Hi all,
I'm using CentOS 6 x86-64 and configured my dhcpd server to send updates to named.
named receive and accepts these updates.
A journal file will be created.
named is running chroot.
But when I issue an "rndc freeze" I got always this error:
[root@server2 dynamic]# rndc freeze
rndc: 'freeze' failed: permission denied
In /var/log/messages:
named[22450]: received control channel command 'freeze'
named[22450]: dumping master file: rename: dynamic/xxx.xxx.xxx.in-addr.arpa: permission denied
named[22450]: freezing zone 'xxx.xxx.xxx.in-addr.arpa/IN': permission denied
named[22450]: dumping master file: rename: dynamic/mydomain.local: permission denied
named[22450]: freezing zone 'mydomain.local/IN': permission denied
named[22450]: freezing all zones: permission denied
The user "named" and the group "named" have write permissions in the dynamic directory (mode 770).
named creates in this directory the tmp- files and the journal files!
The zone files are owned by named and are writeable by named (mode 644)
The tmp directory in chroot has access writes "rwxrwxrwt" (sticky bit set) and is owned by named.
A "rndc dumpdb" is working and writes down the database. The same for stats.
I searched in Google and any tip resolved my issues.
Do you have any suggestions, please?
Kind regards
Bernd
[SOLVED] rndc freeze failed: permission denied
Re: rndc freeze failed: permission denied
Is SELinux enabled? Make sure you have a line in /etc/sysconfig/named that says
[code]
ENABLE_ZONE_WRITE=yes
[/code]
Also worth checking to see what is said by
[code]
# getsebool named_write_master_zones
named_write_master_zones --> off
[/code]
[code]
ENABLE_ZONE_WRITE=yes
[/code]
Also worth checking to see what is said by
[code]
# getsebool named_write_master_zones
named_write_master_zones --> off
[/code]
Re: rndc freeze failed: permission denied
Hi TrevorH,
thanks for your reply.
[quote]
TrevorH wrote:
Is SELinux enabled? Make sure you have a line in /etc/sysconfig/named that says
[code]
ENABLE_ZONE_WRITE=yes
[/code]
[/quote]
I had this set and restartet named several times before.
I didn't realized, SELinux is turned on by default.
[quote]
Also worth checking to see what is said by
[code]
# getsebool named_write_master_zones
named_write_master_zones --> off
[/code][/quote]
Therefore named_write_master_zones was off.
Changing it to on and my updates to the master files work! :-o
Many Thanks.
:lol:
Kind regards
Bernd
thanks for your reply.
[quote]
TrevorH wrote:
Is SELinux enabled? Make sure you have a line in /etc/sysconfig/named that says
[code]
ENABLE_ZONE_WRITE=yes
[/code]
[/quote]
I had this set and restartet named several times before.
I didn't realized, SELinux is turned on by default.
[quote]
Also worth checking to see what is said by
[code]
# getsebool named_write_master_zones
named_write_master_zones --> off
[/code][/quote]
Therefore named_write_master_zones was off.
Changing it to on and my updates to the master files work! :-o
Many Thanks.
:lol:
Kind regards
Bernd
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
[SOLVED] rndc freeze failed: permission denied
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.
Thanks for reporting back. Marking this thread [SOLVED] for posterity.
Thanks for reporting back. Marking this thread [SOLVED] for posterity.