Again ... El vie, 13-12-2019 a las 19:59 -0300, José Luis Artuch escribió: > Hi Kaulkwappe, > > El vie, 13-12-2019 a las 13:18 +0100, Kaulkwappe escribió: > > Unfortunately I still get this errors in NSD 4.1.26 on Debian > > Buster > > 10.2: > > > > 1) Log file: > > > error: Cannot open /var/log/nsd.log for appending (Permission > > denied), logging to std > > > > When it se the owner of nsd.log to root:root, I don't get an error > > message on start. However, after this start, NSD will change the > > owner to nsd:nsd and on the next start I will get this error > > message. > > > > 2) PID file: > > > warning: failed to unlink pidfile /run/nsd/nsd.pid: Permission > > denied > > It seems that NSD needs a PID file, because if I change pidfile: > > "/run/nsd/nsd.pid" to pidfile: "" I get: > > > > > error: cannot open pidfile : No such file or directory > > > error: cannot overwrite the pidfile : No such file or directory > > ---> Debian 10.2 > ---> NSD 4.1.26 > > About LOG and PID, I don't know if what I'm doing is correct, but > apparently NSD works correctly. > > In the NSD configuration file I considered: > > sudo nano /etc/nsd/nsd.conf > ... > logfile: "/var/run/log/nsd.log" > ... > pidfile: "/var/lib/nsd/nsd.pid" > ... > > With those routes I got the LOG written (I didn't get it written in > other places): > > sudo mc > ... > /var/run/log > /journal > nsd.log <--- !! > > But the LOG reported that the PID could not be written in > /var/lib/nsd due to permission issues ... > > Because I think *pid.nsd* must be written by *root*, I modified owner > and permissions like this: > > sudo chown root:nsd /var/lib/nsd > sudo chmod 755 /var/lib/nsd > > With this, the PID is now written: > > sudo mc > ... > /var/lib/nsd > nsd.db > nsd.pid <--- !! > xfrd.state > > Regards. > José Luis >
After several tests, restarting the server and restarting only NSD, the PID was truncated but stopped writing. So I believe that it is not *root* who writes it ... Then, I modified owner and permissions in this way: sudo chown nsd:nsd /var/lib/nsd sudo chmod 777 /var/lib/nsd Now PID is always written and the LOG does not report errors. > > From: JoséLuis Artuch <[email protected]> > > Sent: Tuesday, 26. Nov 2019 – 01:03 CET +0100 > > To: Kaulkwappe <[email protected]> > > [email protected] > > > > Subject: Re: [nsd-users] Permission error after upgrade to Debian > > Buster (10.2) > > > > Hi Kaulkwappe, > > > > El lun, 25-11-2019 a las 01:34 +0100, Kaulkwappe escribió: > > > > [...] I'd double check if it's indeed effective with "systemctl > > > show nsd | grep ReadWritePaths" > > > > > > Seems to be effective: > > > > # systemctl show nsd | grep ReadWritePaths > > > > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run > > > > > > The problem with the log file will never stop the NSD service > > > from > > > working (I believe) but the log file is quite important, so, of > > > course, NSD should be able to append to it. > > > > > > Does anyone already had this problem after an upgrade? > > > > > > Kind Regards, > > > Kaulkwappe > > > > > > > My knowledge on this subject is very limited, but since you ask I > > give > > you my recent experience. I have also upgraded from Debian 9 to > > Debian > > 10, two ways, starting from Debian 9 and also from scratch. In both > > cases I have not got NSD to write the log file. I have tested > > changes > > of permissions and/or routes. > > However, I have not had problems with the start of NSD, but I > > clarify > > that I use NSD with a very elementary configuration and without > > /var/lib/nsd/zone.list defined. > > A cordial greeting. > > José Luis > > > > > From: Simon Deziel <[email protected]> > > > Sent: Monday, 25. Nov 2019 – 01:26 CET +0100 > > > To: [email protected] > > > > > > Subject: Re: [nsd-users] Permission error after upgrade to Debian > > > Buster (10.2) > > > > > > On 2019-11-24 6:10 p.m., Kaulkwappe wrote: > > > > Hi Simon, > > > > > > > > > I would have expect a permission error instead of a "read- > > only" > > > one. It > > > > > looks as if /var/log was not properly added to be > > ReadWritePaths > > > set. > > > > That is what I have used: > > > > > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run > > > > > > Not sure what would explain the read-only error then. I'd double > > > check > > > if it's indeed effective with "systemctl show nsd | grep > > > ReadWritePaths" > > > > > > > > This unlink failure is expected and AFAICT harmless. > > > > It should be harmless, but it doesn't look nice. I would > > > > consider > > > this as a bug. > > > > > > Agreed. Interestingly, unbound accepts "-p" to skip managing its > > own > > > PID. If nsd could get this, it would be handy when managing the > > > daemon > > > with systemd. > > > > > > > > I believe that xfrd.state should be owned by nsd:nsd as the > > > daemon needs > > > > > to write to that file. > > > > After changing the owner to nsd:nsd I believe this problem is > > > fixed. Thanks! > > > > > > Glad to hear that! > > > > > > Regards, > > > Simon > > > _______________________________________________ > > > nsd-users mailing list > > > [email protected] > > > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users > > > _______________________________________________ > > > nsd-users mailing list > > > [email protected] > > > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users > > > > _______________________________________________ > > nsd-users mailing list > > [email protected] > > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users _______________________________________________ nsd-users mailing list [email protected] https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
