Re: named log files
On Tuesday 27 of September 2005 02:22, J Moore wrote: > Yes - that seemed to do the trick: > chmod 660 named_query.log > > I guess this was caused by new privilege separation features added to > 3.7, eh? I can't say, i didn't really play with named yet... But when you said about chgrp'ing, and saw unadjusted permissions, i thought that may be it ;) Hmm, another idea - instead of letting named rotate logs, you could add them to /etc/newsyslog.conf to have them rotated as usual logs. But then again, you need write permission on them anyway, to let named write to them, so that would be probably more trouble than it's worth. > Thnx, > Jay -- Jestem niesamowita... ;-) >>> http://link.interia.pl/f18b8
Re: named log files
On Mon, Sep 26, 2005 at 02:29:00AM +0200, the unit calling itself viq wrote: > On Sunday 25 of September 2005 17:08, J Moore wrote: > > On Sat, Sep 24, 2005 at 09:59:12PM -0700, the unit calling itself Bryan > Irvine wrote: > > > # ls -l /var/named > > total 5 > > drwxr-xr-x 2 root wheel 512 Sep 24 23:02 dev > > drwxr-x--- 2 root named 512 Mar 20 2005 etc > > drwxr-xr-x 2 root wheel 512 Mar 29 2004 master > > -rw-r--r-- 1 root named0 Sep 24 23:26 named_query.log > > -rw-r--r-- 1 root named0 Sep 24 23:26 named_query.log.0 > ^ > shouldn't group have write permissions for this to work? > > > drwxrwxr-x 2 root named 512 Mar 29 2004 slave > > drwxr-xr-x 2 root wheel 512 Mar 29 2004 standard Yes - that seemed to do the trick: chmod 660 named_query.log I guess this was caused by new privilege separation features added to 3.7, eh? Thnx, Jay
Re: named log files
On Sunday 25 of September 2005 17:08, J Moore wrote: > On Sat, Sep 24, 2005 at 09:59:12PM -0700, the unit calling itself Bryan Irvine wrote: > # ls -l /var/named > total 5 > drwxr-xr-x 2 root wheel 512 Sep 24 23:02 dev > drwxr-x--- 2 root named 512 Mar 20 2005 etc > drwxr-xr-x 2 root wheel 512 Mar 29 2004 master > -rw-r--r-- 1 root named0 Sep 24 23:26 named_query.log > -rw-r--r-- 1 root named0 Sep 24 23:26 named_query.log.0 ^ shouldn't group have write permissions for this to work? > drwxrwxr-x 2 root named 512 Mar 29 2004 slave > drwxr-xr-x 2 root wheel 512 Mar 29 2004 standard -- viq -- Moto TV w Internecie! >>> http://link.interia.pl/f18b7
Re: named log files
On Sat, Sep 24, 2005 at 09:59:12PM -0700, the unit calling itself Bryan Irvine
wrote:
> > named[1028]: unable to rename log file 'named_query.log' to
> > 'named_query.log.0': permission denied
> >
> > The logfiles are in /var/named... do I need to chgrp on this directory?
>
>
> Yes, typical Unix stuff. Check r/w and uid/gid permissions.
Hmmm... I chgrp'd the logfiles (/var/named/named_query.log) to
"named", but it is still busted... I don't get error messages on the
console any longer, but nothing is being recorded in the log files.
I think I used a "recipe" for setting up the caching name server on this
box. I thought it was on the OpenBSD website, but I cannot find it now.
Here's how I'm set up. Any comments would be appreciated:
In /etc/rc.conf.local:
named_flags=""
In /etc/resolv.conf:
nameserver 127.0.0.1
lookup file bind
nameserver 207.203.159.252
# ls -l /var/named
total 5
drwxr-xr-x 2 root wheel 512 Sep 24 23:02 dev
drwxr-x--- 2 root named 512 Mar 20 2005 etc
drwxr-xr-x 2 root wheel 512 Mar 29 2004 master
-rw-r--r-- 1 root named0 Sep 24 23:26 named_query.log
-rw-r--r-- 1 root named0 Sep 24 23:26 named_query.log.0
drwxrwxr-x 2 root named 512 Mar 29 2004 slave
drwxr-xr-x 2 root wheel 512 Mar 29 2004 standard
In /var/named/etc/named.conf:
// $OpenBSD: named-simple.conf,v 1.5 2003/09/22 20:44:32 jakob Exp $
//
// Example file for a simple named configuration, processing both
// recursive and authoritative queries using one cache.
// Update this list to include only the networks for which you want
// to execute recursive queries. The default setting allows all hosts
// on any IPv4 networks for which the system has an interface, and
// the IPv6 localhost address.
//
acl clients {
localnets;
::1;
};
options {
forward only;
forwarders { 207.203.159.252; 205.152.0.5; };
version ""; // remove this to allow version queries
listen-on{ any; };
listen-on-v6 { any; };
allow-recursion { clients; };
};
logging {
channel query_info {
file "named_query.log" versions 3 size 10m;
severity debug;
print-category yes;
print-time yes;
};
category queries { query_info; };
category resolver { query_info; };
// category lame-servers { null; };
};
// Standard zones
//
zone "." {
type hint;
file "standard/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
allow-transfer { localhost; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
{
type master;
file "standard/loopback6.arpa";
allow-transfer { localhost; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int"
{
type master;
file "standard/loopback6.int";
allow-transfer { localhost; };
};
zone "com" {
type delegation-only;
};
zone "net" {
type delegation-only;
};
// Master zones
//
//zone "myzone.net" {
// type master;
// file "master/myzone.net";
//};
// Slave zones
//
//zone "otherzone.net" {
// type slave;
// file "slave/otherzone.net";
// masters { 192.0.2.1; [...;] };
//};
Re: named log files
> named[1028]: unable to rename log file 'named_query.log' to > 'named_query.log.0': permission denied > > The logfiles are in /var/named... do I need to chgrp on this directory? Yes, typical Unix stuff. Check r/w and uid/gid permissions. --Bryan
named log files
I've just updated from 3.6 to 3.7, and have apparently forgotten something I did to configure the caching nameserver I was running. Since the upgrade, I am getting repeated error messages as follows: named[1028]: unable to rename log file 'named_query.log' to 'named_query.log.0': permission denied The logfiles are in /var/named... do I need to chgrp on this directory? Thanks, Jay
