permissions problem when BIND rolls log
aklist_bind at enigmedia.com
aklist_bind at enigmedia.com
Mon Mar 28 20:54:27 UTC 2005
>>>>>> ">" == <aklist_bind at enigmedia.com> writes:
>
> >> I have BIND 9.2.3 running under user/group "named:named"
>
> >> BIND writes to the file fine, but when it tries to roll the log
> >> I get a permission denied error:
>
> >> "unable to rename log file '/var/log/named.msgs' to
> >> '/var/log/named.msgs.0' : permission denied"
>
> >> Permissions on the file named.msgs are 755
>
> >> Is there any way to give named permission to roll the files
> >> properly within this directory?
>
> Well you could give the user/group write permission on the directory
> where the log files are being written. [That's why the attempts to
> rotate the log files are failing. named doesn't have permission to
> create files in /var/log.] However that's unwise: least privilege and
> all that. There may well be other log files there that you wouldn't
> want the name server to have the ability to remove or rename, howeevr
> remote that possibility might be. A better option would be to create a
> directory for the name server's logs -- say /var/log/named -- that has
> suitable access permissions for the UID/GID you've assigned to the
> name server.
Thanks Jim...I'm very newbie when it comes to this stuff, but now the whole
chrooting/directory ownership thing finally makes sense...
On my previous install I had run into the same logging problem and in
desperation got around it by making BIND run as root...now I have it set up
correctly.
More information about the bind-users
mailing list