wllarso wrote: > I'm not any sort of Linux expert but this started my mind thinking. > > Take a look at the BIND FAQ, it comes with the sources. There are some > Linux specific comments about file and directory permissions. Bind > running under Linux drops special 'root' permissions when it starts up. > I am not using the -u option nor am I running in a CHROOT environment. ps shows root owning the named process. > Also, there are specific issues when running the Security Enhanced > Linux. This may be your situation, or not. We can't tell. > I have never on purpose enabled SELinux<GRIN>!
Lyle Giese > > Sent from Garminfone by T-Mobile. > > Lyle Giese wrote: > > David Forrest wrote: > > On Thu, 9 Sep 2010, Lyle Giese wrote: > > > >> David Forrest wrote: > >>> On Thu, 9 Sep 2010, Lyle Giese wrote: > >>> > >>>> I am trying to install bind 9.7.1-P2 from source on a SLES 10 > SP3 > >>>> server. > >>>> > >>>> When I run named from the command line, it runs, but fails to > open > >>>> and write any of the zone files it downloaded. > >>>> > >>>> named -c /etc/named.conf (yes I am running this a root) > >>>> > > > > [snipped] > > > >> > >> I checked the version of named and named-checkconf using -v and -V > >> and tried running it via the full path. They have the right > version > >> number 9.7.1-P2. > >> > >> Lyle Giese > > > > Lyle, since it runs from the command line, it would seem that > you're > > left with the zone files and those special files named needs. From > > the named-checkconf man: > > "Note: files that named reads in separate parser contexts, such as > > rndc.key and bind.keys, are not automatically read by > named-checkconf. > > Configuration errors in these files may cause named to fail to run, > > even if named-checkconf was successful. named-checkconf can be > run on > > these files explicitly, however." > > > > I have also found some pesky errors in my zone files by running > > named-checkzone on them. That may be indicated as you can run > but the > > zones don't open. > > > > Dave > > > the more I play, the more it looks like named just plain won't > write out > to disk anything except via syslog. > > The issue I saw with named-checkconf was user error. (bad command > line). > > I am starting named as root and it shows up in ps as owned by > root. In > the global options section I have set: > > directory "/etc/named"; > > This directory is owned by root and is set to 777 and named still > won't > write to it. > > The only thing I can come up with it's a problem with SLES 10 SP3. > That's the only thing that makes sense, but I should be able to work > through that. > > When starting named, I see this for all zones. The function to dump > master file fails with an open: permission denied. > > Sep 9 15:30:32 linuxps named[16342]: transfer of > '100.0.10.in-addr.arpa/IN' from 209.172.152.3#53: Transfer > completed: 1 > messages, 260 records, 6103 bytes, 0.224 secs (27245 bytes/sec) > Sep 9 15:30:32 linuxps named[16342]: zone 100.0.10.in-addr.arpa/IN: > sending notifies (serial 2010081601) > Sep 9 15:30:32 linuxps named[16342]: dumping master file: > /etc/named/tmp-EKfXmnQngI: open: permission denied > > ( I set the above zone for file > "/etc/named/100.0.10.in-addr.arpa"; and > it appears that named wants to drop a temp file and rename it) > > Sep 9 15:30:33 linuxps named[16342]: transfer of > '102.0.10.in-addr.arpa/IN' from 209.172.152.3#53: Transfer > completed: 1 > messages, 261 records, 5636 bytes, 0.283 secs (19915 bytes/sec) > Sep 9 15:30:33 linuxps named[16342]: zone 102.0.10.in-addr.arpa/IN: > sending notifies (serial 2010081601) > Sep 9 15:30:33 linuxps named[16342]: dumping master file: > tmp-wS5yINBtho: open: permission denied > > And rndc dumpdb -all yields this error: > > Sep 9 15:46:03 linuxps named[16342]: received control channel command > 'dumpdb -all' > Sep 9 15:46:03 linuxps named[16342]: could not open dump file > 'named_dump.db': permission denied > > Lyle Giese > LCR Computer Services, Inc. > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users