(should be) simple bind problem
I'm getting (and have been for a while) log entries from my slave nameservers like:
dumping master file: /var/cache/bind/tmp-0EIP3LrP0G: open: permission denied
I also see problems with updating modification times of incoming files from masters.
Debian Wheezy, Bind9
There are hundreds of discussions of this problem on the 'Net, and as one of them says, "I've tried them all." Most had to do with fixing named.conf* and permissions on directories:
root@srv:~# egrep directory /etc/bind/named.conf.options
directory "/var/cache/bind";
root@srv:~# ls -ld /var
drwxr-xr-x 12 root root 4096 Jul 15 2014 /var
root@srv:~# ls -ld /var/cache/
drwxr-xr-x 16 root root 4096 Oct 11 2014 /var/cache/
root@srv:~# ls -ld /var/cache/bind/
drwxrwxr-x 2 bind bind 4096 May 21 10:09 /var/cache/bind/
Permissions and directories look OK to me.
I gave user bind a password and a live shell, logged in, and:
root@srv:~# su - bind
bind@srv:~$ pwd
/var/cache/bind
bind@srv:~$ touch /var/cache/bind/tmp-0EIP3LrP0G
bind@srv:~$ ls -lh /var/cache/bind/tmp-0EIP3LrP0G
-rw-r--r-- 1 bind bind 0 May 21 12:54 /var/cache/bind/tmp-0EIP3LrP0G
It seems to be able to create files.
I added 'bind' to my groups and:
ghe@srv:~$ touch /var/cache/bind/test
ghe@srv:~$ ls -lh /var/cache/bind/test
-rw-r--r-- 1 ghe ghe 0 May 21 13:25 /var/cache/bind/test
One interesting fix I saw involved SELinux; it said that -- I've been at this for a while, so details are fuzzy -- SELinux changes Bind functionality so it can't write some things. But the solution involved sesetbool (approximately; a program to set boolean vars in SELinux) and according to bash and man, the executable doesn't exist on my servers. I can see traces of SELinux here, but nothing I can figure out how to look at.
None of my other server software has this problem, just Bind.
Any ideas?
--
Glenn English
Reply to: