permissions problem when BIND rolls log
Jim Reid
jim at rfc1035.com
Mon Mar 28 20:29:17 UTC 2005
>>>>> ">" == <aklist_bind at enigmedia.com> writes:
>> I have BIND 9.2.3 running under user/group "named:named"
>> BIND writes to the file fine, but when it tries to roll the log
>> I get a permission denied error:
>> "unable to rename log file '/var/log/named.msgs' to
>> '/var/log/named.msgs.0' : permission denied"
>> Permissions on the file named.msgs are 755
>> Is there any way to give named permission to roll the files
>> properly within this directory?
Well you could give the user/group write permission on the directory
where the log files are being written. [That's why the attempts to
rotate the log files are failing. named doesn't have permission to
create files in /var/log.] However that's unwise: least privilege and
all that. There may well be other log files there that you wouldn't
want the name server to have the ability to remove or rename, howeevr
remote that possibility might be. A better option would be to create a
directory for the name server's logs -- say /var/log/named -- that has
suitable access permissions for the UID/GID you've assigned to the
name server.
More information about the bind-users
mailing list