** Package changed: dhcp3 (Ubuntu) = isc-dhcp (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in Ubuntu.
https://bugs.launchpad.net/bugs/341817
Title:
dhcpd wont start due to rndc.key permissions
To manage
I agree, side effect of https://bugs.launchpad.net/ubuntu/+source/isc-
dhcp/+bug/727837 https://bugs.launchpad.net/ubuntu/+source/isc-
dhcp/+bug/727837
Here is a demo of the bug, and a work around: add user root to the bind
group. attached is the script, here is it being run:
juser@kasp:~$
It seems this bug is a symptom of this bug:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/727837
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in Ubuntu.
https://bugs.launchpad.net/bugs/341817
Title:
dhcpd wont
After some extensive tinkering, I came up with this solution to the rndc.key
permissions issue:
As the root user (or sudo) do the following:
cp /etc/bind/rndc.key /etc/dhcp3/
chown dhcp:dhcp /etc/dhcp3/rndc.key
chmod 640 /etc/dhcp3/rndc.key
In /etc/dhcp3/dhcpd.conf add this line:
include
The standard location for rndc.key is, since it belongs to bind-Tools:
/etc/bind/rndc.key
It should be sufficient to add this whole directory to both: named and dhcpd in
apparmor.d
BTW: it would be nice if named used /etc/named for its configuration
files! Named and bind-tools are two things
I've tested again:
group bind has users: dhcpd
group dhcpd has users: bind
apparmor.d/usr.sbin.named
apparmor.d/usr.sbin.dhcpd3
both have a line:
/etc/bind/** r, - apparmor allows them to read the file.
/etc/bind is owned by bind:bind, rwxrwx---
/etc/bind/rndc.key is owned by bind:bind,
I'm seeing the same thing in 10.04.
The problem is the profile in /etc/apparmor.d/usr.sbin.dhcpd3, which
doesn't allow reading any files in /etc/bind.
Could we have a one-file exception added to this profile, please, to share a
key between bind and dhcpd?
The original poster used rndc.key, but
As Chuck said, this doesn't seem like something that can be fixed safely
for everyone. People can always add the key they want to use to
/etc/apparmor.d/usr.sbin.dhcpd and then reload the profile.
Is there a common practice location that we can consider? I think
rndc.key is probably out of the
i'd like to bump this entry a bit - if nothing else, to understand
better why exactly this doesn't work.
as the user dhcpd runs as (dhcpd), i can read the key file (by way of a
symlink, in my case):
whoami
dhcpd
id dhcpd
uid=105(dhcpd) gid=113(dhcpd) groups=113(dhcpd),999(ddns)
ls -Alh
total
Hi guys, this kindof solves the bug
http://www.debianadmin.com/howto-setup-dhcp-server-and-dynamic-dns-with-
bind-in-debian.html#comment-3326
/Misse
--
dhcpd wont start due to rndc.key permissions
https://bugs.launchpad.net/bugs/341817
You received this bug notification because you are a
Thanks for the bug report, I dont think there is a fix for this due to
the nature of the beast.
Regards
chuck
** Changed in: dhcp3 (Ubuntu)
Status: New = Triaged
--
dhcpd wont start due to rndc.key permissions
https://bugs.launchpad.net/bugs/341817
You received this bug notification
11 matches
Mail list logo
