Logging while chrooted.
Guido Roeskens
groeskens at bluewin.ch
Tue Jul 19 05:19:22 UTC 2005
Brian Johnson wrote:
> I am having a few issues attempting to log to a file while chrooted. My
> understanding is that when chrooted, the named system only sees items in the
> jail. When I set a logging directive and send things to a file. I am getting
> the following errors.
>
> Jul 13 10:46:18 isp01 named[29712]: isc_log_open '/var/log/named.log'
> failed: permission denied
>
> This folder exists within the jail and is owned by the user named runs as.
the user named must be able to traverse the way to /var/log/named.log.
This means user named must be able to chdir and readdir /var and
/var/log.
e.g /var has to be
- owned by user named (and have r-x rights)
- owned by named users group (and have r-x rights)
- owned by anyone but be world readable and executable (r-x again)
named user needs to be able to wtite in dir /var/log
(permissions rwx for user named)
I'm not sure wheter named also be able to read and execute the
root in the chdir (permission r-x) on real directory
/var/named/chroot which is the directory you chroot to.
--- SNIP ---
named 29795 1 0 10:52 ? 00:00:00 /usr/sbin/named -u named -t
/var/named/chroot
--- SNIP ---
Regards, Guido
More information about the bind-users
mailing list