Can't start Bind open: /etc/named.conf: permission deniedSolaris 10: BIND 9 Chroot Service fails to start with SVCADM but works when run manually from rootFailed at step EXEC spawning /usr/libexec/mariadb-prepare-db-dirSuddenly mysql/mariadb won't startService named failed to startbind: data/named.run permission deniedfirewall-cmd on OpenVZ CentOS 7Galera cluster - cannot start MariaDB (CentOS7)execstop mysql error on stop and restartRedis Sentinel Systemd services failing to start on Ubuntu 16.04 and CentOS 7I get this error “Active: failed ” from the Process: 9666 ExecStart=/etc/init.d/apache2 start (code=exited, status=2)?
Is it normal for gliders not to have attitude indicators?
Hostile Divisor Numbers
How to deal with employer who keeps me at work after working hours
Determine if a grid contains another grid
Why did the Apollo 13 crew extend the LM landing gear?
Some Russian letters overlap the next line of text when used in drop caps
Why are oscilloscope input impedances so low?
Would a "Permanence" spell in 5e be overpowered?
Counting the Number of Real Roots of A Polynomial
What Kind of Wooden Beam is this
All of my Firefox add-ons been disabled suddenly, how can I re-enable them?
What to do when scriptures go against conscience?
Sheared off exhasut pipe: How to fix without a welder?
Has the Hulk always been able to talk?
My large rocket is still flipping over
Understanding ties
How did the Apollo guidance computer handle parity bit errors?
GitLab account hacked and repo wiped
What is a common way to tell if an academic is "above average," or outstanding in their field? Is their h-index (Hirsh index) one of them?
How can I get people to remember my character's gender?
In Futurama, how many beings has Leela slept with?
Enabling a minor mode in all but some buffers
Can my 2 children, aged 10 and 12, who are US citizens, travel to the USA on expired American passports?
When did England stop being a Papal fief?
Can't start Bind open: /etc/named.conf: permission denied
Solaris 10: BIND 9 Chroot Service fails to start with SVCADM but works when run manually from rootFailed at step EXEC spawning /usr/libexec/mariadb-prepare-db-dirSuddenly mysql/mariadb won't startService named failed to startbind: data/named.run permission deniedfirewall-cmd on OpenVZ CentOS 7Galera cluster - cannot start MariaDB (CentOS7)execstop mysql error on stop and restartRedis Sentinel Systemd services failing to start on Ubuntu 16.04 and CentOS 7I get this error “Active: failed ” from the Process: 9666 ExecStart=/etc/init.d/apache2 start (code=exited, status=2)?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
so I'm really new on this and was following this tutorial to set up bind, and up to 4:50 I was having no problems, I could ping, use nslookup and had internet connection with the dns server, then we had to add the zones and create the zone files (just creating them), perfect, I restart to see if there's any trouble (I use a virtual machine btw), then i could no longer ping, use nslookup and i didn't even have internet connection.
This is what I got using systemctl status
Redirecting to /bin/systemctl status -l named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor prese$
Active: failed (Result: exit-code) since jue 2019-04-25 23:14:30 -04; 3min 3$
Process: 3355 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "y$
abr 25 23:14:30 linux bash[3355]: _default/0.168.192.in-addr.arpa/IN: bad zone
abr 25 23:14:30 linux bash[3355]: zone localhost.localdomain/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone localhost/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.$
abr 25 23:14:30 linux bash[3355]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial$
abr 25 23:14:30 linux bash[3355]: zone 0.in-addr.arpa/IN: loaded serial 0
abr 25 23:14:30 linux systemd[1]: named.service: control process exited, code=e$
abr 25 23:14:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain$
abr 25 23:14:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:14:30 linux systemd[1]: named.service failed.
I thought this was because of the empty zone files so I replaced with a named.conf without the zones, tried to restart with service restart named but got (again):
Failed to start BIND : Redirecting to /bin/systemctl start named.service Job
for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xe" for details.
So I did
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since jue 2019-04-25 23:25:30 -04; 1min 3s ago
Process: 5557 ExecStart=/usr/sbin/named -u named -c $NAMEDCONF $OPTIONS (code=exited, status=1/FAILURE)
Process: 5552 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
abr 25 23:25:30 linux named[5559]: found 2 CPUs, using 2 worker threads
abr 25 23:25:30 linux named[5559]: using 2 UDP listeners per interface
abr 25 23:25:30 linux named[5559]: using up to 21000 sockets
abr 25 23:25:30 linux named[5559]: loading configuration from '/etc/named.conf'
abr 25 23:25:30 linux named[5559]: open: /etc/named.conf: permission denied
abr 25 23:25:30 linux named[5559]: loading configuration: permission denied
abr 25 23:25:30 linux systemd[1]: named.service: control process exited, code=exited status=1
abr 25 23:25:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
abr 25 23:25:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:25:30 linux systemd[1]: named.service failed.
It's a permission problem but it worked perfectly before so I'm at a loss.
This is what I get by doing ls -l /etc/named.conf :
-rw-r-----. 1 root root 1808 abr 25 15:13 /etc/named.conf
And this is when I do ls -Z /etc/named.conf (if it has something to do with selinux):
-rw-r-----. 1 root root unconfined_u:object_r:etc_t:s0 /etc/named.conf
Not sure if it helps but here's the named.conf
options
listen-on port 53 127.0.0.1; ;
listen-on-v6 port 53 ::1; ;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query localhost; ;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
;
logging
channel default_debug
file "data/named.run";
severity dynamic;
;
;
zone "." IN
type hint;
file "named.ca";
;
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
I also don't have a chroot folder in /etc/named/
Is there a solution for this? Thanks.
linux domain-name-system permissions centos7 bind
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
add a comment |
so I'm really new on this and was following this tutorial to set up bind, and up to 4:50 I was having no problems, I could ping, use nslookup and had internet connection with the dns server, then we had to add the zones and create the zone files (just creating them), perfect, I restart to see if there's any trouble (I use a virtual machine btw), then i could no longer ping, use nslookup and i didn't even have internet connection.
This is what I got using systemctl status
Redirecting to /bin/systemctl status -l named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor prese$
Active: failed (Result: exit-code) since jue 2019-04-25 23:14:30 -04; 3min 3$
Process: 3355 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "y$
abr 25 23:14:30 linux bash[3355]: _default/0.168.192.in-addr.arpa/IN: bad zone
abr 25 23:14:30 linux bash[3355]: zone localhost.localdomain/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone localhost/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.$
abr 25 23:14:30 linux bash[3355]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial$
abr 25 23:14:30 linux bash[3355]: zone 0.in-addr.arpa/IN: loaded serial 0
abr 25 23:14:30 linux systemd[1]: named.service: control process exited, code=e$
abr 25 23:14:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain$
abr 25 23:14:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:14:30 linux systemd[1]: named.service failed.
I thought this was because of the empty zone files so I replaced with a named.conf without the zones, tried to restart with service restart named but got (again):
Failed to start BIND : Redirecting to /bin/systemctl start named.service Job
for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xe" for details.
So I did
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since jue 2019-04-25 23:25:30 -04; 1min 3s ago
Process: 5557 ExecStart=/usr/sbin/named -u named -c $NAMEDCONF $OPTIONS (code=exited, status=1/FAILURE)
Process: 5552 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
abr 25 23:25:30 linux named[5559]: found 2 CPUs, using 2 worker threads
abr 25 23:25:30 linux named[5559]: using 2 UDP listeners per interface
abr 25 23:25:30 linux named[5559]: using up to 21000 sockets
abr 25 23:25:30 linux named[5559]: loading configuration from '/etc/named.conf'
abr 25 23:25:30 linux named[5559]: open: /etc/named.conf: permission denied
abr 25 23:25:30 linux named[5559]: loading configuration: permission denied
abr 25 23:25:30 linux systemd[1]: named.service: control process exited, code=exited status=1
abr 25 23:25:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
abr 25 23:25:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:25:30 linux systemd[1]: named.service failed.
It's a permission problem but it worked perfectly before so I'm at a loss.
This is what I get by doing ls -l /etc/named.conf :
-rw-r-----. 1 root root 1808 abr 25 15:13 /etc/named.conf
And this is when I do ls -Z /etc/named.conf (if it has something to do with selinux):
-rw-r-----. 1 root root unconfined_u:object_r:etc_t:s0 /etc/named.conf
Not sure if it helps but here's the named.conf
options
listen-on port 53 127.0.0.1; ;
listen-on-v6 port 53 ::1; ;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query localhost; ;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
;
logging
channel default_debug
file "data/named.run";
severity dynamic;
;
;
zone "." IN
type hint;
file "named.ca";
;
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
I also don't have a chroot folder in /etc/named/
Is there a solution for this? Thanks.
linux domain-name-system permissions centos7 bind
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
1
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.confis what named.conf looks like out of the box on centos
– Håkan Lindqvist
Apr 26 at 18:36
add a comment |
so I'm really new on this and was following this tutorial to set up bind, and up to 4:50 I was having no problems, I could ping, use nslookup and had internet connection with the dns server, then we had to add the zones and create the zone files (just creating them), perfect, I restart to see if there's any trouble (I use a virtual machine btw), then i could no longer ping, use nslookup and i didn't even have internet connection.
This is what I got using systemctl status
Redirecting to /bin/systemctl status -l named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor prese$
Active: failed (Result: exit-code) since jue 2019-04-25 23:14:30 -04; 3min 3$
Process: 3355 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "y$
abr 25 23:14:30 linux bash[3355]: _default/0.168.192.in-addr.arpa/IN: bad zone
abr 25 23:14:30 linux bash[3355]: zone localhost.localdomain/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone localhost/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.$
abr 25 23:14:30 linux bash[3355]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial$
abr 25 23:14:30 linux bash[3355]: zone 0.in-addr.arpa/IN: loaded serial 0
abr 25 23:14:30 linux systemd[1]: named.service: control process exited, code=e$
abr 25 23:14:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain$
abr 25 23:14:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:14:30 linux systemd[1]: named.service failed.
I thought this was because of the empty zone files so I replaced with a named.conf without the zones, tried to restart with service restart named but got (again):
Failed to start BIND : Redirecting to /bin/systemctl start named.service Job
for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xe" for details.
So I did
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since jue 2019-04-25 23:25:30 -04; 1min 3s ago
Process: 5557 ExecStart=/usr/sbin/named -u named -c $NAMEDCONF $OPTIONS (code=exited, status=1/FAILURE)
Process: 5552 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
abr 25 23:25:30 linux named[5559]: found 2 CPUs, using 2 worker threads
abr 25 23:25:30 linux named[5559]: using 2 UDP listeners per interface
abr 25 23:25:30 linux named[5559]: using up to 21000 sockets
abr 25 23:25:30 linux named[5559]: loading configuration from '/etc/named.conf'
abr 25 23:25:30 linux named[5559]: open: /etc/named.conf: permission denied
abr 25 23:25:30 linux named[5559]: loading configuration: permission denied
abr 25 23:25:30 linux systemd[1]: named.service: control process exited, code=exited status=1
abr 25 23:25:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
abr 25 23:25:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:25:30 linux systemd[1]: named.service failed.
It's a permission problem but it worked perfectly before so I'm at a loss.
This is what I get by doing ls -l /etc/named.conf :
-rw-r-----. 1 root root 1808 abr 25 15:13 /etc/named.conf
And this is when I do ls -Z /etc/named.conf (if it has something to do with selinux):
-rw-r-----. 1 root root unconfined_u:object_r:etc_t:s0 /etc/named.conf
Not sure if it helps but here's the named.conf
options
listen-on port 53 127.0.0.1; ;
listen-on-v6 port 53 ::1; ;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query localhost; ;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
;
logging
channel default_debug
file "data/named.run";
severity dynamic;
;
;
zone "." IN
type hint;
file "named.ca";
;
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
I also don't have a chroot folder in /etc/named/
Is there a solution for this? Thanks.
linux domain-name-system permissions centos7 bind
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
so I'm really new on this and was following this tutorial to set up bind, and up to 4:50 I was having no problems, I could ping, use nslookup and had internet connection with the dns server, then we had to add the zones and create the zone files (just creating them), perfect, I restart to see if there's any trouble (I use a virtual machine btw), then i could no longer ping, use nslookup and i didn't even have internet connection.
This is what I got using systemctl status
Redirecting to /bin/systemctl status -l named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor prese$
Active: failed (Result: exit-code) since jue 2019-04-25 23:14:30 -04; 3min 3$
Process: 3355 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "y$
abr 25 23:14:30 linux bash[3355]: _default/0.168.192.in-addr.arpa/IN: bad zone
abr 25 23:14:30 linux bash[3355]: zone localhost.localdomain/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone localhost/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.$
abr 25 23:14:30 linux bash[3355]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial$
abr 25 23:14:30 linux bash[3355]: zone 0.in-addr.arpa/IN: loaded serial 0
abr 25 23:14:30 linux systemd[1]: named.service: control process exited, code=e$
abr 25 23:14:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain$
abr 25 23:14:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:14:30 linux systemd[1]: named.service failed.
I thought this was because of the empty zone files so I replaced with a named.conf without the zones, tried to restart with service restart named but got (again):
Failed to start BIND : Redirecting to /bin/systemctl start named.service Job
for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xe" for details.
So I did
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since jue 2019-04-25 23:25:30 -04; 1min 3s ago
Process: 5557 ExecStart=/usr/sbin/named -u named -c $NAMEDCONF $OPTIONS (code=exited, status=1/FAILURE)
Process: 5552 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
abr 25 23:25:30 linux named[5559]: found 2 CPUs, using 2 worker threads
abr 25 23:25:30 linux named[5559]: using 2 UDP listeners per interface
abr 25 23:25:30 linux named[5559]: using up to 21000 sockets
abr 25 23:25:30 linux named[5559]: loading configuration from '/etc/named.conf'
abr 25 23:25:30 linux named[5559]: open: /etc/named.conf: permission denied
abr 25 23:25:30 linux named[5559]: loading configuration: permission denied
abr 25 23:25:30 linux systemd[1]: named.service: control process exited, code=exited status=1
abr 25 23:25:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
abr 25 23:25:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:25:30 linux systemd[1]: named.service failed.
It's a permission problem but it worked perfectly before so I'm at a loss.
This is what I get by doing ls -l /etc/named.conf :
-rw-r-----. 1 root root 1808 abr 25 15:13 /etc/named.conf
And this is when I do ls -Z /etc/named.conf (if it has something to do with selinux):
-rw-r-----. 1 root root unconfined_u:object_r:etc_t:s0 /etc/named.conf
Not sure if it helps but here's the named.conf
options
listen-on port 53 127.0.0.1; ;
listen-on-v6 port 53 ::1; ;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query localhost; ;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
;
logging
channel default_debug
file "data/named.run";
severity dynamic;
;
;
zone "." IN
type hint;
file "named.ca";
;
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
I also don't have a chroot folder in /etc/named/
Is there a solution for this? Thanks.
linux domain-name-system permissions centos7 bind
linux domain-name-system permissions centos7 bind
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
edited Apr 28 at 16:18
Nelson SMG
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
asked Apr 26 at 18:07
Nelson SMGNelson SMG
314
314
1
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.confis what named.conf looks like out of the box on centos
– Håkan Lindqvist
Apr 26 at 18:36
add a comment |
1
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.confis what named.conf looks like out of the box on centos
– Håkan Lindqvist
Apr 26 at 18:36
1
1
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.conf is what named.conf looks like out of the box on centos– Håkan Lindqvist
Apr 26 at 18:36
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.conf is what named.conf looks like out of the box on centos– Håkan Lindqvist
Apr 26 at 18:36
add a comment |
3 Answers
3
active
oldest
votes
when I replaced the named.conf the selinux context got messed, when doing ls -Z it should look like this
-rw-r--r--. root root system_u:object_r:named_conf_t:s0 named.conf
As you can see mine it's different, to reset it, I used
restorecon -RFv /etc/named.conf
With this, however, doing ls -Z gave me this
-rw-r-----. root root system_u:object_r:named_conf_t:s0 named.conf
To add the last 'r' so everyone can read it, I did
chmod 644 /etc/named.conf
Stopped the service named and restarted it, and it works again.
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
On CentOS 7 bind runs by default as named user, not root, hence it cannot read your named.conf, as it is owned by root and readable by root only.
As Håkan Lindqvist already commented, the permissions on CentOS 7 should look like below:
-rw-r-----. 1 root named 10672 04-09 20:02 /etc/named.conf
so do:
# chown root:named /etc/named.conf
# chroot 640 /etc/named.conf
answered Apr 28 at 20:19
TomekTomek
1,064166
add a comment |
I would request you to check audit logs, and if you are using any additional filesystem acl check those logs too, If you think this is SELinux issue please disable and try it again if it works you need to fix selinux policies. please check https://www.systutorials.com/docs/linux/man/8-bind_selinux/ for bind selinux reference.
answered Apr 28 at 5:44
asktyagiasktyagi
1026
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f964783%2fcant-start-bind-open-etc-named-conf-permission-denied%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
when I replaced the named.conf the selinux context got messed, when doing ls -Z it should look like this
-rw-r--r--. root root system_u:object_r:named_conf_t:s0 named.conf
As you can see mine it's different, to reset it, I used
restorecon -RFv /etc/named.conf
With this, however, doing ls -Z gave me this
-rw-r-----. root root system_u:object_r:named_conf_t:s0 named.conf
To add the last 'r' so everyone can read it, I did
chmod 644 /etc/named.conf
Stopped the service named and restarted it, and it works again.
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
when I replaced the named.conf the selinux context got messed, when doing ls -Z it should look like this
-rw-r--r--. root root system_u:object_r:named_conf_t:s0 named.conf
As you can see mine it's different, to reset it, I used
restorecon -RFv /etc/named.conf
With this, however, doing ls -Z gave me this
-rw-r-----. root root system_u:object_r:named_conf_t:s0 named.conf
To add the last 'r' so everyone can read it, I did
chmod 644 /etc/named.conf
Stopped the service named and restarted it, and it works again.
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
when I replaced the named.conf the selinux context got messed, when doing ls -Z it should look like this
-rw-r--r--. root root system_u:object_r:named_conf_t:s0 named.conf
As you can see mine it's different, to reset it, I used
restorecon -RFv /etc/named.conf
With this, however, doing ls -Z gave me this
-rw-r-----. root root system_u:object_r:named_conf_t:s0 named.conf
To add the last 'r' so everyone can read it, I did
chmod 644 /etc/named.conf
Stopped the service named and restarted it, and it works again.
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
when I replaced the named.conf the selinux context got messed, when doing ls -Z it should look like this
-rw-r--r--. root root system_u:object_r:named_conf_t:s0 named.conf
As you can see mine it's different, to reset it, I used
restorecon -RFv /etc/named.conf
With this, however, doing ls -Z gave me this
-rw-r-----. root root system_u:object_r:named_conf_t:s0 named.conf
To add the last 'r' so everyone can read it, I did
chmod 644 /etc/named.conf
Stopped the service named and restarted it, and it works again.
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
answered Apr 28 at 16:27
Nelson SMGNelson SMG
314
314
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Nelson SMG is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
On CentOS 7 bind runs by default as named user, not root, hence it cannot read your named.conf, as it is owned by root and readable by root only.
As Håkan Lindqvist already commented, the permissions on CentOS 7 should look like below:
-rw-r-----. 1 root named 10672 04-09 20:02 /etc/named.conf
so do:
# chown root:named /etc/named.conf
# chroot 640 /etc/named.conf
answered Apr 28 at 20:19
TomekTomek
1,064166
add a comment |
On CentOS 7 bind runs by default as named user, not root, hence it cannot read your named.conf, as it is owned by root and readable by root only.
As Håkan Lindqvist already commented, the permissions on CentOS 7 should look like below:
-rw-r-----. 1 root named 10672 04-09 20:02 /etc/named.conf
so do:
# chown root:named /etc/named.conf
# chroot 640 /etc/named.conf
answered Apr 28 at 20:19
TomekTomek
1,064166
add a comment |
On CentOS 7 bind runs by default as named user, not root, hence it cannot read your named.conf, as it is owned by root and readable by root only.
As Håkan Lindqvist already commented, the permissions on CentOS 7 should look like below:
-rw-r-----. 1 root named 10672 04-09 20:02 /etc/named.conf
so do:
# chown root:named /etc/named.conf
# chroot 640 /etc/named.conf
answered Apr 28 at 20:19
TomekTomek
1,064166
On CentOS 7 bind runs by default as named user, not root, hence it cannot read your named.conf, as it is owned by root and readable by root only.
As Håkan Lindqvist already commented, the permissions on CentOS 7 should look like below:
-rw-r-----. 1 root named 10672 04-09 20:02 /etc/named.conf
so do:
# chown root:named /etc/named.conf
# chroot 640 /etc/named.conf
answered Apr 28 at 20:19
TomekTomek
1,064166
answered Apr 28 at 20:19
TomekTomek
1,064166
answered Apr 28 at 20:19
TomekTomek
1,064166
answered Apr 28 at 20:19
TomekTomek
1,064166
1,064166
add a comment |
add a comment |
I would request you to check audit logs, and if you are using any additional filesystem acl check those logs too, If you think this is SELinux issue please disable and try it again if it works you need to fix selinux policies. please check https://www.systutorials.com/docs/linux/man/8-bind_selinux/ for bind selinux reference.
answered Apr 28 at 5:44
asktyagiasktyagi
1026
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I would request you to check audit logs, and if you are using any additional filesystem acl check those logs too, If you think this is SELinux issue please disable and try it again if it works you need to fix selinux policies. please check https://www.systutorials.com/docs/linux/man/8-bind_selinux/ for bind selinux reference.
answered Apr 28 at 5:44
asktyagiasktyagi
1026
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I would request you to check audit logs, and if you are using any additional filesystem acl check those logs too, If you think this is SELinux issue please disable and try it again if it works you need to fix selinux policies. please check https://www.systutorials.com/docs/linux/man/8-bind_selinux/ for bind selinux reference.
answered Apr 28 at 5:44
asktyagiasktyagi
1026
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I would request you to check audit logs, and if you are using any additional filesystem acl check those logs too, If you think this is SELinux issue please disable and try it again if it works you need to fix selinux policies. please check https://www.systutorials.com/docs/linux/man/8-bind_selinux/ for bind selinux reference.
answered Apr 28 at 5:44
asktyagiasktyagi
1026
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 28 at 5:44
asktyagiasktyagi
1026
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 28 at 5:44
asktyagiasktyagi
1026
answered Apr 28 at 5:44
asktyagiasktyagi
1026
1026
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asktyagi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f964783%2fcant-start-bind-open-etc-named-conf-permission-denied%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.confis what named.conf looks like out of the box on centos– Håkan Lindqvist
Apr 26 at 18:36