Bug 164086 - chroot named has incorrect permissions, will not allow sync
chroot named has incorrect permissions, will not allow sync
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Jason Vas Dias
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2005-07-24 11:51 EDT by Jonathan Hutchins
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-07-24 13:23:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jonathan Hutchins 2005-07-24 11:51:28 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) KHTML/3.2.3 (like Gecko)

Description of problem:
chroot named will not allow transfers: 
named[2476]: dumping master file: tmp-Vs1ARVTUWq: open: permission denied 
named[2476]: transfer of '<domain>/IN' from <IP ADDRESS>#53: failed while 
receiving responses: permission denied 
named appears to have access to appropriate directories in /var/named/chroot 
through membership in group "named": 
ls -l /var/named/chroot 
total 24 
drwxrwxr--    2 root named 4096 Jul 19 08:56 dev 
drwxrwx---    2 root named 4096 Jul 19 08:56 etc 
dr-xr-xr-x  167 root root     0 Jul 23 02:18 proc 
drwxrwx---    5 root named 4096 Mar 13  2003 var 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Additional info:
Comment 1 Jonathan Hutchins 2005-07-24 13:23:34 EDT
The problem appears to be that /var/named/chroot/var/named did not have group   
write permissions, and the configuration transferred from the master server   
was storing slave zone files in /var/named/chroot/var/named instead   
of /var/named/chroot/var/named/slaves.   
Consider documenting this somewhere? 
Comment 2 Jason Vas Dias 2005-07-24 16:42:30 EDT
This is documented - see 'man named' section NOTES,
"Red Hat SELinux BIND Security Profile", and 
'man named_selinux' .

Note You need to log in before you can comment on or make changes to this bug.