(should be) simple bind problem

Thu, 21 May 2015 12:45:05 -0700 

I'm getting (and have been for a while) log entries from my slave nameservers 
like: 

   dumping master file: /var/cache/bind/tmp-0EIP3LrP0G: open: permission denied

I also see problems with updating modification times of incoming files from 
masters.

Debian Wheezy, Bind9

There are hundreds of discussions of this problem on the 'Net, and as one of 
them says, "I've tried them all." Most had to do with fixing named.conf* and 
permissions on directories:

root@srv:~# egrep directory /etc/bind/named.conf.options 
        directory "/var/cache/bind";
root@srv:~# ls -ld /var
drwxr-xr-x 12 root root 4096 Jul 15  2014 /var
root@srv:~# ls -ld /var/cache/
drwxr-xr-x 16 root root 4096 Oct 11  2014 /var/cache/
root@srv:~# ls -ld /var/cache/bind/
drwxrwxr-x 2 bind bind 4096 May 21 10:09 /var/cache/bind/

Permissions and directories look OK to me. 

I gave user bind a password and a live shell, logged in, and:

root@srv:~# su - bind
bind@srv:~$ pwd
/var/cache/bind
bind@srv:~$ touch /var/cache/bind/tmp-0EIP3LrP0G
bind@srv:~$ ls -lh /var/cache/bind/tmp-0EIP3LrP0G
-rw-r--r-- 1 bind bind 0 May 21 12:54 /var/cache/bind/tmp-0EIP3LrP0G

It seems to be able to create files.

I added 'bind' to my groups and:

ghe@srv:~$ touch /var/cache/bind/test
ghe@srv:~$ ls -lh /var/cache/bind/test
-rw-r--r-- 1 ghe ghe 0 May 21 13:25 /var/cache/bind/test 

One interesting fix I saw involved SELinux; it said that -- I've been at this 
for a while, so details are fuzzy -- SELinux changes Bind functionality so it 
can't write some things. But the solution involved sesetbool (approximately; a 
program to set boolean vars in SELinux) and according to bash and man, the 
executable doesn't exist on my servers. I can see traces of SELinux here, but 
nothing I can figure out how to look at.

None of my other server software has this problem, just Bind.

Any ideas?

-- 
Glenn English




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/8390d5f5-4450-498d-a25a-5da5c16f1...@slsware.net

Reply via email to