Master file permission denied

Daniel Armando Rodriguez drodriguez at unau.edu.ar
Thu Jun 29 12:13:56 UTC 2023 

=== /etc/bind
total 84K
drwxr-sr-x   3 root bind 4,0K jun 28 17:07 .
drwxr-xr-x 134 root root  12K jun 22 11:15 ..
-rw-r--r--   1 root root 2,4K feb 26 06:27 bind.keys
-rw-r--r--   1 root root  255 feb 26 06:27 db.0
-rw-r--r--   1 root root  271 jun 30  2017 db.127
-rw-r--r--   1 root root  237 jun 30  2017 db.255
-rw-r--r--   1 root root  353 jun 30  2017 db.empty
-rw-r--r--   1 root root  270 jun 30  2017 db.local
-rw-r--r--   1 root root 3,1K may  3  2019 db.root
-rw-r--r--   1 root bind  458 feb 26 06:27 named.conf
-rw-r--r--   1 root root  498 ago 25  2020 named.conf.default-zones
-rw-r--r--   1 root root 1,2K jun 28 16:51 named.conf.local
-rw-r--r--   1 root root 2,8K jun 27 17:44 named.conf.options
-rw-r-----   1 bind bind  144 may 17 13:51 rndc.key
drwxr-xr-x   2 root bind 4,0K jun 28 16:54 zonas
-rw-r--r--   1 root root 1,3K jun 30  2017 zones.rfc1918


=== /etc/bind/zonas
total 40K
drwxr-xr-x 2 root bind 4,0K jun 28 16:54 .
drwxr-sr-x 3 root bind 4,0K jun 29 07:51 ..
-rw-r--r-- 1 bind bind  323 ene 16 10:59 133.45.210.170.in-addr.arpa
-rw-r--r-- 1 bind bind  394 ene 16 10:58 
3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.6.4.4.0.0.0.1.1.0.0.0.8.2.ip6.arpa
-rw-r--r-- 1 bind bind 5,4K jun 22 12:40 db.unau.edu.ar

=== /var/cache/bind/keys/
total 24K
drwxrwx--- 2 root bind 4,0K jun 23 11:26 .
drwxrwxr-x 3 root bind 4,0K jun 28 16:56 ..
-rw-r----- 1 root bind  342 jun 23 11:25 Kunau.edu.ar.+013+33519.key
-rw-r----- 1 root bind  187 jun 23 11:25 Kunau.edu.ar.+013+33519.private
-rw-r----- 1 root bind  341 jun 23 11:25 Kunau.edu.ar.+013+44318.key
-rw-r----- 1 root bind  187 jun 23 11:25 Kunau.edu.ar.+013+44318.private

Error is not the same as before, I see it know (fresh eyes maybe)

Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400 
audit(1688038957.685:548): apparmor="DENIED" operation="mknod" 
profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974 
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400 
audit(1688038957.689:549): apparmor="DENIED" operation="mknod" 
profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974 
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400 
audit(1688038957.685:548): apparmor="DENIED" operation="mknod" 
profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974 
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400 
audit(1688038957.689:549): apparmor="DENIED" operation="mknod" 
profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974 
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107


So, shouldn't that write attempt happen in /var/cache/bind?



El 28/6/23 a las 21:18, Mark Andrews escribió:
> Show us the current permissions now that you have fixed them including every directory from
> the root.  The permissions you had originally where wrong and wouldn’t normally be that way.
> Something or someone changed them.  It may have happened again.  We can’t see what you see
> so you have to show more details.  If you you still have an error message cut-and-paste the
> new one including time stamps.
>
>> On 29 Jun 2023, at 09:03, Daniel A. Rodriguez via bind-users<bind-users at lists.isc.org>  wrote:
>>
>> Exactly the same
>>
>>
>> El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews<marka at isc.org>  escribió:
>> The *exact* same error, word for word, or a different permission denied?
>>
>> On 29 Jun 2023, at 06:35, Daniel Armando Rodriguez via bind-users<bind-users at lists.isc.org>  wrote:
>>
>> However, as soon as I added this
>>
>> dnssec-policy "default";
>> inline-signing yes;
>>
>> Error came up again :-(
>> -- 
>> Visithttps://lists.isc.org/mailman/listinfo/bind-users  to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us athttps://www.isc.org/contact/  for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> -- 
>> Visithttps://lists.isc.org/mailman/listinfo/bind-users  to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us athttps://www.isc.org/contact/  for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
-- 
________________________________________________
	*Daniel A. Rodriguez*
/Informática, Conectividad y Sistemas/
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina
informatica.unau.edu.ar <https://informatica.unau.edu.ar>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230629/982fad25/attachment.htm>

More information about the bind-users mailing list