centos 6.2 bind slaves permission denied
centos 6.2 bind slaves permission denied
Hi all, I have replaced a dead dns slave server, with a fresh install centos 6.2 bind version that shipped with it.
my setup included
Webmin 1.570 used for managing
bind 9.7.3-8.P3.el6_2.1
bind-chroot 9.7.3-8.P3.el6_2.1
bind-libs 9.7.3-8.P3.el6_2.1
bind-utils 9.7.3-8.P3.el6_2.1
opening needed ports in firewall
port 53 tcp and udp
disabling recursion -- this is to be an authoritative slave only.
creating rndc key via the webmin interface
once i create the slaves on the new server via webmin it wont actually write the data to disk. i get a few errors in logs that seem to be related to file permissions but I am not be a true unix head so i cant be sure.
it does create empty files in /var/named/chroot/var/named/slaves
error recorded in the messages log.
ns1 named[8126]: zone mydomain.org/IN: refresh: could not set file modification time of '/var/named/slaves/mydomain.org.hosts': permission denied
I have tried on another system a fedora 5 machine and it pulls the files down without issue.
my setup included
Webmin 1.570 used for managing
bind 9.7.3-8.P3.el6_2.1
bind-chroot 9.7.3-8.P3.el6_2.1
bind-libs 9.7.3-8.P3.el6_2.1
bind-utils 9.7.3-8.P3.el6_2.1
opening needed ports in firewall
port 53 tcp and udp
disabling recursion -- this is to be an authoritative slave only.
creating rndc key via the webmin interface
once i create the slaves on the new server via webmin it wont actually write the data to disk. i get a few errors in logs that seem to be related to file permissions but I am not be a true unix head so i cant be sure.
it does create empty files in /var/named/chroot/var/named/slaves
error recorded in the messages log.
ns1 named[8126]: zone mydomain.org/IN: refresh: could not set file modification time of '/var/named/slaves/mydomain.org.hosts': permission denied
I have tried on another system a fedora 5 machine and it pulls the files down without issue.
Re: centos 6.2 bind slaves permission denied
Try
[code]
setsebool -P named_write_master_zones 1
[/code]
[code]
setsebool -P named_write_master_zones 1
[/code]
Re: centos 6.2 bind slaves permission denied
that does not seem to have done anything thanks for the suggestion. I grabbed another pc and installed cent 6.2 same issue bug???
Re: centos 6.2 bind slaves permission denied
Look in /var/log/messages and see if you have any SElinux denial messages. Also post the output from
[code]
ls -laZ /var/named/slaves/mydomain.org.hosts
ls -laZ /var/named/chroot/var/named/slaves/mydomain.org.hosts
[/code]
[code]
ls -laZ /var/named/slaves/mydomain.org.hosts
ls -laZ /var/named/chroot/var/named/slaves/mydomain.org.hosts
[/code]
Re: centos 6.2 bind slaves permission denied
there was nothing from selinux in that folder I dont believe it is installed by default any longer and frankly i would have removed it.
outputs
[root@ns1 slaves]# ls -laZ /var/named/slaves/
drwxrwx---. named named system_u:object_r:named_cache_t:s0 .
drwxr-x---. root named system_u:object_r:named_zone_t:s0 ..
[root@ns1 slaves]# ls -laZ /var/named/chroot/var/named/slaves/
drwxrwx---. named named unconfined_u:object_r:named_zone_t:s0 .
drwxr-x---. root named system_u:object_r:named_zone_t:s0 ..
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rw-rw----. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
I think this is what you were looking for
Thanks in Advance!
outputs
[root@ns1 slaves]# ls -laZ /var/named/slaves/
drwxrwx---. named named system_u:object_r:named_cache_t:s0 .
drwxr-x---. root named system_u:object_r:named_zone_t:s0 ..
[root@ns1 slaves]# ls -laZ /var/named/chroot/var/named/slaves/
drwxrwx---. named named unconfined_u:object_r:named_zone_t:s0 .
drwxr-x---. root named system_u:object_r:named_zone_t:s0 ..
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rw-rw----. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
-rwxrwx---. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
I think this is what you were looking for
Thanks in Advance!
Re: centos 6.2 bind slaves permission denied
to my incredible surprise selinux was enabled. it is not now I shall see after a reboot.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
centos 6.2 bind slaves permission denied
That should not be a surprise. Having SELinux installed and enabled is, and should be, the normal state of affairs. Why forgo one of the major features of an Enterprise Linux distribution?
Re: centos 6.2 bind slaves permission denied
I really recommend that you leave it enabled - it's no longer the beast that it used to be and offers a significant increase in security. If you want to test if it is the problem or not then you can run `setenforce 0` to put it into permissive mode on the fly.
Did you edit the output of the second ls -laZ - all the files there appear to be called the same thing which actually makes debugging incredibly difficult! There is one in that list that has different permissions to all the others - is the real name of that the same as the real message in your logs?
[quote]
-rw-rw----. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
[/quote]
Did you edit the output of the second ls -laZ - all the files there appear to be called the same thing which actually makes debugging incredibly difficult! There is one in that list that has different permissions to all the others - is the real name of that the same as the real message in your logs?
[quote]
-rw-rw----. named named system_u:object_r:named_zone_t:s0 mydomain.com.hosts
[/quote]
Re: centos 6.2 bind slaves permission denied
that one record was a bit different from me trying things.
so I started over uninstall bind all of it. delete the directory's and re install. this way i am sure i didn't fuzt it up.
selinux permissive I know but it has been a pain in the past.
output
[root@ns1 slaves]# ls -laZ /var/named/chroot/var/named/slaves/
drwxr-xr-x. root root system_u:object_r:named_zone_t:s0 .
drwxr-x---. root named system_u:object_r:named_zone_t:s0 ..
-rw-r--r--. root root system_u:object_r:named_zone_t:s0 ldrs31.org.hosts
thanks again for your efforts.
so I started over uninstall bind all of it. delete the directory's and re install. this way i am sure i didn't fuzt it up.
selinux permissive I know but it has been a pain in the past.
output
[root@ns1 slaves]# ls -laZ /var/named/chroot/var/named/slaves/
drwxr-xr-x. root root system_u:object_r:named_zone_t:s0 .
drwxr-x---. root named system_u:object_r:named_zone_t:s0 ..
-rw-r--r--. root root system_u:object_r:named_zone_t:s0 ldrs31.org.hosts
thanks again for your efforts.
Re: centos 6.2 bind slaves permission denied
OK, now the permissions are just wrong :-)
[quote]
-rw-r--r--. root root system_u:object_r:named_zone_t:s0 ldrs31.org.hosts
[/quote]
This should probably be owned by named:named as should the /var/named/chroot/var/named/slaves/ directory.
[quote]
-rw-r--r--. root root system_u:object_r:named_zone_t:s0 ldrs31.org.hosts
[/quote]
This should probably be owned by named:named as should the /var/named/chroot/var/named/slaves/ directory.