Re: rndc addzone gets permission denied
You previously showed your unsuccessful rndc command. It contained: 'type slave; file slaves/zone.local; Unless you override the defaults, that says: use the file /var/named/slaves/zone.local. So it appears that the directory /var/named/slaves was not writable. Hth, Len On Sunday, January 12, 2014 10:12 PM, Georgy Goshin georgy.gos...@gmail.com wrote: Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews ma...@isc.org It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Seems previously I made some mistake when tried to make writable /var/named... Currently chmod g+w /var/named resolved the problem. Thanks to all! 2014/1/13 Leonard Mills l...@yahoo.com You previously showed your unsuccessful rndc command. It contained: 'type slave; file slaves/zone.local; Unless you override the defaults, that says: use the file /var/named/slaves/zone.local. So it appears that the directory /var/named/slaves was not writable. Hth, Len On Sunday, January 12, 2014 10:12 PM, Georgy Goshin georgy.gos...@gmail.com wrote: Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews ma...@isc.org It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
but getting rndc: 'addzone' failed: permission denied, nothing on the logs, only received control channel command 'addzone zone.local { type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc trace 99. allow-new-zones yes; tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing helps. named must be able to write into the directory it will create the file in. Assuming your `directory` option is set to `/var/named`, and seeing your `file` statement above contains `slaves/zone.local`, the path to which named will write is /var/named/slaves which must be writeable by the user named is running as. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
It is Selinux related Try ausearch -m avc for finding. Put named in permissive mode Best Il 12/gen/2014 00:13 Georgy Goshin georgy.gos...@gmail.com ha scritto: Hi, CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. trying to add slave zone with command rndc addzone zone.local '{ type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' but getting rndc: 'addzone' failed: permission denied, nothing on the logs, only received control channel command 'addzone zone.local { type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc trace 99. allow-new-zones yes; tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing helps. please advice me a way to find why permission is denied. thanks in advance. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Selinux disabled, /var/named/slave is 770 and owned by named. Is there a way to get any debug output to see which permission is denied? 12.01.2014 11:40 пользователь Elia Pinto dns.spi...@gmail.com написал: It is Selinux related Try ausearch -m avc for finding. Put named in permissive mode Best Il 12/gen/2014 00:13 Georgy Goshin georgy.gos...@gmail.com ha scritto: Hi, CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. trying to add slave zone with command rndc addzone zone.local '{ type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' but getting rndc: 'addzone' failed: permission denied, nothing on the logs, only received control channel command 'addzone zone.local { type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc trace 99. allow-new-zones yes; tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing helps. please advice me a way to find why permission is denied. thanks in advance. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
On 12/01/14 12:17, Georgy Goshin wrote: Selinux disabled, /var/named/slave is 770 and owned by named. Is there a It should go without saying that wholesale disabling of SELinux, if your distro enables it by default, is unwise. If you must, set the specific daemon to disabled. We run with SELinux enabled and have no real difficulty. way to get any debug output to see which permission is denied? named -g However, this might not replicate the precise environment in which the real named is running, so be cautious about interpreting the results. And don't forget any other command line arguments you need. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
I slaved the root zone without a file statement in my named.conf for the slaved file and it worked. I added the file statement later to my named.con as I wanted a local copy for quicker startup. I think I may have touched the file to get it started though. When I finally looked at it, I found it was binary. You might just try it without the file statement in the rndc invocation like this: rndc addzone zone.local '{ type slave; masters { 172.31.199.154; }; };' Dave ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
named -g too shows only received command and do not shows which permission is denied 12-Jan-2014 19:42:48.133 received control channel command 'addzone zone.local { type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' 12-Jan-2014 19:43:05.826 received control channel command 'addzone zone.local { type slave; masters { 172.31.199.154; }; };' Don't know what also to try ( 2014/1/12 David Forrest d...@maplepark.com I slaved the root zone without a file statement in my named.conf for the slaved file and it worked. I added the file statement later to my named.con as I wanted a local copy for quicker startup. I think I may have touched the file to get it started though. When I finally looked at it, I found it was binary. You might just try it without the file statement in the rndc invocation like this: rndc addzone zone.local '{ type slave; masters { 172.31.199.154; }; };' Dave ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
On Sun, 12 Jan 2014, Georgy Goshin wrote: named -g too shows only received command and do not shows which permission is denied 12-Jan-2014 19:42:48.133 received control channel command 'addzone zone.local { type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' 12-Jan-2014 19:43:05.826 received control channel command 'addzone zone.local { type slave; masters { 172.31.199.154; }; };' Don't know what also to try ( Can you add it directly to the named.conf file and have it load? If so it would indicate the trouble is in the rndc routines and not named itself. Dave -- David Forrest St. Louis, Missouri ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews ma...@isc.org It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
On 12 Jan 2014 00:14, Georgy Goshin georgy.gos...@gmail.com wrote: Hi, CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. trying to add slave zone with command rndc addzone zone.local '{ type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' but getting rndc: 'addzone' failed: permission denied, nothing on the logs, only received control channel command 'addzone zone.local { type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc trace 99. allow-new-zones yes; tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing helps. please advice me a way to find why permission is denied. thanks in advance. Hi, Have you checked if this might be related to SELinux? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone gets permission denied
I would suspect your chmod 777 was inappropriate as I believe you should have just chmod'd var/named/slaves. The chmod isn't inheritable like windows. -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN On Jan 11, 2014, at 19:11, Mikael Johansson mikael.johans...@addpro.se wrote: On 12 Jan 2014 00:14, Georgy Goshin georgy.gos...@gmail.com wrote: Hi, CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. trying to add slave zone with command rndc addzone zone.local '{ type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' but getting rndc: 'addzone' failed: permission denied, nothing on the logs, only received control channel command 'addzone zone.local { type slave; file slaves/zone.local; masters { 172.31.199.154; }; };' even after rndc trace 99. allow-new-zones yes; tried with chmod 777 for /var/named, /etc/named, /usr/lib64/bind but nothing helps. please advice me a way to find why permission is denied. thanks in advance. Hi, Have you checked if this might be related to SELinux? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users