Re: rndc addzone gets permission denied
You previously showed your unsuccessful rndc command. It contained: 'type slave; file slaves/zone.local; Unless you override the defaults, that says: use the file /var/named/slaves/zone.local. So it appears that the directory /var/named/slaves was not writable. Hth, Len On Sunday, January 12, 2014 10:12 PM, Georgy Goshin georgy.gos...@gmail.com wrote: Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews ma...@isc.org It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Seems previously I made some mistake when tried to make writable /var/named... Currently chmod g+w /var/named resolved the problem. Thanks to all! 2014/1/13 Leonard Mills l...@yahoo.com You previously showed your unsuccessful rndc command. It contained: 'type slave; file slaves/zone.local; Unless you override the defaults, that says: use the file /var/named/slaves/zone.local. So it appears that the directory /var/named/slaves was not writable. Hth, Len On Sunday, January 12, 2014 10:12 PM, Georgy Goshin georgy.gos...@gmail.com wrote: Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews ma...@isc.org It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
only received control channel command 'addzone zone.local { type slave;
file slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc
trace 99.
allow-new-zones yes;
tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
nothing helps.
named must be able to write into the directory it will create the file
in. Assuming your `directory` option is set to `/var/named`, and seeing
your `file` statement above contains `slaves/zone.local`, the path to
which named will write is
/var/named/slaves
which must be writeable by the user named is running as.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
It is Selinux related
Try ausearch -m avc for finding. Put named in permissive mode
Best
Il 12/gen/2014 00:13 Georgy Goshin georgy.gos...@gmail.com ha scritto:
Hi,
CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
trying to add slave zone with command rndc addzone zone.local '{ type
slave; file slaves/zone.local; masters { 172.31.199.154; }; };'
but getting rndc: 'addzone' failed: permission denied, nothing on the
logs, only received control channel command 'addzone zone.local { type
slave; file slaves/zone.local; masters { 172.31.199.154; }; };' even
after rndc trace 99.
allow-new-zones yes;
tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
nothing helps.
please advice me a way to find why permission is denied.
thanks in advance.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Selinux disabled, /var/named/slave is 770 and owned by named. Is there a
way to get any debug output to see which permission is denied?
12.01.2014 11:40 пользователь Elia Pinto dns.spi...@gmail.com написал:
It is Selinux related
Try ausearch -m avc for finding. Put named in permissive mode
Best
Il 12/gen/2014 00:13 Georgy Goshin georgy.gos...@gmail.com ha scritto:
Hi,
CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
trying to add slave zone with command rndc addzone zone.local '{ type
slave; file slaves/zone.local; masters { 172.31.199.154; }; };'
but getting rndc: 'addzone' failed: permission denied, nothing on the
logs, only received control channel command 'addzone zone.local { type
slave; file slaves/zone.local; masters { 172.31.199.154; }; };' even
after rndc trace 99.
allow-new-zones yes;
tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
nothing helps.
please advice me a way to find why permission is denied.
thanks in advance.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
On 12/01/14 12:17, Georgy Goshin wrote: Selinux disabled, /var/named/slave is 770 and owned by named. Is there a It should go without saying that wholesale disabling of SELinux, if your distro enables it by default, is unwise. If you must, set the specific daemon to disabled. We run with SELinux enabled and have no real difficulty. way to get any debug output to see which permission is denied? named -g However, this might not replicate the precise environment in which the real named is running, so be cautious about interpreting the results. And don't forget any other command line arguments you need. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
I slaved the root zone without a file statement in my named.conf for the
slaved file and it worked. I added the file statement later to my
named.con as I wanted a local copy for quicker startup. I think I may
have touched the file to get it started though. When I finally looked at
it, I found it was binary.
You might just try it without the file statement in the rndc invocation
like this:
rndc addzone zone.local '{ type slave; masters { 172.31.199.154; }; };'
Dave
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
named -g too shows only received command and do not shows which permission
is denied
12-Jan-2014 19:42:48.133 received control channel command 'addzone
zone.local { type slave; file slaves/zone.local; masters {
172.31.199.154; }; };'
12-Jan-2014 19:43:05.826 received control channel command 'addzone
zone.local { type slave; masters { 172.31.199.154; }; };'
Don't know what also to try (
2014/1/12 David Forrest d...@maplepark.com
I slaved the root zone without a file statement in my named.conf for the
slaved file and it worked. I added the file statement later to my
named.con as I wanted a local copy for quicker startup. I think I may have
touched the file to get it started though. When I finally looked at it, I
found it was binary.
You might just try it without the file statement in the rndc invocation
like this:
rndc addzone zone.local '{ type slave; masters { 172.31.199.154; }; };'
Dave
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
On Sun, 12 Jan 2014, Georgy Goshin wrote:
named -g too shows only received command and do not shows which permission
is denied
12-Jan-2014 19:42:48.133 received control channel command 'addzone
zone.local { type slave; file slaves/zone.local; masters {
172.31.199.154; }; };'
12-Jan-2014 19:43:05.826 received control channel command 'addzone
zone.local { type slave; masters { 172.31.199.154; }; };'
Don't know what also to try (
Can you add it directly to the named.conf file and have it load? If so it
would indicate the trouble is in the rndc routines and not named itself.
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews ma...@isc.org It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
On 12 Jan 2014 00:14, Georgy Goshin georgy.gos...@gmail.com wrote:
Hi,
CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
trying to add slave zone with command rndc addzone zone.local '{ type
slave; file slaves/zone.local; masters { 172.31.199.154; }; };'
but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
only received control channel command 'addzone zone.local { type slave; file
slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc trace
99.
allow-new-zones yes;
tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing
helps.
please advice me a way to find why permission is denied.
thanks in advance.
Hi,
Have you checked if this might be related to SELinux?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
I would suspect your chmod 777 was inappropriate as I believe you should have
just chmod'd var/named/slaves.
The chmod isn't inheritable like windows.
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
On Jan 11, 2014, at 19:11, Mikael Johansson mikael.johans...@addpro.se
wrote:
On 12 Jan 2014 00:14, Georgy Goshin georgy.gos...@gmail.com wrote:
Hi,
CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64.
trying to add slave zone with command rndc addzone zone.local '{ type
slave; file slaves/zone.local; masters { 172.31.199.154; }; };'
but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
only received control channel command 'addzone zone.local { type slave;
file slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc
trace 99.
allow-new-zones yes;
tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but
nothing helps.
please advice me a way to find why permission is denied.
thanks in advance.
Hi,
Have you checked if this might be related to SELinux?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
