=== /etc/bind
total 84K
drwxr-sr-x 3 root bind 4,0K jun 28 17:07 .
drwxr-xr-x 134 root root 12K jun 22 11:15 ..
-rw-r--r-- 1 root root 2,4K feb 26 06:27 bind.keys
-rw-r--r-- 1 root root 255 feb 26 06:27 db.0
-rw-r--r-- 1 root root 271 jun 30 2017 db.127
-rw-r--r-- 1 root root 237 jun 30 2017 db.255
-rw-r--r-- 1 root root 353 jun 30 2017 db.empty
-rw-r--r-- 1 root root 270 jun 30 2017 db.local
-rw-r--r-- 1 root root 3,1K may 3 2019 db.root
-rw-r--r-- 1 root bind 458 feb 26 06:27 named.conf
-rw-r--r-- 1 root root 498 ago 25 2020 named.conf.default-zones
-rw-r--r-- 1 root root 1,2K jun 28 16:51 named.conf.local
-rw-r--r-- 1 root root 2,8K jun 27 17:44 named.conf.options
-rw-r----- 1 bind bind 144 may 17 13:51 rndc.key
drwxr-xr-x 2 root bind 4,0K jun 28 16:54 zonas
-rw-r--r-- 1 root root 1,3K jun 30 2017 zones.rfc1918
=== /etc/bind/zonas
total 40K
drwxr-xr-x 2 root bind 4,0K jun 28 16:54 .
drwxr-sr-x 3 root bind 4,0K jun 29 07:51 ..
-rw-r--r-- 1 bind bind 323 ene 16 10:59 133.45.210.170.in-addr.arpa
-rw-r--r-- 1 bind bind 394 ene 16 10:58
3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.6.4.4.0.0.0.1.1.0.0.0.8.2.ip6.arpa
-rw-r--r-- 1 bind bind 5,4K jun 22 12:40 db.unau.edu.ar
=== /var/cache/bind/keys/
total 24K
drwxrwx--- 2 root bind 4,0K jun 23 11:26 .
drwxrwxr-x 3 root bind 4,0K jun 28 16:56 ..
-rw-r----- 1 root bind 342 jun 23 11:25 Kunau.edu.ar.+013+33519.key
-rw-r----- 1 root bind 187 jun 23 11:25 Kunau.edu.ar.+013+33519.private
-rw-r----- 1 root bind 341 jun 23 11:25 Kunau.edu.ar.+013+44318.key
-rw-r----- 1 root bind 187 jun 23 11:25 Kunau.edu.ar.+013+44318.private
Error is not the same as before, I see it know (fresh eyes maybe)
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400
audit(1688038957.689:549): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400
audit(1688038957.689:549): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
So, shouldn't that write attempt happen in /var/cache/bind?
El 28/6/23 a las 21:18, Mark Andrews escribió:
Show us the current permissions now that you have fixed them including every
directory from
the root. The permissions you had originally where wrong and wouldn’t normally
be that way.
Something or someone changed them. It may have happened again. We can’t see
what you see
so you have to show more details. If you you still have an error message
cut-and-paste the
new one including time stamps.
On 29 Jun 2023, at 09:03, Daniel A. Rodriguez via
bind-users<bind-users@lists.isc.org> wrote:
Exactly the same
El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews<ma...@isc.org>
escribió:
The *exact* same error, word for word, or a different permission denied?
On 29 Jun 2023, at 06:35, Daniel Armando Rodriguez via
bind-users<bind-users@lists.isc.org> wrote:
However, as soon as I added this
dnssec-policy "default";
inline-signing yes;
Error came up again :-(
--
Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us athttps://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us athttps://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
________________________________________________
*Daniel A. Rodriguez*
/Informática, Conectividad y Sistemas/
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina
informatica.unau.edu.ar <https://informatica.unau.edu.ar>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users