分类:
2009-12-24 17:36:11
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050514 Description of problem: A simple permission problem in /var/named/chroot/named. Where the permission is drwxr-x--- 4 root named 4096 Jun 22 15:36 named must be drwxr-x--- 4 named named 4096 Jun 22 15:36 named The wrong permission give me this problem with the dhcp and ddns Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' A Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' TXT Jun 22 15:38:51 ldap named[10587]: journal file expresso.intra.zone.jnl does not exist, creating it ------------------------- Jun 22 15:38:51 ldap named[10587]: expresso.intra.zone.jnl: create: permission denied ------------------------- Version-Release number of selected component (if applicable): bind-9.3.1-4 bind-chroot-9.3.1-4 How reproducible: Always Steps to Reproduce: 1.Configure DHCP with ddns (hand) 2.Configure bind (hand) 3.Try add a Windows workstation to the network with dhcp client enabled Actual Results: Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' A Jun 22 15:38:51 ldap named[10587]: client 127.0.0.1#32807: updating zone 'expresso.intra/IN': adding an RR at 'notas.expresso.intra' TXT Jun 22 15:38:51 ldap named[10587]: journal file expresso.intra.zone.jnl does not exist, creating it ------------------------- Jun 22 15:38:51 ldap named[10587]: expresso.intra.zone.jnl: create: permission denied ------------------------- bind can`t add the notas.expresso.intra host to the expresso.intra zone file Expected Results: a simple chmod resolved the problem Additional info:
Solution:
Comment From Jason Vas Dias 2005-07-05 13:46:58 EDT ------- The root:named ownership of the $ROOTDIR/var/named directory is as
mandated by our security response team, and is not a bug.
You can put the DDNS updateable zone files under the
$ROOTDIR/var/named/slaves directory, eg. with
zone "expresso.intra" in {... file "slaves/expresso.intra.zone"; ...}
or you can make the ownership change to named:named by editing
/etc/sysconfig/named to say:
" ENABLE_ZONE_WRITE=yes
".
Note that the master zone file ("expresso.intra.zone") must
also be owned by named:named for named to update it successfully.
This is documented in the named(8) man-page - also see the
named_selinux(8) man-page.