rndc.conf, rndc.key, and chroot
Brian Noecker
bnoecker at jabber.com
Tue Jan 8 21:44:17 UTC 2002
That seemed to be it. I changed permissions for the key to my named user
instead of root and it worked.
Thanks
-----Original Message-----
From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
Sent: Monday, January 07, 2002 3:17 PM
To: Brian Noecker
Cc: 'bind-users at isc.org'
Subject: Re: rndc.conf, rndc.key, and chroot
>
> I've got a bind 9.2 server running in a chroot but I'm having issues with
> the rndc command. I can successfully shut down the server, get status,
> etc., but when I try and reload the server, I get the following:
>
> Jan 7 16:39:32 dns1 named[25280]: [ID 866145 daemon.error]
> /etc/named.conf:15: open: /etc/rndc.key: permission denied
> Jan 7 16:39:32 dns1 named[25280]: [ID 866145 daemon.error] reloading
> configuration failed: permission denied
What user is named running as? Who owns /etc/rndc.key?
Remember if you are running as root on a Linux based OS
named drops root's ability to override file permissions.
Mark
>
> I initially had the key "rndc-key" statement in my /etc/named.conf, so I
put
> a chmod 640 on the file so it wasn't world readable. I got the above
error
> so I put the key statement in a rndc.key file and included that in the
> /etc/named.conf and then made the rndc.key file chmod 640, but the same
> thing happens.
>
> Does anyone have the correct way of permissioning these files in a chroot
> environment so the rndc works?
>
> Thanks
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list