Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 5th May 2008, 14:36
Spezi2u Spezi2u is offline
Junior Member
 
Join Date: Apr 2008
Location: Frankfurt/M.
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default just one more little thing ...

if you happen to put your local zones in a subdirectory of i.e. /etc/bind don't forget to add all dirs into the apparmor file.

Code:
[...]

/etc/bind/zones/*  rw,
/etc/bind/zones/external/* rw,
/etc/bind/zones/internal/* rw,

[...]
...have fun.
Michael
Reply With Quote
Sponsored Links
  #12  
Old 5th May 2008, 14:42
Spezi2u Spezi2u is offline
Junior Member
 
Join Date: Apr 2008
Location: Frankfurt/M.
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Red face sorry ...

... I think I am still on WE. The last post should be reading:

Code:
[...]

/var/lib/named/etc/bind/zones/* rw,
/var/lib/named/etc/bind/zones/external/* rw,
/var/lib/named/etc/bind/zones/internal/* rw,

[...]
Reply With Quote
  #13  
Old 13th May 2008, 11:16
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

for some reason, it doesn't work here..

i even copied the whole sample into my file.

only when i stop apparmor it works again.

any ideas?

ubuntu 8.04 perfect server + ispconfig etc.

thank you
Reply With Quote
  #14  
Old 14th May 2008, 17:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,748 Times in 2,579 Posts
Default

It's strongly recommended to disable AppArmor. See chapter 10 on http://www.howtoforge.com/perfect-se...ntu8.04-lts-p3
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
ahsamuel (14th May 2008)
  #15  
Old 14th May 2008, 19:00
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Thumbs up

thank you, i must have overread this line...
Reply With Quote
  #16  
Old 24th May 2008, 17:07
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 13 Times in 7 Posts
Default

Quote:
Originally Posted by falko
It's strongly recommended to disable AppArmor. See chapter 10 on http://www.howtoforge.com/perfect-se...ntu8.04-lts-p3
Do you mind to tell why that is ( aside from the troubles with installing ISPconfig ) ?

Shouldn't that line then read as > It's strongly recommended to disable AppArmor when installing ISPconfig....

Currently I have no troubles whatsoever keeping it installed...

I do have some thoughts on the combination chroot / apparmor as it might well be that instead of adding security, security might get actually weaker. A simple " it's recommended " definitely won't do for an answer....

__________________
Windows, the only virus you pay for

Last edited by Djamu; 24th May 2008 at 17:34.
Reply With Quote
  #17  
Old 25th June 2008, 17:15
brokenshadows brokenshadows is offline
Junior Member
 
Join Date: Jun 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I still can't get bind9 to start...I've tried the suggestions in this post as well as several others I've found and I'm still getting a permission denied error...

the biggest problem is that I've been using linux for about a week now, so I still know enough to barely fill a thimble-full

the other thing I noticed is that even though I followed falko's instructions on disabling apparmor, it restarts every time I reboot the machine...but I don't think the bind9 error has anything to do with apparmor considering the error is the same whether apparmor is running or not

I know...I probably sound like an idiot...but I'm a confused idiot and would love a little help here :P
Reply With Quote
  #18  
Old 25th June 2008, 18:13
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 13 Times in 7 Posts
Default

Quote:
Originally Posted by brokenshadows View Post
...
the other thing I noticed is that even though I followed falko's instructions on disabling apparmor, it restarts every time I reboot the machine...but I don't think the bind9 error has anything to do with apparmor considering the error is the same whether apparmor is running or not
...
k.
well I suggest continuing learning linux coz it's a wonderful thing...
...
now, your problem at hand...
the chances of getting proper help on the forums grows as you provide good info..
so before anything else > what Linux flavour are you using ( they all differ a little > places of configs / commands etc... )
are you familiar with file permissions ( does 777 / 644 ring a bell ? )
owner permissions ? ( not all users can run all services )...
I've got to go for a couple of hours, but will be back in 2-3 from now on


__________________
Windows, the only virus you pay for
Reply With Quote
  #19  
Old 21st December 2008, 22:54
docfx docfx is offline
Junior Member
 
Join Date: Dec 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy Bind9 still failing...

Installed Hardy updated to 8.04.1LTS w/LVM

All was well,
Code:
Dec 20 16:21:14 wonder named[31642]: starting BIND 9.4.2-P2 -u bind
Dec 20 16:21:14 wonder named[31642]: found 1 CPU, using 1 worker thread
Dec 20 16:21:14 wonder named[31642]: loading configuration from '/etc/bind/named.conf'
Dec 20 16:21:14 wonder named[31642]: listening on IPv6 interfaces, port 53
then I started going thru the Howtoforge "perfect server" tutorial. Got to the part where bind gets chrooted and...

Bind 9 fails - acc'd to /var/log/syslog:
Code:
Dec 21 14:00:54 wonder named[6828]: starting BIND 9.4.2-P2 -u bind -t /var/lib/named
Dec 21 14:00:54 wonder named[6828]: found 1 CPU, using 1 worker thread
Dec 21 14:00:54 wonder named[6828]: loading configuration from '/etc/bind/named.conf'
Dec 21 14:00:54 wonder named[6828]: none:0: open: /etc/bind/named.conf: permission denied
Dec 21 14:00:54 wonder named[6828]: loading configuration: permission denied
Dec 21 14:00:54 wonder named[6828]: exiting (due to fatal error)
Have tried it, per the tutorial ( w/ AppArmor disabled/purged ) as well as per Ubuntu Forum ( ubuntuforums.org/showthread.php?t=735188&highlight=bind9+fail ).

AppArmor is currently running and my usr.sbin.named is:
Code:
# vim:syntax=apparmor
# Last Modified: Fri Jun  1 16:43:22 2007
#include <tunables/global>

/usr/sbin/named {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,

  # /etc/bind should be read-only for bind
  # /var/lib/bind is for dynamically updated zone (and journal) files.
  # /var/cache/bind is for slave/stub data, since we're not the origin of it.
  # See /usr/share/doc/bind9/README.Debian.gz
  # /etc/bind/** r,

  # Dynamic updates needs zone and journal files rw. We just allow rw for all
  # in /etc/bind, and let DAC handle the rest > moved to /var/lib/named/etc/bind
  /var/lib/named/etc/bind/* rw,

  # if local zones are in a subdirectory
  /var/lib/named/etc/bind/zones/* rw,
  /var/lib/named/etc/bind/zones/external/* rw,
  /var/lib/named/etc/bind/zones/internal/* rw,

  /var/lib/bind/** rw,
  /var/lib/bind/ rw,
  /var/cache/bind/** rw,
  /var/cache/bind/ rw,

  # some people like to put logs in /var/log/named/
  /var/log/named/** rw,

  # dnscvsutil package
  /var/lib/dnscvsutil/compiled/** rw,

  /proc/net/if_inet6 r,
  /usr/sbin/named mr,
  /var/lib/named/var/run/bind/run/named.pid w,
  #/var/run/bind/run/named.pid w,
  # support for resolvconf
  /var/lib/named/var/run/bind/named.options r,
  #/var/run/bind/named.options r,

# add also following lines thanks to Spezi2u
  /var/lib/named/dev/null rw,
  /var/lib/named/dev/random rw,

}
Contents of /etc/bind/ aka /var/lib/named/etc/bind/ are:
Code:
-rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.0
-rw-r--r-- 1 bind bind  271 2008-04-09 15:44 db.127
-rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.255
-rw-r--r-- 1 bind bind  353 2008-04-09 15:44 db.empty
-rw-r--r-- 1 bind bind  270 2008-04-09 15:44 db.local
-rw-r--r-- 1 bind bind 2878 2008-04-09 15:44 db.root
-rw-r--r-- 1 bind bind  907 2008-04-09 15:44 named.conf
-rw-r--r-- 1 bind bind  165 2008-04-09 15:44 named.conf.local
-rw-r--r-- 1 bind bind 3041 2008-12-21 13:51 named.conf.options
-rw------- 1 root root  695 2008-12-21 13:51 named.conf.options~
-rw-r----- 1 bind bind   77 2008-05-26 17:26 rndc.key
-rw-r--r-- 1 bind bind 1317 2008-04-09 15:44 zones.rfc1918
and still bind9 refuses to start from CLI or during reboot... It doesn't see to make any difference if I use OPTIONS="-u bind -t /var/lib/named" or OPTIONS="-u bind".

Any suggestions would greatly appreciated.
Reply With Quote
  #20  
Old 22nd December 2008, 12:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,748 Times in 2,579 Posts
 
Default

What's the output of
Code:
ls -la /var/lib/named/etc/bind
, and what's in named.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Too many open files in system" problems Berry Installation/Configuration 3 10th November 2007 22:58
Problem on restart bind9 satimis Server Operation 6 30th October 2007 03:01
BIND fails to start valtech Installation/Configuration 1 16th September 2007 20:55
Installation fails on Ubuntu 6.06 Jcorrea920 Installation/Configuration 2 23rd April 2007 21:14
Log for Debugging jwan Installation/Configuration 5 27th October 2006 15:34


All times are GMT +2. The time now is 02:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.