Re: Master file permission denied

Thu, 29 Jun 2023 05:16:55 -0700 

=== /etc/bind
total 84K
drwxr-sr-x   3 root bind 4,0K jun 28 17:07 .
drwxr-xr-x 134 root root  12K jun 22 11:15 ..
-rw-r--r--   1 root root 2,4K feb 26 06:27 bind.keys
-rw-r--r--   1 root root  255 feb 26 06:27 db.0
-rw-r--r--   1 root root  271 jun 30  2017 db.127
-rw-r--r--   1 root root  237 jun 30  2017 db.255
-rw-r--r--   1 root root  353 jun 30  2017 db.empty
-rw-r--r--   1 root root  270 jun 30  2017 db.local
-rw-r--r--   1 root root 3,1K may  3  2019 db.root
-rw-r--r--   1 root bind  458 feb 26 06:27 named.conf
-rw-r--r--   1 root root  498 ago 25  2020 named.conf.default-zones
-rw-r--r--   1 root root 1,2K jun 28 16:51 named.conf.local
-rw-r--r--   1 root root 2,8K jun 27 17:44 named.conf.options
-rw-r-----   1 bind bind  144 may 17 13:51 rndc.key
drwxr-xr-x   2 root bind 4,0K jun 28 16:54 zonas
-rw-r--r--   1 root root 1,3K jun 30  2017 zones.rfc1918


=== /etc/bind/zonas
total 40K
drwxr-xr-x 2 root bind 4,0K jun 28 16:54 .
drwxr-sr-x 3 root bind 4,0K jun 29 07:51 ..
-rw-r--r-- 1 bind bind  323 ene 16 10:59 133.45.210.170.in-addr.arpa
-rw-r--r-- 1 bind bind  394 ene 16 10:58 3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.6.4.4.0.0.0.1.1.0.0.0.8.2.ip6.arpa 
-rw-r--r-- 1 bind bind 5,4K jun 22 12:40 db.unau.edu.ar

=== /var/cache/bind/keys/
total 24K
drwxrwx--- 2 root bind 4,0K jun 23 11:26 .
drwxrwxr-x 3 root bind 4,0K jun 28 16:56 ..
-rw-r----- 1 root bind  342 jun 23 11:25 Kunau.edu.ar.+013+33519.key
-rw-r----- 1 root bind  187 jun 23 11:25 Kunau.edu.ar.+013+33519.private
-rw-r----- 1 root bind  341 jun 23 11:25 Kunau.edu.ar.+013+44318.key
-rw-r----- 1 root bind  187 jun 23 11:25 Kunau.edu.ar.+013+44318.private

Error is not the same as before, I see it know (fresh eyes maybe)
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400 audit(1688038957.685:548): apparmor="DENIED" operation="mknod" profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974 comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107 Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400 audit(1688038957.689:549): apparmor="DENIED" operation="mknod" profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974 comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107 Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400 audit(1688038957.685:548): apparmor="DENIED" operation="mknod" profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974 comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107 Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400 audit(1688038957.689:549): apparmor="DENIED" operation="mknod" profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974 comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107 


So, shouldn't that write attempt happen in /var/cache/bind?



El 28/6/23 a las 21:18, Mark Andrews escribió:

Show us the current permissions now that you have fixed them including every 
directory from
the root.  The permissions you had originally where wrong and wouldn’t normally 
be that way.
Something or someone changed them.  It may have happened again.  We can’t see 
what you see
so you have to show more details.  If you you still have an error message 
cut-and-paste the
new one including time stamps.


On 29 Jun 2023, at 09:03, Daniel A. Rodriguez via 
bind-users<bind-users@lists.isc.org>  wrote:

Exactly the same


El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews<ma...@isc.org>  
escribió:
The *exact* same error, word for word, or a different permission denied?

On 29 Jun 2023, at 06:35, Daniel Armando Rodriguez via 
bind-users<bind-users@lists.isc.org>  wrote:

However, as soon as I added this

dnssec-policy "default";
inline-signing yes;

Error came up again :-(
--
Visithttps://lists.isc.org/mailman/listinfo/bind-users  to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us athttps://www.isc.org/contact/  for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


--
Visithttps://lists.isc.org/mailman/listinfo/bind-users  to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us athttps://www.isc.org/contact/  for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--
________________________________________________
        *Daniel A. Rodriguez*
/Informática, Conectividad y Sistemas/
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina
informatica.unau.edu.ar <https://informatica.unau.edu.ar>

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to