Master file permission denied
Daniel Armando Rodriguez
drodriguez at unau.edu.ar
Thu Jun 29 12:13:56 UTC 2023
=== /etc/bind
total 84K
drwxr-sr-x 3 root bind 4,0K jun 28 17:07 .
drwxr-xr-x 134 root root 12K jun 22 11:15 ..
-rw-r--r-- 1 root root 2,4K feb 26 06:27 bind.keys
-rw-r--r-- 1 root root 255 feb 26 06:27 db.0
-rw-r--r-- 1 root root 271 jun 30 2017 db.127
-rw-r--r-- 1 root root 237 jun 30 2017 db.255
-rw-r--r-- 1 root root 353 jun 30 2017 db.empty
-rw-r--r-- 1 root root 270 jun 30 2017 db.local
-rw-r--r-- 1 root root 3,1K may 3 2019 db.root
-rw-r--r-- 1 root bind 458 feb 26 06:27 named.conf
-rw-r--r-- 1 root root 498 ago 25 2020 named.conf.default-zones
-rw-r--r-- 1 root root 1,2K jun 28 16:51 named.conf.local
-rw-r--r-- 1 root root 2,8K jun 27 17:44 named.conf.options
-rw-r----- 1 bind bind 144 may 17 13:51 rndc.key
drwxr-xr-x 2 root bind 4,0K jun 28 16:54 zonas
-rw-r--r-- 1 root root 1,3K jun 30 2017 zones.rfc1918
=== /etc/bind/zonas
total 40K
drwxr-xr-x 2 root bind 4,0K jun 28 16:54 .
drwxr-sr-x 3 root bind 4,0K jun 29 07:51 ..
-rw-r--r-- 1 bind bind 323 ene 16 10:59 133.45.210.170.in-addr.arpa
-rw-r--r-- 1 bind bind 394 ene 16 10:58
3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.6.4.4.0.0.0.1.1.0.0.0.8.2.ip6.arpa
-rw-r--r-- 1 bind bind 5,4K jun 22 12:40 db.unau.edu.ar
=== /var/cache/bind/keys/
total 24K
drwxrwx--- 2 root bind 4,0K jun 23 11:26 .
drwxrwxr-x 3 root bind 4,0K jun 28 16:56 ..
-rw-r----- 1 root bind 342 jun 23 11:25 Kunau.edu.ar.+013+33519.key
-rw-r----- 1 root bind 187 jun 23 11:25 Kunau.edu.ar.+013+33519.private
-rw-r----- 1 root bind 341 jun 23 11:25 Kunau.edu.ar.+013+44318.key
-rw-r----- 1 root bind 187 jun 23 11:25 Kunau.edu.ar.+013+44318.private
Error is not the same as before, I see it know (fresh eyes maybe)
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400
audit(1688038957.689:549): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
Jun 29 08:42:37 web kernel: [5679658.767241] audit: type=1400
audit(1688038957.689:549): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/tmp-JjAGwma8Hr" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
So, shouldn't that write attempt happen in /var/cache/bind?
El 28/6/23 a las 21:18, Mark Andrews escribió:
> Show us the current permissions now that you have fixed them including every directory from
> the root. The permissions you had originally where wrong and wouldn’t normally be that way.
> Something or someone changed them. It may have happened again. We can’t see what you see
> so you have to show more details. If you you still have an error message cut-and-paste the
> new one including time stamps.
>
>> On 29 Jun 2023, at 09:03, Daniel A. Rodriguez via bind-users<bind-users at lists.isc.org> wrote:
>>
>> Exactly the same
>>
>>
>> El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews<marka at isc.org> escribió:
>> The *exact* same error, word for word, or a different permission denied?
>>
>> On 29 Jun 2023, at 06:35, Daniel Armando Rodriguez via bind-users<bind-users at lists.isc.org> wrote:
>>
>> However, as soon as I added this
>>
>> dnssec-policy "default";
>> inline-signing yes;
>>
>> Error came up again :-(
>> --
>> Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us athttps://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> --
>> Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us athttps://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
--
________________________________________________
*Daniel A. Rodriguez*
/Informática, Conectividad y Sistemas/
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina
informatica.unau.edu.ar <https://informatica.unau.edu.ar>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230629/982fad25/attachment.htm>
More information about the bind-users
mailing list