[Solved] Bind Not Starting on Ubuntu Permission Denied Plesk 12.5

Discussion in 'Technical' started by AutoJukebox, Mar 12, 2016.

  1. AutoJukebox

    AutoJukebox New Member

    I've recently installed Plesk 12.5 and i'm having some issues with bind.

    Whenever i start the service i get this error message in my syslog

    Code:
    Mar 11 18:33:05 ded named[9007]: loading configuration from '/etc/named.conf'
    Mar 11 18:33:05 ded named[9007]: open: /etc/named.conf: permission denied
    Mar 11 18:33:05 ded named[9007]: loading configuration: permission denied
    Mar 11 18:33:05 ded named[9007]: exiting (due to fatal error)
    i've tried the method of fixing it on the Plesk KB but that did not work.

    I do not have AppArmor installed currently cause i saw a lot of people were having issues with plesk and apparmor so i went ahead and deleted that first.

    My System:

    Plesk 12.5 Ubuntu 14.04

    Is there any solution to this problem? I have searched everywhere for a solution but i can not seem to find one.

    Thanks
     
  2. ztk.me

    ztk.me Active Member

    Besides Plesk is a bitch what are your permissions of that file?
    check with
    Code:
    ls -l /etc/named.conf
    
    It could also be a configuration issue if it runs in a jail.
    If your Output looks something like this:

    Code:
    lrwxrwxrwx 1 root root 34 2016-03-12 01:11 /etc/named.conf -> /var/named/run-root/etc/named.conf
    
    Please adopt the path and check
    Code:
    ls -l /var/named/run-root/etc/named.conf
    
    too.

    Should be owned by root:bind then.
    What KB did you use - if you say "the one" ppl exactly know what you did, right? :)
     
  3. AutoJukebox

    AutoJukebox New Member

    Code:
    [email protected]:~$ sudo ls -l /etc/named.conf
    lrwxrwxrwx 1 root root 34 Mar 11 18:05 /etc/named.conf -> /var/named/run-root/etc/named.conf
    
    Code:
    [email protected]:~$ sudo ls -l /var/named/run-root/etc/named.conf
    -rw-r--r-- 1 root root 1257 Mar 11 18:05 /var/named/run-root/etc/named.conf
    
    kb.plesk.com/en/123075

    Not sure what you mean by adopt the path.
     
  4. ztk.me

    ztk.me Active Member

    Yeah, I meant exactly what you did, showing original files permissions.

    I don't see why it should be world readable but since bind is running in a jail, it should be sufficient it can read its own files - nobody else really has to do, except root which also can write them anyway...

    You could try
    Code:
    chown bind /var/named/run-root/etc/named.conf
    
    and restart bind, if it works/doesn't work either way, try
    Code:
    chgrp bind /var/named/run-root/etc/named.conf
    
    and if that does work, try
    Code:
    chmod 400 /var/named/run-root/etc/named.conf
    
    :)
     
  5. AutoJukebox

    AutoJukebox New Member

    Tried all 3 same issue :(
     
  6. ztk.me

    ztk.me Active Member

    Ok, leave them for now. What's the options value in your
    /etc/default/bind9
    Code:
    OPTIONS="-u bind -t /var/named/run-root -c /etc/named.conf"
    

    Does your folder tree look like

    Code:
    drwxr-x--- 4 root bind 1024 2006-08-15 22:26 /var/named/run-root
    [email protected]:~# ls -l /var/named/run-root
    drwxrwx--- 2 root bind 1024 2006-08-15 21:55 cache
    drwxrwx--- 2 root bind 1024 2006-08-15 22:30 pid
    
     
  7. AutoJukebox

    AutoJukebox New Member

    Code:
    OPTIONS="${OPTIONS} -t /var/named/run-root  -c /etc/named.conf -u bind -n 2"
    
    Code:
    [email protected]:/etc/default$ sudo ls -l /var/named/run-root
    total 12
    drwxr-xr-x 2 root  root 4096 Mar 11 13:58 dev
    drwxr-xr-x 3 10007 4001 4096 Mar 11 18:05 etc
    drwxr-xr-x 3 bind  bind 4096 Aug 13  2002 var
    
     
  8. ztk.me

    ztk.me Active Member

    ok, seems like invalid userid and group for your /var/named/run-root/etc folder
    try
    Code:
    sudo chown root:bind /var/named/run-root/etc
    
    and give it a shot.
     
  9. AutoJukebox

    AutoJukebox New Member

    Same issue :/
    My structure now
    Code:
    [email protected]:~$ sudo ls -l /var/named/run-root
    total 12
    drwxr-xr-x 2 root root 4096 Mar 11 13:58 dev
    drwxr-xr-x 3 root bind 4096 Mar 11 18:05 etc
    drwxr-xr-x 3 bind bind 4096 Aug 13  2002 var
    
     
  10. ztk.me

    ztk.me Active Member

    Ok, I did a quick setup of chrooted bind9 on my debian-box, file permissions should be similar, maybe I don't have all files in the same folders but it should work if you compare them / assign permissions accordingly.

     
  11. AutoJukebox

    AutoJukebox New Member

    Code:
    [email protected]:/var/named# ls -Alah
    total 12K
    drw-r--r--  3 root root 4.0K Mar 11 13:58 .
    drwxr-xr-x 18 root root 4.0K Mar 11 17:55 ..
    drw-r--r--  5 root root 4.0K Mar 11 13:58 run-root
    
    Code:
    [email protected]:/var/named# ls -Alah run-root/
    total 20K
    drw-r--r-- 5 root root 4.0K Mar 11 13:58 .
    drw-r--r-- 3 root root 4.0K Mar 11 13:58 ..
    drwxr-xr-x 2 root root 4.0K Mar 11 13:58 dev
    drwxr-xr-x 3 root bind 4.0K Mar 11 18:05 etc
    drwxr-xr-x 3 bind bind 4.0K Aug 13  2002 var
    
    Code:
    [email protected]:/var/named# ls -Alah run-root/etc/
    total 32K
    drwxr-xr-x 3 root  bind 4.0K Mar 11 18:05 .
    drw-r--r-- 5 root  root 4.0K Mar 11 13:58 ..
    drwxr-xr-x 2 root  root 4.0K Mar 11 13:58 bind
    -r--r--r-- 1 root  root 3.5K Mar 11 18:05 localtime
    -rw------- 1 bind  bind 1.3K Mar 11 18:05 named.conf
    -rw-r--r-- 1 10007 4001  923 May  6  2014 named.conf.default
    -rw-r--r-- 1 10007 4001  480 Jan 23  2002 rndc.conf
    -r--r--r-- 1 10007 4001 1.2K Jun 15  2001 rndc.conf.sample
    
    Code:
    [email protected]:/var/named# ls -Alah run-root/etc/bind
    total 8.0K
    drwxr-xr-x 2 root root 4.0K Mar 11 13:58 .
    drwxr-xr-x 3 root bind 4.0K Mar 11 18:05 ..
    lrwxrwxrwx 1 root root   33 Mar 11 13:58 rndc.conf -> /var/named/run-root/etc/rndc.conf
    
    Code:
    [email protected]:/var/named# ls -Alah run-root/dev
    total 8.0K
    drwxr-xr-x 2 root root 4.0K Mar 11 13:58 .
    drw-r--r-- 5 root root 4.0K Mar 11 13:58 ..
    crw-r--r-- 1 root root 1, 8 Mar 11 13:58 random
    crw-r--r-- 1 root root 1, 9 Mar 11 13:58 urandom
    
    Code:
    [email protected]:/var/named# ls -Alah run-root/var
    total 40K
    drwxr-xr-x 3 bind  bind 4.0K Aug 13  2002 .
    drw-r--r-- 5 root  root 4.0K Mar 11 13:58 ..
    -rw-r--r-- 1 root  root  300 Mar 11 16:02 218.130.38.in-addr.arpa
    -rw-r--r-- 1 root  root  935 Mar 11 16:02 ded.emperorhosting.com
    -r--r--r-- 1 10007 4001  295 Mar 11 13:58 localhost.rev
    -rw------- 1 root  root  391 Mar 11 13:58 localhost.rev.saved_by_psa
    -r--r--r-- 1 10007 4001  284 Jun 15  2001 make-localhost
    -r--r--r-- 1 10007 4001 2.8K Jun 15  2001 named.root
    -r--r--r-- 1 10007 4001  397 Aug 13  2002 PROTO.localhost.rev
    drwxr-xr-x 3 bind  bind 4.0K Nov 14  2001 run
    
    Code:
    [email protected]:/var/named# ls -Alah run-root/var/cache/
    ls: cannot access run-root/var/cache/: No such file or directory
    
    Code:
    [email protected]:/var/named# ls -Alah run-root/var/run/
    total 12K
    drwxr-xr-x 3 bind bind 4.0K Nov 14  2001 .
    drwxr-xr-x 3 bind bind 4.0K Aug 13  2002 ..
    drwxr-xr-t 2 bind 4001 4.0K Nov 14  2001 named
    [email protected]:/var/named# ls -Alah run-root/var/run/named
    total 8.0K
    drwxr-xr-t 2 bind 4001 4.0K Nov 14  2001 .
    drwxr-xr-x 3 bind bind 4.0K Nov 14  2001 ..
    
    
     
  12. ztk.me

    ztk.me Active Member

    Hmm besides the strange looking user 10007 and group 4001 you habe there, the main difference I see at first glance, I have
    Code:
    sudo chmod 775 /var/named/run-root
    
    and my /etc is chgrp'ed to root, but this shouldn't make a difference here.
     
  13. AutoJukebox

    AutoJukebox New Member

    Holy crap that worked, I don't why i didn't think about that. Thank you so much :)
     
  14. ztk.me

    ztk.me Active Member

    chmod 755 allows group and world to execute the top directory of the chrooted environment.
    Since it was owned root:root and chmod 744 the user bind could not execute ( enter ) the directory thus wasn't able to read subfolders.
     

Share This Page