Re: Running BIND8 chroot on Solaris: msg#00666 network.dns.bind.user

Joe,
I run named choort'ed from /chroot/named/usr/local/sbin to
/usr/local/sbin (via chroot cmd).
The options parm is statistics-file "/usr/local/sbin/named.stats" ;

I thought named needed write permissions to /usr/local/sbin, but it turns
out it needs permissions to /chroot/named/usr/local/sbin.
I thought once it 'chrooted' , it'd have nothing to do with the
/chroot/named.... directory, but I was wrong.

----- Forwarded by Jose A Campos/Houston/ExxonMobil on 05/29/03 08:59 PM
-----

Joseph Kattner

<joe@xxxxxxxxx> To:
jose.a.campos@xxxxxxxxxxxxxx, comp-protocols-dns-bind@xxxxxxx
cc:

Subject: Re: Running BIND8
chroot on Solaris
05/28/03 11:28 AM

At 08:41 AM 5/28/2003 -0500, jose.a.campos@xxxxxxxxxxxxxx wrote:

>can someone please expand on Mark's comment ? I'm having a similar
>problem, but with named.stats.
>
><snip>
>
> > The name server crashes with this error.
> > [ID 295310 daemon.crit] can't open '/etc/named.conf'
> >
> > d--x-wx--T 3 root other 512 May 27 16:49 etc
>
> If you are running with "-u" the etc is not searchable.
>
> t + !x -> T
>
><snip>

Jose,

What Mark is showing, is that named is run in chroot as a user, and does
not have permission to enter the etc directory, to access the named.conf
file it needs to process the reconfig command.

The permissions on etc above show permissions of 1130, the user bind can
not enter this directory and fails with a 'permission denied'. If you are
having problems with dumping stats, ensure that named has access to write
to the default directory, or wherever you pointed stats output with a
statistics-file directive.

--Joe

Previous by Date:	Re: bind 9 error: 00666, Mark_Andrews
Next by Date:	Re: Running BIND8 chroot on Solaris: 00666, those who know me have no need of my name
Previous by Thread:	Re: Running BIND8 chroot on Solarisi: 00666, [ADM]RS
Next by Thread:	Re: Running BIND8 chroot on Solaris: 00666, those who know me have no need of my name
Indexes:	[Date] [Thread] [Top] [All Lists]