HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Problem with server_bind_zonefile_dir (http://www.howtoforge.com/forums/showthread.php?t=1537)

linuxfool 5th December 2005 07:14

Problem with server_bind_zonefile_dir
 
Hello all,

I seem to be experiencing an issue with the 'Management tool'

It seems that if I go to server > settings > dns my setting for Zonefiles Dir. gets set back to /etc/bind -- since I'm running centOS 4.2 with bind in a chroot, it should be '/var/named/chroot/var/named'

If I set this to the correct setting -- and save it, it shows back up as '/etc/bind' immediatly... If I look in the DB, server_bind_zonefile_dir is blank.

If I issue the following mysql query, it shows up correctly... for a bit... then something I do (in ispconfig) or a cron job, sets it back to /etc/bind and the DB field to notta/empty -- I haven't found what's setting it back.

mysql> update isp_server set server_bind_zonefile_dir = '/var/named/chroot/var/named' where doc_id=1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Any ideas?
Thanks

linuxfool 5th December 2005 07:34

Figured something out.

If I change anything in 'Management' > 'settings'...

For example to turn on Maildir

Save my change -- and then go back to the 'dns' tab -- I see the issue.

Thanks for any help.
ns

falko 5th December 2005 09:45

Please post the output of
Code:

ls -la /var/named/chroot/var/named
and
Code:

ls -la /etc/bind

linuxfool 6th December 2005 00:49

ls -la /var/named/chroot/var/named
total 56
drwxr-x--- 4 root named 4096 Dec 3 20:11 .
drwxrwx--- 5 root named 4096 Nov 29 21:35 ..
lrwxrwxrwx 1 root root 6 Dec 3 20:09 chroot -> ../../
drwxrwx--- 2 named named 4096 Dec 3 19:15 data
-rw-r--r-- 1 root root 2769 Dec 3 20:02 named.ca
-rw-r--r-- 1 root root 256 Dec 3 20:02 named.local
-rw-r--r-- 1 named named 630 Dec 3 21:48 pri.0.168.192.in-addr.arpa
-rw-r--r-- 1 named named 621 Dec 3 21:48 pri.0.168.192.in-addr.arpa~
-rw-r--r-- 1 named named 790 Dec 3 21:49 pri.domain.net
-rw-r--r-- 1 named named 784 Dec 3 21:49 pri.domain.net~
drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

==========================================

ls -la /etc/bind
ls: /etc/bind: No such file or directory

==========================================

As long as the config remains pointing to the right place, it works like a charm, It's just when I change anything else in 'settings' it goes back to /etc/bind and the database field goes back to being empty.


Thanks,
ns

falko 6th December 2005 10:28

Ok, please also post the output of
Code:

ls -la /var/named/chroot/var
ISPConfig uses PHP's realpath() function to write the right zonefiles directory into the database. I think that causes your problem...

Azathoth 7th December 2005 13:39

I am having the same problem. I am also running CentOS 4.2 and ISPConfig 2.1.1, recently installed. The output you requested from the previous poster:

Code:

drwxr-x---  4 root named 4096 Dec  7 11:36 /var/named/
drwxrwx---  5 root named 4096 Aug 18 10:39 /var/named/chroot/
drwxrwx---  5 root named 4096 Aug 18 10:39 /var/named/chroot/var/
drwxr-x---  4 root named 4096 Dec  7 12:24 /var/named/chroot/var/named/

Applying the following patch to the installation of ISPConfig in /home/admispconfig resolves the issue so the problem is indeed related to the use of the realpath() function.

Code:

diff -ur /home/admispconfig/ispconfig.orig/lib/classes/ispconfig_isp_server.lib.php /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_server.lib.php
--- /home/admispconfig/ispconfig.orig/lib/classes/ispconfig_isp_server.lib.php  2005-12-05 06:23:07.000000000 +0100
+++ /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_server.lib.php      2005-12-07 12:30:19.000000000 +0100
@@ -72,7 +72,7 @@
        if(!is_link($server["server_path_httpd_conf"])) $server["server_path_httpd_conf"] = realpath($server["server_path_httpd_conf"]);
        if(!is_link($server["server_path_httpd_root"])) $server["server_path_httpd_root"] = realpath($server["server_path_httpd_root"]);
        if(!is_link($server["server_path_httpd_error"])) $server["server_path_httpd_error"] = realpath($server["server_path_httpd_error"]);
-        if(!is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
+        //if(!is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
        if(!is_link($server["dist_init_scripts"])) $server["dist_init_scripts"] = realpath($server["dist_init_scripts"]);
        if(!is_link($server["dist_runlevel"])) $server["dist_runlevel"] = realpath($server["dist_runlevel"]);
        if(!is_link($server["dist_smrsh"])) $server["dist_smrsh"] = realpath($server["dist_smrsh"]);
@@ -127,7 +127,7 @@
        if(!@is_link($server["server_path_httpd_conf"])) $server["server_path_httpd_conf"] = realpath($server["server_path_httpd_conf"]);
        if(!@is_link($server["server_path_httpd_root"])) $server["server_path_httpd_root"] = realpath($server["server_path_httpd_root"]);
        if(!@is_link($server["server_path_httpd_error"])) $server["server_path_httpd_error"] = realpath($server["server_path_httpd_error"]);
-        if(!@is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
+        //if(!@is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
        if(!@is_link($server["dist_init_scripts"])) $server["dist_init_scripts"] = realpath($server["dist_init_scripts"]);
        if(!@is_link($server["dist_runlevel"])) $server["dist_runlevel"] = realpath($server["dist_runlevel"]);
        if(!@is_link($server["dist_smrsh"])) $server["dist_smrsh"] = realpath($server["dist_smrsh"]);

I am a bit unclear on why you are using realpath at all though. In CentOS 4.2 BIND is run in a chroot jail in /var/named/chroot. All paths in /var/named/chroot/var/named are symlinked to /var/named in the default installation. If I for example were to put the zone files in /var/named/data the zone files would be reachable by the same path in both the real filesystem and in the chroot jail.

However, with the use of realpath() in ISPConfig /var/named/data is expanded to /var/named/chroot/var/named/data. This is written to /etc/named.conf. As BIND attempts to start it can't find the chroot directory in its chroot jail. The fix for this, without changing the ISPConfig source code, is to make an extra symlink in BIND's chroot jail:

Quote:

ln -s / /var/named/chroot/var/named/chroot
If ISPConfig didn't try to expand symlinks this wouldn't be necessary.

falko 7th December 2005 15:27

Quote:

drwxr-x--- 4 root named 4096 Dec 7 11:36 /var/named/
drwxrwx--- 5 root named 4096 Aug 18 10:39 /var/named/chroot/
drwxrwx--- 5 root named 4096 Aug 18 10:39 /var/named/chroot/var/
drwxr-x--- 4 root named 4096 Dec 7 12:24 /var/named/chroot/var/named/
That's why realpath() fails: the directories can't be read by anyone else than root and named because of the permissions. If you changed the directories' permissions so that they can be read by anyone then realpath() would work.

Quote:

I am a bit unclear on why you are using realpath at all though.
To prevent users from typing in wrong paths, etc.

Quote:

However, with the use of realpath() in ISPConfig /var/named/data is expanded to /var/named/chroot/var/named/data. This is written to /etc/named.conf. As BIND attempts to start it can't find the chroot directory in its chroot jail. The fix for this, without changing the ISPConfig source code, is to make an extra symlink in BIND's chroot jail:

Code:

ln -s / /var/named/chroot/var/named/chroot

That's what I describe in the Fedora tutorials ( http://www.howtoforge.com/perfect_se...dora_core_4_p3 and http://www.howtoforge.com/perfect_se...dora_core_3_p3 ):

Code:

chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 755 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot

Fedora and CentOS are very similar.

Azathoth 7th December 2005 15:54

Quote:

Originally Posted by falko
That's why realpath() fails: the directories can't be read by anyone else than root and named because of the permissions. If you changed the directories' permissions so that they can be read by anyone then realpath() would work.

This is not a good idea if sensitive data is stored in the zone file directory, such as DNSSEC information. I would either recommend that the realpath() function be run as a privileged user by ISPConfig or, if the realpath() function fails due to privilege problems, the path entered by the user is preserved as is.

I can't find any error handler in the ISPConfig code that checks for sane return values from the realpath() function. Since the function returns an empty value on error it might be prudent to check for empty return values before inserting them into the SQL database.

Quote:

Originally Posted by falko
That's what I describe in the Fedora tutorials ( http://www.howtoforge.com/perfect_se...dora_core_4_p3 and http://www.howtoforge.com/perfect_se...dora_core_3_p3 ):

Fedora and CentOS are very similar.

Thanks for pointing it out. I read through several of the guides before installing ISPConfig but I must have missed that specific detail.

fayaz 13th December 2005 14:13

ispconfig configring prob
 
hi

1.the problem in the isp management-->server--->services when in click on this
it exits going back to the login screen.
2.any entry made is not logged like creating resellers/clients

till 13th December 2005 14:19

Quote:

Originally Posted by fayaz
1.the problem in the isp management-->server--->services when in click on this
it exits going back to the login screen.

Please have a look here, it might be the same problem then with the missing pages:

http://www.howtoforge.com/forums/showthread.php?t=241

You must login with the URL that is in the config.inc.php file.


All times are GMT +2. The time now is 20:15.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.