Permissions Issue starting Bind 9.3.1
Mark Andrews
Mark_Andrews at isc.org
Wed Dec 14 03:05:33 UTC 2005
> I am using Bind 9.3.1 on RedHat Enterprise 4 which I installed using the
> RPMs available by RedHat. While it appears to load the zones properly, it
> is unable to start completely due to permissions issues with the named.ca
> and configuration file. Below are the log entries:
>
> Dec 13 18:11:57 ds01 named[1126]: starting BIND 9.3.1 -u named
> Dec 13 18:11:57 ds01 named[1126]: found 1 CPU, using 1 worker thread
> Dec 13 18:11:57 ds01 named[1126]: loading configuration from
> '/etc/named.conf'
> Dec 13 18:11:57 ds01 named[1126]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Dec 13 18:11:57 ds01 named[1126]: listening on IPv4 interface eth0,
> 67.x.x.x#53
> Dec 13 18:11:57 ds01 named[1126]: listening on IPv4 interface eth1,
> 10.x.x.x#53
> Dec 13 18:11:57 ds01 kernel: audit(1134519117.077:0): avc: denied { read }
> for pid=1127 exe=/usr/sbin/named name=named.ca dev=sda5 ino=8717074
> scontext=root:system_r:named_t tcontext=root:object_r:var_t tclass=file
> Dec 13 18:11:57 ds01 named[1126]: could not configure root hints from
> 'named.ca': permission denied
> Dec 13 18:11:57 ds01 named[1126]: loading configuration: permission denied
> Dec 13 18:11:57 ds01 named[1126]: exiting (due to fatal error)
> Dec 13 18:11:57 ds01 named: named startup failed
>
>
> As far as I can see, the permissions are set properly. Here are the
> permissions for the two files mentioned in the log entries above:
>
> -rw-r--r-- 1 named named 2518 Jul 26 02:40 named.ca
> -rw-r----- 1 root named 7761 Dec 13 18:11 named.conf
>
>
> Any ideas as to what is causing this?
>
> Thank You,
> Jason Williard
Stupid idiotic defaults for named in SELinux.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list