Unexpected error question

Stacey Jonathan Marshall Stacey.Marshall at Sun.COM
Wed Feb 18 17:14:50 UTC 2009 

On 02/05/09 16:04, Cherney John-CJC030 wrote:
> Yes, I normally use svcadm disable dns/server to stop named. Also, I've
> modified the dns/server stop method from the usual "kill:" to
> "/usr/sbin/rndc stop". I did that because I want to make sure the cache
> gets written to the db files, which an rndc stop does. It seems that
> named is having a problem with one of the files, but I can't tell which
> one from the first syslog message. 
>   
John,

Did you make other SMF changes too? Could you provide output from 
'svcprop dns/server'?

As Gregory touches upon below, an 'rndc stop' does attempt to execute 
the SMF instances stop method before named exits as that is how named 
informs SMF that it intentionally exited. The message you see suggests 
that the privileges to do so have been lost, often associated with the 
use of chroot users.

Instead of using chroot Sun recommends changing the SMF instance 
property ' start/user' to specify an alternative user and or using zones(5).

FYI we did consider making the default stop method perform an 'rndc 
stop', however we found on a large DNS server an 'rndc stop' could take 
a long time and thus be problematic when trying to shut down the server. 
That and 'rndc stop' does eventually invoke the instances stop method!

Stacey Marshall
Sun Microsystems Ltd.


> jwc
>
> -----Original Message-----
> From: Gregory Hicks [mailto:ghicks at hicks-net.net] 
> Sent: Thursday, February 05, 2009 10:56 AM
> To: bind-users at isc.org; Cherney John-CJC030
> Cc: Mark_Andrews at isc.org
> Subject: RE: Unexpected error question 
>
>
>   
>> Subject: RE: Unexpected error question
>> Date: Thu, 5 Feb 2009 09:51:05 -0500
>> From: "Cherney John-CJC030" <John.Cherney at motorola.com>
>> To: <bind-users at isc.org>
>>
>> I see. I was assuming that the second line was caused by the first
>>     
> line,
>   
>> and that if I could get more info on the first line, I could take care
>>     
>
>   
>> of both of them. I have a "named" user that the named process is run
>>     
> as.
>   
>> However, I see these errors even when I use rndc stop as root. 
>>
>> Is there any resource that recommends what permissions need to be on 
>> specific SMF files for DNS? (or in general). Or is this even a 
>> permissioning issue with SMF files?
>>     
>
> The problem comes from the idea that SMF wants to be the 'controller'.
> When the program in question (named in the case) receives a 'stop'
> command from rndc, SMF doesn't know WHY the program stopped, just that
> it DID stop.  Thus the error.
>
> A better way to stop named might be
>
> svcadm named disable
>
> (I think that's the right syntax but could be wrong.  I am NOT an SMF
> expert...)  That should avoid the error message.
>
> There was some discussion on the smf-discuss at opensolaris.org list last
> month on how to avoid error messages when you don't care if the
> underlying service stops all by itself.
>
> Regards,
> Gregory Hicks
>
>   
>> Thanks!
>> jwc
>>
>> -----Original Message-----
>> From: Mark_Andrews at isc.org [mailto:Mark_Andrews at isc.org]
>> Sent: Thursday, February 05, 2009 1:18 AM
>> Cc: Cherney John-CJC030; bind-users at isc.org
>> Subject: Re: Unexpected error question
>>
>>
>> In message <200902050609.n1569kTG082641 at drugs.dv.isc.org>, Mark
>>     
> Andrews
>   
>> writes:
>>     
>>> In message
>>>       
>> <F021020DA23B6641A05E616D5EAD1463045973CF at de01exm60.ds.mot.com>, "
>>     
>>> Ch
>>> erney John-CJC030" writes:
>>>       
>>>> I'm seeing the following lines in syslog, which occur when I shut 
>>>> down
>>>> named:
>>>> =20
>>>> general: error: ./main.c:858: unexpected error:
>>>> general: error: smf_disable_instance() failed for 
>>>> svc:/network/dns/server:default : insufficient privileges for
>>>>         
> action
>   
>>>> =20 I'm running 9.3.5-P1 on Solaris 10 x86 =20 I took a quick look
>>>>         
>
>   
>>>> at the source code and it looks like there should be a file and/or
>>>>         
>
>   
>>>> filenumber as part of the unexpected error line. I've noticed the 
>>>> same two lines when I issue an rndc stop. The named process does 
>>>> stop, but I'm worried that there may be data in the cache that
>>>>         
> isn't
>   
>>>> getting written to the db files. Nothing jumped out at me from my 
>>>> google search. It seems like I have a file permissions issue, but
>>>>         
> I 
>   
>>>> haven't recently changed any file permissions. I don't see any 
>>>> unusual messages on startup.=20 =20 Can someone point me the right
>>>>         
>
>   
>>>> direction for this? Is there any other information I should/could 
>>>> provide?
>>>> =20
>>>> Thanks!
>>>> jwc
>>>>         
>>> 	SMF is Sun's management facility.  The code in question was
>>> 	submitted by Sun.  I would be looking at how you have SMF set
>>> 	up in particular how to give the user named is running under
>>> 	permission to disable itself.
>>>       
>> See also
>> <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
>> as mentioned in the FAQ.
>>
>>     
>>> 	Mark
>>> --
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742                 INTERNET: 
>>>       
> Mark_Andrews at isc.org
>   
>>> _______________________________________________
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>       
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>     
>
> ---------------------------------------------------------------------
> Gregory Hicks                           | Principal Systems Engineer
>                                         | Direct:   408.569.7928
>
> People sleep peaceably in their beds at night only because rough men
> stand ready to do violence on their behalf -- George Orwell
>
> The price of freedom is eternal vigilance.  -- Thomas Jefferson
>
> "The best we can hope for concerning the people at large is that they be
> properly armed." --Alexander Hamilton
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list