Dear Randy, On 05/30/2018 08:03 PM, Randy Bush wrote: >> # grep File /etc/opendnssec/zonelist.xml >> <Adapter type="File">/var/opendnssec/unsigned/ca</Adapter> >> <Adapter type="File">/var/opendnssec/signed/ca</Adapter> > > # ls -l /usr/local/var/opendnssec/unsigned/2001.0418.3807 > -rw-r--r-- 1 opendnssec staff 2581 Sep 17 2017 > /usr/local/var/opendnssec/unsigned/2001.0418.3807 > # ls -ld /usr/local/var/opendnssec/unsigned > drwxrwxr-x 2 opendnssec opendnssec 1024 May 30 15:33 > /usr/local/var/opendnssec/unsigned/
These are only used for reading, so these wouldn't get the earlier problem. > # ls -ld /usr/home/dns/primary > drwxrwsr-x 3 bind bind 2048 May 27 15:10 /usr/home/dns/primary/ > # ls -l /usr/home/dns/primary/2001.0418.8006 > -rw-r--r-- 1 opendnssec bind 82491 May 27 15:10 > /usr/home/dns/primary/2001.0418.8006 I guess you mention this because it is either specified in the <Adaptor> part that indicated where the output file should go. If this is indeed the case, this will probably be the issue. Even through /usr/home/dns/primary/2001.0418.8006 is writable by the opendnssec user (I guess you are running the signer as the opendnssec user id), the directory in which it is contained is not. The /usr/home/dns/primary needs to be writable as well. The signer need to write a new file (with .tmp appended) and then move this new file over the old file. Hence it will need write permissions on the directory. This procedure is necessary to make the action atomic as the consumer of the file (bind or NSD) might decide to read file file mid-way and that would be wrong. If the above assumptions are not correct it might be related to either the user id that the signer is running as or some other setting in your conf.xml, for which I would then need more info. But I suspect the above explanation. \Berry >> # grep -i working conf.xml >> <WorkingDirectory>/var/opendnssec/tmp</WorkingDirectory> > > > # grep -i working /usr/local/etc/opendnssec/conf.xml > > <WorkingDirectory>/usr/local/var/opendnssec/tmp</WorkingDirectory> > > <WorkingDirectory>/usr/local/var/opendnssec/tmp</WorkingDirectory> > # ls -ld /usr/local/var/opendnssec/tmp > drwxr-xr-x 3 opendnssec opendnssec 2560 May 30 15:54 > /usr/local/var/opendnssec/tmp/ > > randy > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
