Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 5th December 2005, 08:14
linuxfool linuxfool is offline
Junior Member
 
Join Date: Dec 2005
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Problem with server_bind_zonefile_dir

Hello all,

I seem to be experiencing an issue with the 'Management tool'

It seems that if I go to server > settings > dns my setting for Zonefiles Dir. gets set back to /etc/bind -- since I'm running centOS 4.2 with bind in a chroot, it should be '/var/named/chroot/var/named'

If I set this to the correct setting -- and save it, it shows back up as '/etc/bind' immediatly... If I look in the DB, server_bind_zonefile_dir is blank.

If I issue the following mysql query, it shows up correctly... for a bit... then something I do (in ispconfig) or a cron job, sets it back to /etc/bind and the DB field to notta/empty -- I haven't found what's setting it back.

mysql> update isp_server set server_bind_zonefile_dir = '/var/named/chroot/var/named' where doc_id=1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Any ideas?
Thanks
Reply With Quote
Sponsored Links
  #2  
Old 5th December 2005, 08:34
linuxfool linuxfool is offline
Junior Member
 
Join Date: Dec 2005
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Figured something out.

If I change anything in 'Management' > 'settings'...

For example to turn on Maildir

Save my change -- and then go back to the 'dns' tab -- I see the issue.

Thanks for any help.
ns
Reply With Quote
  #3  
Old 5th December 2005, 10:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Please post the output of
Code:
ls -la /var/named/chroot/var/named
and
Code:
ls -la /etc/bind
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 6th December 2005, 01:49
linuxfool linuxfool is offline
Junior Member
 
Join Date: Dec 2005
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

ls -la /var/named/chroot/var/named
total 56
drwxr-x--- 4 root named 4096 Dec 3 20:11 .
drwxrwx--- 5 root named 4096 Nov 29 21:35 ..
lrwxrwxrwx 1 root root 6 Dec 3 20:09 chroot -> ../../
drwxrwx--- 2 named named 4096 Dec 3 19:15 data
-rw-r--r-- 1 root root 2769 Dec 3 20:02 named.ca
-rw-r--r-- 1 root root 256 Dec 3 20:02 named.local
-rw-r--r-- 1 named named 630 Dec 3 21:48 pri.0.168.192.in-addr.arpa
-rw-r--r-- 1 named named 621 Dec 3 21:48 pri.0.168.192.in-addr.arpa~
-rw-r--r-- 1 named named 790 Dec 3 21:49 pri.domain.net
-rw-r--r-- 1 named named 784 Dec 3 21:49 pri.domain.net~
drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

==========================================

ls -la /etc/bind
ls: /etc/bind: No such file or directory

==========================================

As long as the config remains pointing to the right place, it works like a charm, It's just when I change anything else in 'settings' it goes back to /etc/bind and the database field goes back to being empty.


Thanks,
ns
Reply With Quote
  #5  
Old 6th December 2005, 11:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Ok, please also post the output of
Code:
ls -la /var/named/chroot/var
ISPConfig uses PHP's realpath() function to write the right zonefiles directory into the database. I think that causes your problem...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 7th December 2005, 14:39
Azathoth Azathoth is offline
Junior Member
 
Join Date: Dec 2005
Location: Linköping, Sweden
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am having the same problem. I am also running CentOS 4.2 and ISPConfig 2.1.1, recently installed. The output you requested from the previous poster:

Code:
drwxr-x---  4 root named 4096 Dec  7 11:36 /var/named/
drwxrwx---  5 root named 4096 Aug 18 10:39 /var/named/chroot/
drwxrwx---  5 root named 4096 Aug 18 10:39 /var/named/chroot/var/
drwxr-x---  4 root named 4096 Dec  7 12:24 /var/named/chroot/var/named/
Applying the following patch to the installation of ISPConfig in /home/admispconfig resolves the issue so the problem is indeed related to the use of the realpath() function.

Code:
diff -ur /home/admispconfig/ispconfig.orig/lib/classes/ispconfig_isp_server.lib.php /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_server.lib.php
--- /home/admispconfig/ispconfig.orig/lib/classes/ispconfig_isp_server.lib.php  2005-12-05 06:23:07.000000000 +0100
+++ /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_server.lib.php       2005-12-07 12:30:19.000000000 +0100
@@ -72,7 +72,7 @@
         if(!is_link($server["server_path_httpd_conf"])) $server["server_path_httpd_conf"] = realpath($server["server_path_httpd_conf"]);
         if(!is_link($server["server_path_httpd_root"])) $server["server_path_httpd_root"] = realpath($server["server_path_httpd_root"]);
         if(!is_link($server["server_path_httpd_error"])) $server["server_path_httpd_error"] = realpath($server["server_path_httpd_error"]);
-        if(!is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
+        //if(!is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
         if(!is_link($server["dist_init_scripts"])) $server["dist_init_scripts"] = realpath($server["dist_init_scripts"]);
         if(!is_link($server["dist_runlevel"])) $server["dist_runlevel"] = realpath($server["dist_runlevel"]);
         if(!is_link($server["dist_smrsh"])) $server["dist_smrsh"] = realpath($server["dist_smrsh"]);
@@ -127,7 +127,7 @@
         if(!@is_link($server["server_path_httpd_conf"])) $server["server_path_httpd_conf"] = realpath($server["server_path_httpd_conf"]);
         if(!@is_link($server["server_path_httpd_root"])) $server["server_path_httpd_root"] = realpath($server["server_path_httpd_root"]);
         if(!@is_link($server["server_path_httpd_error"])) $server["server_path_httpd_error"] = realpath($server["server_path_httpd_error"]);
-        if(!@is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
+        //if(!@is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
         if(!@is_link($server["dist_init_scripts"])) $server["dist_init_scripts"] = realpath($server["dist_init_scripts"]);
         if(!@is_link($server["dist_runlevel"])) $server["dist_runlevel"] = realpath($server["dist_runlevel"]);
         if(!@is_link($server["dist_smrsh"])) $server["dist_smrsh"] = realpath($server["dist_smrsh"]);
I am a bit unclear on why you are using realpath at all though. In CentOS 4.2 BIND is run in a chroot jail in /var/named/chroot. All paths in /var/named/chroot/var/named are symlinked to /var/named in the default installation. If I for example were to put the zone files in /var/named/data the zone files would be reachable by the same path in both the real filesystem and in the chroot jail.

However, with the use of realpath() in ISPConfig /var/named/data is expanded to /var/named/chroot/var/named/data. This is written to /etc/named.conf. As BIND attempts to start it can't find the chroot directory in its chroot jail. The fix for this, without changing the ISPConfig source code, is to make an extra symlink in BIND's chroot jail:

Quote:
ln -s / /var/named/chroot/var/named/chroot
If ISPConfig didn't try to expand symlinks this wouldn't be necessary.
Reply With Quote
  #7  
Old 7th December 2005, 16:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
drwxr-x--- 4 root named 4096 Dec 7 11:36 /var/named/
drwxrwx--- 5 root named 4096 Aug 18 10:39 /var/named/chroot/
drwxrwx--- 5 root named 4096 Aug 18 10:39 /var/named/chroot/var/
drwxr-x--- 4 root named 4096 Dec 7 12:24 /var/named/chroot/var/named/
That's why realpath() fails: the directories can't be read by anyone else than root and named because of the permissions. If you changed the directories' permissions so that they can be read by anyone then realpath() would work.

Quote:
I am a bit unclear on why you are using realpath at all though.
To prevent users from typing in wrong paths, etc.

Quote:
However, with the use of realpath() in ISPConfig /var/named/data is expanded to /var/named/chroot/var/named/data. This is written to /etc/named.conf. As BIND attempts to start it can't find the chroot directory in its chroot jail. The fix for this, without changing the ISPConfig source code, is to make an extra symlink in BIND's chroot jail:

Code:
ln -s / /var/named/chroot/var/named/chroot
That's what I describe in the Fedora tutorials ( http://www.howtoforge.com/perfect_se...dora_core_4_p3 and http://www.howtoforge.com/perfect_se...dora_core_3_p3 ):

Code:
chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 755 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
Fedora and CentOS are very similar.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 7th December 2005, 16:54
Azathoth Azathoth is offline
Junior Member
 
Join Date: Dec 2005
Location: Linköping, Sweden
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
That's why realpath() fails: the directories can't be read by anyone else than root and named because of the permissions. If you changed the directories' permissions so that they can be read by anyone then realpath() would work.
This is not a good idea if sensitive data is stored in the zone file directory, such as DNSSEC information. I would either recommend that the realpath() function be run as a privileged user by ISPConfig or, if the realpath() function fails due to privilege problems, the path entered by the user is preserved as is.

I can't find any error handler in the ISPConfig code that checks for sane return values from the realpath() function. Since the function returns an empty value on error it might be prudent to check for empty return values before inserting them into the SQL database.

Quote:
Originally Posted by falko
That's what I describe in the Fedora tutorials ( http://www.howtoforge.com/perfect_se...dora_core_4_p3 and http://www.howtoforge.com/perfect_se...dora_core_3_p3 ):

Fedora and CentOS are very similar.
Thanks for pointing it out. I read through several of the guides before installing ISPConfig but I must have missed that specific detail.
Reply With Quote
  #9  
Old 13th December 2005, 15:13
fayaz fayaz is offline
Junior Member
 
Join Date: Dec 2005
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default ispconfig configring prob

hi

1.the problem in the isp management-->server--->services when in click on this
it exits going back to the login screen.
2.any entry made is not logged like creating resellers/clients
Reply With Quote
  #10  
Old 13th December 2005, 15:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,788
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
 
Default

Quote:
Originally Posted by fayaz
1.the problem in the isp management-->server--->services when in click on this
it exits going back to the login screen.
Please have a look here, it might be the same problem then with the missing pages:

http://www.howtoforge.com/forums/showthread.php?t=241

You must login with the URL that is in the config.inc.php file.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with https and IE on Mac os and safari DarkBen Installation/Configuration 11 29th September 2006 18:45
Problem with UebiMiau sodapop General 4 25th November 2005 10:51
ISPConfig pop3 problem mphayesuk General 21 31st October 2005 11:53
Problem installing ISPConfig, then with MySQL... ctroyp Installation/Configuration 7 26th September 2005 17:37
Installation problem: PHP problem? hgoor Installation/Configuration 7 21st August 2005 23:15


All times are GMT +2. The time now is 04:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.