rndc addzone gets permission denied
Hi, CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. trying to add slave zone with command rndc addzone "zone.local" '{ type slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' but getting rndc: 'addzone' failed: permission denied, nothing on the logs, only received control channel command 'addzone zone.local { type slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc trace 99. allow-new-zones yes; tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing helps. please advice me a way to find why permission is denied. thanks in advance. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Selinux disabled, /var/named/slave is 770 and owned by named. Is there a way to get any debug output to see which permission is denied? 12.01.2014 11:40 пользователь "Elia Pinto" написал: > It is Selinux related > > Try ausearch -m avc for finding. Put named in permissive mode > > Best > Il 12/gen/2014 00:13 "Georgy Goshin" ha scritto: > >> Hi, >> >> CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. >> >> trying to add slave zone with command rndc addzone "zone.local" '{ type >> slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' >> >> but getting rndc: 'addzone' failed: permission denied, nothing on the >> logs, only received control channel command 'addzone zone.local { type >> slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' even >> after rndc trace 99. >> >> allow-new-zones yes; >> >> tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but >> nothing helps. >> >> please advice me a way to find why permission is denied. >> >> >> thanks in advance. >> >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
named -g too shows only received command and do not shows which permission is denied 12-Jan-2014 19:42:48.133 received control channel command 'addzone zone.local { type slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' 12-Jan-2014 19:43:05.826 received control channel command 'addzone zone.local { type slave; masters { 172.31.199.154; }; };' Don't know what also to try ( 2014/1/12 David Forrest > I slaved the root zone without a file statement in my named.conf for the > slaved file and it worked. I added the file statement later to my > named.con as I wanted a local copy for quicker startup. I think I may have > touched the file to get it started though. When I finally looked at it, I > found it was binary. > > You might just try it without the file statement in the rndc invocation > like this: > rndc addzone "zone.local" '{ type slave; masters { 172.31.199.154; }; };' > > Dave > > > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews > > It is trying to create a .nzf (new zone file) file in the working > directory. > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Seems previously I made some mistake when tried to make writable /var/named... Currently chmod g+w /var/named resolved the problem. Thanks to all! 2014/1/13 Leonard Mills > You previously showed your unsuccessful rndc command. It contained: > 'type slave; file "slaves/zone.local"; > > Unless you override the defaults, that says: > "use the file /var/named/slaves/zone.local". > > So it appears that the directory /var/named/slaves was not writable. > > Hth, > Len > > > > On Sunday, January 12, 2014 10:12 PM, Georgy Goshin < > georgy.gos...@gmail.com> wrote: > > Mark, I've read the phrase a lot ) What't is the working directory for > named in Centos 6 installation? I already tried to chmod 777 /var/named > /etc/named /usr/lib64/bind... > > > 2014/1/13 Mark Andrews > > > It is trying to create a .nzf (new zone file) file in the working > directory. > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users