permissions |
您所在的位置:网站首页 › logging failed › permissions |
|
I am running Ubuntu 18.04.2 and BIND 9.11.3 I am trying to enable logging by adding the following to /etc/bind/named.conf.local logging { channel bind.log { file "/var/log/bind/bind.log" versions 3 size 20m; print-time yes; print-category yes; print-severity yes; // Set the severity to dynamic to see all the debug messages. severity info; }; category default { bind.log; }; };"named-checkconf /etc/bind/named.conf.local" does not report any errors. However when I do: root@mail:/home/mike# service bind9 restart root@mail:/home/mike# service bind9 statusI get: bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2019-07-06 18:48:43 NZST; 2s ago Docs: man:named(8) Process: 9812 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS) Process: 12930 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE) Main PID: 12930 (code=exited, status=1/FAILURE) Jul 06 18:48:43 mail.mydomain.nz named[12930]: automatic empty zone: A.E.F.IP6.ARPA Jul 06 18:48:43 mail.mydomain.nz named[12930]: automatic empty zone: B.E.F.IP6.ARPA Jul 06 18:48:43 mail.mydomain.nz named[12930]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jul 06 18:48:43 mail.mydomain.nz named[12930]: automatic empty zone: EMPTY.AS112.ARPA Jul 06 18:48:43 mail.mydomain.nz named[12930]: none:103: 'max-cache-size 90%' - setting to 7086MB (out of 7874MB) Jul 06 18:48:43 mail.mydomain.nz named[12930]: command channel listening on 127.0.0.1#953 Jul 06 18:48:43 mail.mydomain.nz named[12930]: isc_stdio_open '/var/log/bind/bind.log' failed: permission denied Jul 06 18:48:43 mail.mydomain.nz named[12930]: configuring logging: permission denied Jul 06 18:48:43 mail.mydomain.nz named[12930]: loading configuration: permission denied Jul 06 18:48:43 mail.mydomain.nz named[12930]: exiting (due to fatal error)The permissions of /var/log/bind are: root@mail:/home/mike# ls -ld /var/log/bind drwxrwxr-x 2 root root 4096 Jul 6 17:51 /var/log/bindThis post here said isc_stdio_open '/var/log/bind9/query.log' failed: permission denied "bind:bind" works but I couldn't follow that. Is that a reference to the directory being owned by a user named "bind" and belonging to the "bind" group? I would have commented on that question asking for more info but at least 50 reputation is required. I noticed this in syslog: Jul 6 22:30:52 mail kernel: [1835655.620976] audit: type=1400 audit(1562409052.847:297): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/log/bind/bind.log" pid=10582 comm="isc-worker0000" requested_mask="ac" denied_mask="ac" fsuid=120 ouid=0 |
今日新闻 |
推荐新闻 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |