rndc stats - permission denied - resolved

[Jeff Lightner]

OK Josh got me thinking.

My <chrootdir>/var/named is not owned by the user running named.  

This is RHEL5 and on looking there it said that default named.stats is
in /var/named unless an entry is in named.conf defining a different
location.

I took the entry out of the named.conf that I had added.

I then touched an empty named.stats file in <chrootdir>/var/named and
made the user running named the owner of this file.  On running rndc
stats I no longer had the error.   What was confusing me was that I was
thinking the write would be instantaneous much like it was when I turned
on tracing.   After a minute or so I saw the stats updated.

Sorry about my earlier reply Josh.

-----Original Message-----
From: Baird, Josh [mailto:jbaird at follett.com] 
Sent: Thursday, July 10, 2008 12:18 PM
To: Jeff Lightner; bind-users at isc.org
Subject: RE: rndc stats - permission denied

The location that you specified for the stats file in named.conf
probably has incorrect permissions (or the parent directory).  The
file/directory needs to be writeable by the user that is running
"named."

Josh

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Jeff Lightner
Sent: Thursday, July 10, 2008 11:13 AM
To: bind-users at isc.org
Subject: rndc stats - permission denied

All other rndc commands I run work fine but I keep getting permission
denied when attempting rndc stats.
There was no statistics file define in named.conf so after doing some
reading and Googling I added a line to have a named.stats in /var/run.

This is a chrooted environment so I figured the file would be in
<chrootdir>/var/run but it wasn't.   

I attempted to create a file there and make the user that runs named the
owner and insure it was readable/writable.

On restarting named I have no errors but I still get the error on rndc
stats.

Can someone offer some advice.  Most of my Google searches basically
result in "add the entry to named.conf, make sure permissions are same
as user that runs named" which isn't really helpful given that I've
already done that.   

Why would I get permission denied if the file doesn't exist as appeared
to be the case when I started?   It makes it seem the file exists and
has the wrong permissions but if so where would it be?
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential information and is for the sole use of the intended
recipient(s). If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information is
prohibited and may be unlawful. If you have received this electronic
transmission in error, please reply immediately to the sender that you
have received the message in error, and delete it. Thank you.
----------------------------------