[opensuse] bind: the working directory is not writable
Error on starting named. rpm -q bind bind-9.8.1P1-4.8.1.i586 /etc/named.conf options { directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; listen-on-v6 { any; }; notify no; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; }; zone "." in { type hint; file "root.hint"; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; include "/etc/named.conf.include"; with /var/lib drwxr-xr-x 9 named named 4096 Jan 26 07:50 named /etc/named.conf.include is empty What am I doing wrong? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn wrote:
Error on starting named. rpm -q bind bind-9.8.1P1-4.8.1.i586
/etc/named.conf options { directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; listen-on-v6 { any; }; notify no; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; }; zone "." in { type hint; file "root.hint"; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; include "/etc/named.conf.include";
with /var/lib drwxr-xr-x 9 named named 4096 Jan 26 07:50 named /etc/named.conf.include is empty
What am I doing wrong?
Quite likely nothing. I have not looked into why bind complains about the working directory not being writable, but it does not cause a problem for me. -- Per Jessen, Zürich (3.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 26/01/12 11:51, Per Jessen wrote:
lynn wrote:
Error on starting named. rpm -q bind bind-9.8.1P1-4.8.1.i586
/etc/named.conf options { directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; listen-on-v6 { any; }; notify no; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; }; zone "." in { type hint; file "root.hint"; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; include "/etc/named.conf.include";
with /var/lib drwxr-xr-x 9 named named 4096 Jan 26 07:50 named /etc/named.conf.include is empty
What am I doing wrong? Quite likely nothing. I have not looked into why bind complains about the working directory not being writable, but it does not cause a problem for me.
I've yet to see an error free named log without having to intervene manually. If it doesn't need to write to the working directory, then why print the message? named has places under the working directory where it can write. Who does it think it is? Would it at least be possible to lose 'writable';) L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Jan 26, 2012 at 08:03:28AM +0100, lynn wrote:
Error on starting named. rpm -q bind bind-9.8.1P1-4.8.1.i586
/etc/named.conf options { directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats";
And /var/log is owned by which user and has which permissions? BIND is configured the default way to start chrooted? Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On 26/01/12 14:30, Lars Müller wrote:
On Thu, Jan 26, 2012 at 08:03:28AM +0100, lynn wrote:
Error on starting named. rpm -q bind bind-9.8.1P1-4.8.1.i586
/etc/named.conf options { directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; And /var/log is owned by which user and has which permissions?
BIND is configured the default way to start chrooted?
Lars
Hi. Still no luck: /etc/named.conf options { directory "/var/lib/named"; managed-keys-directory "/var/lib/named/dyn/"; #dump-file "/var/log/named_dump.db"; #statistics-file "/var/log/named.stats"; produces: Jan 27 18:34:36 hh3 named[2547]: the working directory is not writable Yast SysConfig was used to change named to non-chroot ls -la /var drwxr-xr-x 12 root root 4096 Jan 27 18:28 log The only way I can fix it is to change the working directory to named:named :( L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Jan 27, 2012 at 06:49:58PM +0100, lynn wrote: [ 8< ]
Still no luck: /etc/named.conf options { directory "/var/lib/named"; managed-keys-directory "/var/lib/named/dyn/"; #dump-file "/var/log/named_dump.db"; #statistics-file "/var/log/named.stats"; produces: Jan 27 18:34:36 hh3 named[2547]: the working directory is not writable
Yast SysConfig was used to change named to non-chroot
No further comment. You know it better anyway. :)
ls -la /var drwxr-xr-x 12 root root 4096 Jan 27 18:28 log
The only way I can fix it is to change the working directory to named:named :(
Which working directory are you talking about? Please name the path. /var/log must not be owned by named. It looks like your bind configuration leads to more write attempts at different locations than in the default configuration case. Either use AppArmor in complain mode to see what's going on or follow the daemon with strace for example. After you identified the location the next step is to find a fitting runtime configuration parameter to adjust your config. Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Fri, Jan 27, 2012 at 1:21 PM, Lars Müller
On Fri, Jan 27, 2012 at 06:49:58PM +0100, lynn wrote: [ 8< ]
Still no luck: /etc/named.conf options { directory "/var/lib/named"; managed-keys-directory "/var/lib/named/dyn/"; #dump-file "/var/log/named_dump.db"; #statistics-file "/var/log/named.stats"; produces: Jan 27 18:34:36 hh3 named[2547]: the working directory is not writable
Yast SysConfig was used to change named to non-chroot
No further comment. You know it better anyway. :)
ls -la /var drwxr-xr-x 12 root root 4096 Jan 27 18:28 log
The only way I can fix it is to change the working directory to named:named :(
Which working directory are you talking about? Please name the path.
/var/log must not be owned by named.
It looks like your bind configuration leads to more write attempts at different locations than in the default configuration case.
Either use AppArmor in complain mode to see what's going on or follow the daemon with strace for example.
After you identified the location the next step is to find a fitting runtime configuration parameter to adjust your config.
Cheers,
Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
I had a lot of issue with bind because of AppArmor was running Check the status of AppArmor, if it running shut it down, under /etc/apparmor.d remove from that dir ( for now place it root) the named file Restart named See if you are getting that error still, make sure that named owns /var/lib/named chown named.named /var/lib/named -R -- Terror PUP a.k.a Chuck "PUP" Payne (678) 636-9678 ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- en.opensuse.org/User:Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Register Linux Userid: 155363 Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try. www.susestudio.com. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Jan 27, 2012 at 01:46:36PM -0500, Chuck Payne wrote: [ 8< ]¹
I had a lot of issue with bind because of AppArmor was running
The bug IDs or better submit requests to fix them are which?
Check the status of AppArmor, if it running shut it down, under /etc/apparmor.d remove from that dir ( for now place it root) the named file
Restart named
See if you are getting that error still, make sure that named owns /var/lib/named
chown named.named /var/lib/named -R
Bad and wrong. For missing the simple and straight security concept: -20 points. ;) Lars ¹ superfluous full quote purged. -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On 27/01/12 19:21, Lars Müller wrote:
On Fri, Jan 27, 2012 at 06:49:58PM +0100, lynn wrote: [ 8< ]
Still no luck: /etc/named.conf options { directory "/var/lib/named"; managed-keys-directory "/var/lib/named/dyn/"; #dump-file "/var/log/named_dump.db"; #statistics-file "/var/log/named.stats"; produces: Jan 27 18:34:36 hh3 named[2547]: the working directory is not writable
Yast SysConfig was used to change named to non-chroot No further comment. You know it better anyway. :)
ls -la /var drwxr-xr-x 12 root root 4096 Jan 27 18:28 log
The only way I can fix it is to change the working directory to named:named :( Which working directory are you talking about? Please name the path. /var/lib/named
/var/log must not be owned by named. ls -la /var drwxr-xr-x 12 root root 4096 Jan 27 18:28 log
It looks like your bind configuration leads to more write attempts at different locations than in the default configuration case.
Either use AppArmor in complain mode to see what's going on or follow the daemon with strace for example.
After you identified the location the next step is to find a fitting runtime configuration parameter to adjust your config.
Cheers,
Lars
The only thing not default about this configuration is the non chroot. Everything else is as it comes as of last update. Does changing to non chroot cause this error? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Jan 27, 2012 at 11:06:33PM +0100, lynn wrote:
On 27/01/12 19:21, Lars Müller wrote: [ 8< ]
Which working directory are you talking about? Please name the path. /var/lib/named
As stated before by security reasons this directory should be owned by user and group root.
It looks like your bind configuration leads to more write attempts at different locations than in the default configuration case.
Either use AppArmor in complain mode to see what's going on or follow the daemon with strace for example.
Have you tried this? Believe me, this will open your eyes.
After you identified the location the next step is to find a fitting runtime configuration parameter to adjust your config.
The only thing not default about this configuration is the non chroot. Everything else is as it comes as of last update. Does changing to non chroot cause this error?
Very, very likely not. As I'm eating our own dog food I can proof the default configuration works as expected. The recent update only addressed the handling of the /var/run/named file. I would setup either a separate install in a virtual or chroot environment. Or first look at the output of strace or AppArmor in complain mode. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
participants (4)
-
Chuck Payne
-
Lars Müller
-
lynn
-
Per Jessen