2

I installed bind on Centos 6.5 with yum install bind-chroot bind-utils. It's not the first time I do this and generally this works fine.

But now I try this on some server and it doesn't work at all.

When doing # service named start I get this error:

Starting named: Error in named configuration: none:0: open: /etc/named.conf: permission denied

ls -l /etc/named.conf returns this:

-rw-r-----. 1 root named 817 Dec 31 12:09 /etc/named.conf

I tried chmod 777 /etc/named.conf but I still get the same error when trying to start named.

Any idea what's happening here? Thanks for your help.

EDIT:

sestatus returns this:

sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Does that mean that SELinux is interfering here? That would be strange as I never installed SELinux. Could it have been automatically installed with a Centos update?

John Smith Optional
  • 472
  • 2
  • 9
  • 18
  • Shouldn't `/etc/named.conf` be `named:named` ? – NickW Dec 31 '13 at 11:31
  • if the permissions are set to 777 and you still get a permission denied, then you should probably check for selinux or apparmor. if you are using either of them, they could possibly deny `named` access to `/etc/named.conf`. Since you are using CentOS, probably you aren't using apparmor but selinux – replay Dec 31 '13 at 11:31
  • 1
    most likely the upgrade has installed selinux. if selinux denies a process to open a file you should see an according log statement in `/var/log/audit/audit.log` – replay Dec 31 '13 at 11:43
  • selinux it is.. run `setenforce 0`, as for installing it, I believe it is part of the base install. – NickW Dec 31 '13 at 11:43
  • 1
    Never do `chmod 777` not even for "troubleshooting". – Michael Hampton Dec 31 '13 at 17:46
  • @MichaelHampton: yes, I would generally never do that but I am the only person with access to this server for now. And the only services available are ping and ssh. So it shouldn't be too much of a concern to set the perms to 777 for a few seconds. – John Smith Optional Dec 31 '13 at 20:55

1 Answers1

1

Check with ls -Z if SELinux context is the same in /etc/named.conf and /var/named/chroot/etc/named.conf. If is not, use chcon with the --reference option to set the chrooted named.conf the same as the regular named.conf, with something like this:

chcon --reference=/etc/named.conf /var/named/chroot/etc/named.conf
Gabriel Talavera
  • 1,367
  • 1
  • 11
  • 18
  • There's no named.conf in /var/named/chroot/etc/ I think it's supposed to be created when you start the service, but the service doesn't start because of the error I described in my first post. – John Smith Optional Dec 31 '13 at 20:48
  • Is there a named.conf in /etc? Copy that one to /var/named/chroot/etc and try start the service again. – Gabriel Talavera Dec 31 '13 at 22:36