On 5/21/2019 5:08 AM, Michał Kępień wrote:
A directory was created as part of the package installation:
/var/opt/isc/isc-bind/log/
Correct, this directory is a part of the standard Software Collection
runtime which is created at package build time according to macros
provided by Red Hat.
Since I'm new the "Software Collection" paradigm, I don't know if this is an
acceptable location for my operational logs.
It is as acceptable as any other location to which named has write
access. The default path I mentioned above is set up automatically upon
package installation; if you would like to log to a different file, you
will have to take care of ensuring proper filesystem permissions and
SELinux labelling yourself. You can also consider logging to a syslog
daemon and configuring it to your liking as an alternative to logging
directly to a file.
I did a fresh installation from isc/bind-esv onto CentOS 7. It doesn't
look to me like the permissions on the log directory were set correctly.
drwxr-xr-x. 2 root root 6 May 15 23:29 /var/opt/isc/isc-bind/log
drwxr-x---. 3 root named 18 May 20 15:01 /var/opt/isc/isc-bind/named
drwxrwx---. 2 named named 77 May 20 15:52 /var/opt/isc/isc-bind/named/data
The helpful suggestion above had me expecting the log directory would be
set similar to the named/data directory, with write permissions for the
process UID.
My follow-up question is: Should the package installation have set
different owner:group and permissions on /var/opt/isc/isc-bind/log?
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
