/named.dump.db where subdir is some subdir of /var/named that is writable by user named. - todd
