Glenn English wrote:
> I'm getting (and have been for a while) log entries from my slave
> nameservers like:
>
> dumping master file: /var/cache/bind/tmp-0EIP3LrP0G: open: permission denied
>...
> drwxrwxr-x 2 bind bind 4096 May 21 10:09 /var/cache/bind/
Good.
> Any ideas?
The first reason that comes to mind for permission denied is that it
doesn't have permission. Because the permission is allowed for user
and group bind then it follows that the named must be running as a
different user rather than the bind user. Therefore the "-u bind"
option must have been removed.
$ grep OPTIONS /etc/default/bind9
OPTIONS="-u bind"
$ ps -ef | grep named
bind 2257 1 0 May20 ? 00:00:27 /usr/sbin/named -u bind
^^^^
$ id bind
uid=107(bind) gid=115(bind) groups=115(bind)
The numbers above are not significant and depend upon the
system. Your numbers will be different from this example.
It is only important that "bind" shows up in all three places and
not some other name.
Has the "-u bind" option been removed and the daemon is therefore
running as a different user id?
If it isn't that then I would suspect selinux has become enabled but
not fully configured.
Bob
Attachment:
signature.asc
Description: Digital signature