rndc addzone gets permission denied
Hi,
CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
trying to add slave zone with command rndc addzone "zone.local" '{ type
slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };'
but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
only received control channel command 'addzone zone.local { type slave;
file "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc
trace 99.
allow-new-zones yes;
tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
nothing helps.
please advice me a way to find why permission is denied.
thanks in advance.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Selinux disabled, /var/named/slave is 770 and owned by named. Is there a
way to get any debug output to see which permission is denied?
12.01.2014 11:40 пользователь "Elia Pinto" написал:
> It is Selinux related
>
> Try ausearch -m avc for finding. Put named in permissive mode
>
> Best
> Il 12/gen/2014 00:13 "Georgy Goshin" ha scritto:
>
>> Hi,
>>
>> CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
>>
>> trying to add slave zone with command rndc addzone "zone.local" '{ type
>> slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };'
>>
>> but getting rndc: 'addzone' failed: permission denied, nothing on the
>> logs, only received control channel command 'addzone zone.local { type
>> slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' even
>> after rndc trace 99.
>>
>> allow-new-zones yes;
>>
>> tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
>> nothing helps.
>>
>> please advice me a way to find why permission is denied.
>>
>>
>> thanks in advance.
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
named -g too shows only received command and do not shows which permission
is denied
12-Jan-2014 19:42:48.133 received control channel command 'addzone
zone.local { type slave; file "slaves/zone.local"; masters {
172.31.199.154; }; };'
12-Jan-2014 19:43:05.826 received control channel command 'addzone
zone.local { type slave; masters { 172.31.199.154; }; };'
Don't know what also to try (
2014/1/12 David Forrest
> I slaved the root zone without a file statement in my named.conf for the
> slaved file and it worked. I added the file statement later to my
> named.con as I wanted a local copy for quicker startup. I think I may have
> touched the file to get it started though. When I finally looked at it, I
> found it was binary.
>
> You might just try it without the file statement in the rndc invocation
> like this:
> rndc addzone "zone.local" '{ type slave; masters { 172.31.199.154; }; };'
>
> Dave
>
>
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews > > It is trying to create a .nzf (new zone file) file in the working > directory. > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Seems previously I made some mistake when tried to make writable /var/named... Currently chmod g+w /var/named resolved the problem. Thanks to all! 2014/1/13 Leonard Mills > You previously showed your unsuccessful rndc command. It contained: > 'type slave; file "slaves/zone.local"; > > Unless you override the defaults, that says: > "use the file /var/named/slaves/zone.local". > > So it appears that the directory /var/named/slaves was not writable. > > Hth, > Len > > > > On Sunday, January 12, 2014 10:12 PM, Georgy Goshin < > georgy.gos...@gmail.com> wrote: > > Mark, I've read the phrase a lot ) What't is the working directory for > named in Centos 6 installation? I already tried to chmod 777 /var/named > /etc/named /usr/lib64/bind... > > > 2014/1/13 Mark Andrews > > > It is trying to create a .nzf (new zone file) file in the working > directory. > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
