Re: Preferred log location with ISC copr package
> I did a fresh installation from isc/bind-esv onto CentOS 7. It doesn't look > to me like the permissions on the log directory were set correctly. > > > drwxr-xr-x. 2 root root 6 May 15 23:29 /var/opt/isc/isc-bind/log > > drwxr-x---. 3 root named 18 May 20 15:01 /var/opt/isc/isc-bind/named > > drwxrwx---. 2 named named 77 May 20 15:52 /var/opt/isc/isc-bind/named/data > > > The helpful suggestion above had me expecting the log directory would be set > similar to the named/data directory, with write permissions for the process > UID. > > My follow-up question is: Should the package installation have set different > owner:group and permissions on /var/opt/isc/isc-bind/log? My apologies for not making myself entirely clear in my previous message. Let me try again. ISC packages only set up the following directory for logging purposes: /var/opt/isc/isc-bind/named/data If you want to make named write logs to any other directory, you have to set up that directory yourself. -- Best regards, Michał Kępień ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Preferred log location with ISC copr package
On 5/21/2019 5:08 AM, Michał Kępień wrote: A directory was created as part of the package installation: /var/opt/isc/isc-bind/log/ Correct, this directory is a part of the standard Software Collection runtime which is created at package build time according to macros provided by Red Hat. Since I'm new the "Software Collection" paradigm, I don't know if this is an acceptable location for my operational logs. It is as acceptable as any other location to which named has write access. The default path I mentioned above is set up automatically upon package installation; if you would like to log to a different file, you will have to take care of ensuring proper filesystem permissions and SELinux labelling yourself. You can also consider logging to a syslog daemon and configuring it to your liking as an alternative to logging directly to a file. I did a fresh installation from isc/bind-esv onto CentOS 7. It doesn't look to me like the permissions on the log directory were set correctly. drwxr-xr-x. 2 root root 6 May 15 23:29 /var/opt/isc/isc-bind/log drwxr-x---. 3 root named 18 May 20 15:01 /var/opt/isc/isc-bind/named drwxrwx---. 2 named named 77 May 20 15:52 /var/opt/isc/isc-bind/named/data The helpful suggestion above had me expecting the log directory would be set similar to the named/data directory, with write permissions for the process UID. My follow-up question is: Should the package installation have set different owner:group and permissions on /var/opt/isc/isc-bind/log? -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@alaska.gov Department of Administration State of Alaska ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Preferred log location with ISC copr package
Hi John, > I'm considering changing one of my BIND installations to use the > experimental ISC-provided packages: > https://www.isc.org/blogs/bind-9-packages/ > > With these packages, what it the recommended location for log files? By default, ISC packages try to mimic what stock RHEL/CentOS BIND packages are doing, i.e. named logs are written to the Software Collection counterpart of /var/named/data/named.run, i.e. /var/opt/isc/isc-bind/named/data/named.run. However, this is just a default and you are in no way limited to that. > A directory was created as part of the package installation: > /var/opt/isc/isc-bind/log/ Correct, this directory is a part of the standard Software Collection runtime which is created at package build time according to macros provided by Red Hat. > Since I'm new the "Software Collection" paradigm, I don't know if this is an > acceptable location for my operational logs. It is as acceptable as any other location to which named has write access. The default path I mentioned above is set up automatically upon package installation; if you would like to log to a different file, you will have to take care of ensuring proper filesystem permissions and SELinux labelling yourself. You can also consider logging to a syslog daemon and configuring it to your liking as an alternative to logging directly to a file. > Is that location going to get > trashed when I install the next update? We do our best to ensure our packages do not trash anything in an irreversible manner. Thus, this should not be an issue. You can try it out yourself, e.g. by installing BIND from the isc/bind Copr first, then adding the isc/bind-dev Copr as well and finally running "yum update". Hope this helps, -- Best regards, Michał Kępień ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Preferred log location with ISC copr package
I'm considering changing one of my BIND installations to use the experimental ISC-provided packages: https://www.isc.org/blogs/bind-9-packages/ With these packages, what it the recommended location for log files? A directory was created as part of the package installation: /var/opt/isc/isc-bind/log/ Since I'm new the "Software Collection" paradigm, I don't know if this is an acceptable location for my operational logs. Is that location going to get trashed when I install the next update? -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@alaska.gov Department of Administration State of Alaska ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
