Hi Simon,
> I would have expect a permission error instead of a "read-only" one. It
> looks as if /var/log was not properly added to be ReadWritePaths set.
That is what I have used:
> ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
> This unlink failure is expected and AFAICT harmless.
It should be harmless, but it doesn't look nice. I would consider this as a bug.
> I believe that xfrd.state should be owned by nsd:nsd as the daemon needs
> to write to that file.
After changing the owner to nsd:nsd I believe this problem is fixed. Thanks!
Kind Regards,
Kaulkwappe
From: Simon Deziel <si...@sdeziel.info>
Sent: Sunday, 24. Nov 2019 – 22:07 CET +0100
To: nsd-users@NLnetLabs.nl
Subject: Re: [nsd-users] Permission error after upgrade to Debian Buster (10.2)
From: Simon Deziel <si...@sdeziel.info>
Sent: Sunday, 24. Nov 2019 – 22:07 CET +0100
To: nsd-users@NLnetLabs.nl
Subject: Re: [nsd-users] Permission error after upgrade to Debian Buster (10.2)
On 2019-11-24 3:05 p.m., Kaulkwappe wrote: > Hi Simon, > > thanks for your fast answer. > > It seems that you're right that NSD tries to open the files as root user – which > seems is blocked by the restrictive nsd.service configuration. See also: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=938987 > > So, I changed the owner of all the files to 'root:root' and added '/var/log' to > 'ReadWritePaths'. Then NSD starts without any problems. > > However, on the next startup I see that NSD always changes back the ownership of > '/var/log/nsd.log' from 'root:root' back to the nsd user. This leads to > following error message: > > Nov 24 18:48:05 ns2 nsd[1959]: [2019-11-24 18:48:05.896] nsd[1959]: error: > Cannot open /var/log/nsd.log for appending (Read-only file system), logging to > stderr
I would have expect a permission error instead of a "read-only" one. It looks as if /var/log was not properly added to be ReadWritePaths set. > When I stop NSD, I get following messages: > > Nov 24 21:01:22 ns2 nsd[2168]: [2019-11-24 21:01:22.109] nsd[2169]: warning: > signal received, shutting down... > > Nov 24 21:01:22 ns2 nsd[2168]: [2019-11-24 21:01:22.112] nsd[2169]: warning: > failed to unlink pidfile /run/nsd/nsd.pid: Permission denied This unlink failure is expected and AFAICT harmless. > > Nov 24 21:01:22 ns2 nsd[2168]: [2019-11-24 21:01:22.117] nsd[2168]: error: > xfrd: Could not open file /var/lib/nsd/xfrd.state for writing: Permission denied > > This is very confusing since /var/lib/nsd/xfrd.state still has root:root, while > NSD created the /run/nsd/nsd.pid using nsd:nsd. I believe that xfrd.state should be owned by nsd:nsd as the daemon needs to write to that file. For reference, here's what it looks on my local slave: root@ns0:~# ll /var/lib/nsd/xfrd.state /run/nsd/nsd.* srwxr-xr-x 1 nsd nsd 0 Nov 24 19:41 /run/nsd/nsd.ctl= -rw-r--r-- 1 nsd nsd 4 Nov 24 19:41 /run/nsd/nsd.pid -rw-r--r-- 1 nsd nsd 2702 Nov 24 19:39 /var/lib/nsd/xfrd.state Regards, Simon _______________________________________________ nsd-users mailing list nsd-users@NLnetLabs.nl https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
_______________________________________________ nsd-users mailing list nsd-users@NLnetLabs.nl https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
