FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-18-2008, 03:48 PM
Gijs
 
Default bind update keeps messing up write-rights

Hey List,

Not sure why this is happening so perhaps someone can explain this to me.
Whenever I update bind it messes up/resets access rights on my zone
files. Now normally this wouldn't be a bad thing, but because I have
dynamic updates on, for which named creates journalizing files, I end up
having non-writeable journalizing files. So after every update I end up
having to manually change the access rights on my jnl files.


Is anyone else having the same problem and/or is it supposed to be like
this?


Regards, Gijs

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-18-2008, 03:59 PM
Steve Searle
 
Default bind update keeps messing up write-rights

Around 04:48pm on Friday, July 18, 2008 (UK time), Gijs scrawled:

> Not sure why this is happening so perhaps someone can explain this to me.
> Whenever I update bind it messes up/resets access rights on my zone
> files. Now normally this wouldn't be a bad thing, but because I have
> dynamic updates on, for which named creates journalizing files, I end up
> having non-writeable journalizing files. So after every update I end up
> having to manually change the access rights on my jnl files.
>
> Is anyone else having the same problem and/or is it supposed to be like
> this?

I am having exactly this problem on my CentOS server. It started
recently and I haven't managed to fix it, or find any more about it yet.

It bugs the hell out of me - if you do get a solution outside this
board can you let me know.

thanks

Steve

--

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting a bad thing?

16:51:47 up 21 days, 6:42, 1 user, load average: 0.33, 0.24, 0.10
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-18-2008, 04:36 PM
Rick Stevens
 
Default bind update keeps messing up write-rights

Steve Searle wrote:

Around 04:48pm on Friday, July 18, 2008 (UK time), Gijs scrawled:


Not sure why this is happening so perhaps someone can explain this to me.
Whenever I update bind it messes up/resets access rights on my zone
files. Now normally this wouldn't be a bad thing, but because I have
dynamic updates on, for which named creates journalizing files, I end up
having non-writeable journalizing files. So after every update I end up
having to manually change the access rights on my jnl files.


Is anyone else having the same problem and/or is it supposed to be like
this?


I am having exactly this problem on my CentOS server. It started
recently and I haven't managed to fix it, or find any more about it yet.

It bugs the hell out of me - if you do get a solution outside this
board can you let me know.


It's undoubtedly one of the %post scripts in the rpm that's doing it.
Bugzilla it.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer rps2@nerd.com -
- Hosting Consulting, Inc. -
- -
- Change is inevitable, except from a vending machine. -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-18-2008, 04:54 PM
Craig White
 
Default bind update keeps messing up write-rights

On Fri, 2008-07-18 at 09:36 -0700, Rick Stevens wrote:
> Steve Searle wrote:
> > Around 04:48pm on Friday, July 18, 2008 (UK time), Gijs scrawled:
> >
> >> Not sure why this is happening so perhaps someone can explain this to me.
> >> Whenever I update bind it messes up/resets access rights on my zone
> >> files. Now normally this wouldn't be a bad thing, but because I have
> >> dynamic updates on, for which named creates journalizing files, I end up
> >> having non-writeable journalizing files. So after every update I end up
> >> having to manually change the access rights on my jnl files.
> >>
> >> Is anyone else having the same problem and/or is it supposed to be like
> >> this?
> >
> > I am having exactly this problem on my CentOS server. It started
> > recently and I haven't managed to fix it, or find any more about it yet.
> >
> > It bugs the hell out of me - if you do get a solution outside this
> > board can you let me know.
>
> It's undoubtedly one of the %post scripts in the rpm that's doing it.
> Bugzilla it.
----
actually, I don't use Fedora for bind but rather RHEL or CentOS and it
exhibits the same behavior if I have dynamic updates turned on too. The
same thing happens if I just restart manually but seemingly not when
logs rotate. I presume that a complete shutdown/restart should have the
initscript delete the journal files or something but I never bothered
trying to figure it out.

you can chmod g+s, g+w /var/named/chroot/var/named to ensure that the
journal files are always created as group named

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-18-2008, 05:16 PM
Gijs
 
Default bind update keeps messing up write-rights

Craig White wrote:

On Fri, 2008-07-18 at 09:36 -0700, Rick Stevens wrote:


Steve Searle wrote:


Around 04:48pm on Friday, July 18, 2008 (UK time), Gijs scrawled:



Not sure why this is happening so perhaps someone can explain this to me.
Whenever I update bind it messes up/resets access rights on my zone
files. Now normally this wouldn't be a bad thing, but because I have
dynamic updates on, for which named creates journalizing files, I end up
having non-writeable journalizing files. So after every update I end up
having to manually change the access rights on my jnl files.

Is anyone else having the same problem and/or is it supposed to be like
this?


I am having exactly this problem on my CentOS server. It started
recently and I haven't managed to fix it, or find any more about it yet.

It bugs the hell out of me - if you do get a solution outside this
board can you let me know.


It's undoubtedly one of the %post scripts in the rpm that's doing it.
Bugzilla it.


----
actually, I don't use Fedora for bind but rather RHEL or CentOS and it
exhibits the same behavior if I have dynamic updates turned on too. The
same thing happens if I just restart manually but seemingly not when
logs rotate. I presume that a complete shutdown/restart should have the
initscript delete the journal files or something but I never bothered
trying to figure it out.

you can chmod g+s, g+w /var/named/chroot/var/named to ensure that the
journal files are always created as group named

Craig



I only see the problem occur after I update, not when I
restart/shutdown named.

And I kinda had the same feeling, about not wanting to bother to try
and figure it out, but this has happened so many times before, I got
kinda annoyed of it :P



And your solution, using chmod, might work if named recreates journal
files every restart. But when I restart named, it does not recreate
them. It just leaves them as they are (neither does it chown/chmod them
for that matter). Maybe RHEL recreates jnl files every restart, but
that I don't know



Anyway, the bug is filed under:

https://bugzilla.redhat.com/show_bug.cgi?id=455894



Regards, Gijs



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-18-2008, 07:10 PM
Kevin Martin
 
Default bind update keeps messing up write-rights

<snip>

you can chmod g+s, g+w /var/named/chroot/var/named to ensure that the
journal files are always created as group named

Craig


I only see the problem occur after I update, not when I
restart/shutdown named.
And I kinda had the same feeling, about not wanting to bother to try
and figure it out, but this has happened so many times before, I got
kinda annoyed of it :P


And your solution, using chmod, might work if named recreates journal
files every restart. But when I restart named, it does not recreate
them. It just leaves them as they are (neither does it chown/chmod
them for that matter). Maybe RHEL recreates jnl files every restart,
but that I don't know


Anyway, the bug is filed under:
https://bugzilla.redhat.com/show_bug.cgi?id=455894

Regards, Gijs



Cool, glad that's been bugzilla'd as I've seen it happening for some
time now as well but just went ahead and chmod'd and chown'd them as
needed to get back to a working state.


Kevin

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-18-2008, 10:29 PM
Sam Varshavchik
 
Default bind update keeps messing up write-rights

Gijs writes:


Hey List,

Not sure why this is happening so perhaps someone can explain this to me.
Whenever I update bind it messes up/resets access rights on my zone
files. Now normally this wouldn't be a bad thing, but because I have
dynamic updates on, for which named creates journalizing files, I end up
having non-writeable journalizing files. So after every update I end up
having to manually change the access rights on my jnl files.


Is anyone else having the same problem and/or is it supposed to be like
this?


You must have bind configured to run in chroot.

rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you have
chroot configured, it runs this lovely bit of code:


chown -h root:named /var/named/* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null 2>&1;
chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.* >/dev/null 2>&1;
chown -h named:named /var/log/named.log >/dev/null 2>&1;
chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log >/dev/null 2>&1;
chmod 750 ${pfx}/var/named >/dev/null 2>&1;
chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
chown -h named:named /var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1;
chown -h named:named ${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1;
chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null 2>&1;
chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*} >/dev/null 2>&1;
chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.} >/dev/null 2>&1;

Lovely.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-19-2008, 09:47 AM
Gijs
 
Default bind update keeps messing up write-rights

Sam Varshavchik wrote:

Gijs writes:


Hey List,

Not sure why this is happening so perhaps someone can explain this to
me.
Whenever I update bind it messes up/resets access rights on my zone
files. Now normally this wouldn't be a bad thing, but because I have
dynamic updates on, for which named creates journalizing files, I end
up having non-writeable journalizing files. So after every update I
end up having to manually change the access rights on my jnl files.


Is anyone else having the same problem and/or is it supposed to be
like this?


You must have bind configured to run in chroot.

rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you have
chroot configured, it runs this lovely bit of code:


chown -h root:named /var/named/* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null 2>&1;
chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.*
>/dev/null 2>&1;

chown -h named:named /var/log/named.log >/dev/null 2>&1;
chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log
>/dev/null 2>&1;

chmod 750 ${pfx}/var/named >/dev/null 2>&1;
chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
chown -h named:named
/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1;
chown -h named:named
${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
>/dev/null 2>&1;

chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null 2>&1;
chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*} >/dev/null
2>&1;
chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.}
>/dev/null 2>&1;


Lovely.

Heh, that's indeed lovely. And yea, I've got named configured to run in
chroot as it is the default nowadays (at least on Fedora).


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-19-2008, 10:26 AM
"Christopher K. Johnson"
 
Default bind update keeps messing up write-rights

Gijs wrote:

Sam Varshavchik wrote:

Gijs writes:


Hey List,

Not sure why this is happening so perhaps someone can explain this
to me.
Whenever I update bind it messes up/resets access rights on my zone
files. Now normally this wouldn't be a bad thing, but because I have
dynamic updates on, for which named creates journalizing files, I
end up having non-writeable journalizing files. So after every
update I end up having to manually change the access rights on my
jnl files.


Is anyone else having the same problem and/or is it supposed to be
like this?


You must have bind configured to run in chroot.

rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you
have chroot configured, it runs this lovely bit of code:


chown -h root:named /var/named/* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null
2>&1;

chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.*
>/dev/null 2>&1;

chown -h named:named /var/log/named.log >/dev/null 2>&1;
chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log
>/dev/null 2>&1;

chmod 750 ${pfx}/var/named >/dev/null 2>&1;
chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
chown -h named:named
/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1;
chown -h named:named
${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
>/dev/null 2>&1;

chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null 2>&1;
chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*} >/dev/null
2>&1;
chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.}
>/dev/null 2>&1;


Lovely.

Heh, that's indeed lovely. And yea, I've got named configured to run
in chroot as it is the default nowadays (at least on Fedora).



You should note that the 'dynamic' subfolder contents are set to mode 660.
Move your updateable zone files there and update the referenced paths in
named.conf accordingly.


Chris

--
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #804005699817957

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-19-2008, 11:55 AM
Gijs
 
Default bind update keeps messing up write-rights

Christopher K. Johnson wrote:

Gijs wrote:

Sam Varshavchik wrote:

Gijs writes:


Hey List,

Not sure why this is happening so perhaps someone can explain this
to me.
Whenever I update bind it messes up/resets access rights on my zone
files. Now normally this wouldn't be a bad thing, but because I
have dynamic updates on, for which named creates journalizing
files, I end up having non-writeable journalizing files. So after
every update I end up having to manually change the access rights
on my jnl files.


Is anyone else having the same problem and/or is it supposed to be
like this?


You must have bind configured to run in chroot.

rpm's %post script runs /usr/sbin/bind-chroot-admin where, if you
have chroot configured, it runs this lovely bit of code:


chown -h root:named /var/named/* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null
2>&1;

chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.*
>/dev/null 2>&1;

chown -h named:named /var/log/named.log >/dev/null 2>&1;
chown -h named:named ${BIND_CHROOT_PREFIX}/var/log/named.log
>/dev/null 2>&1;

chmod 750 ${pfx}/var/named >/dev/null 2>&1;
chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
chmod 750 ${pfx}/var/named/*/. >/dev/null 2>&1;
chmod 660 ${pfx}/var/log/named.log >/dev/null 2>&1;
chown -h named:named
/var/named/{data{,/*},slaves{,/*},dynamic{,/*}} >/dev/null 2>&1;
chown -h named:named
${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
>/dev/null 2>&1;

chmod 770 ${pfx}/var/named/{data,slaves,dynamic} >/dev/null 2>&1;
chmod 660 ${pfx}/var/named/{data/*,slaves/*,dynamic/*} >/dev/null
2>&1;
chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.}
>/dev/null 2>&1;


Lovely.

Heh, that's indeed lovely. And yea, I've got named configured to run
in chroot as it is the default nowadays (at least on Fedora).


You should note that the 'dynamic' subfolder contents are set to mode
660.
Move your updateable zone files there and update the referenced paths
in named.conf accordingly.


Chris

Yep, completely true. After checking the man file, it indeed says that
writeable zone files should be placed in one of the 3 directories in
/var/named/{data,slaves,dynamic}.

Good thing we finally got that one sorted out

Thanks

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 09:33 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org