更新DNS出錯:cndtest.local.jnl: create: permission denied
我想動態更新我的DNS,但是在客戶端操作的時候,出現了錯誤
# cat /var/log/message
----------------------------------------
... ...
Nov 23 00:50:19 test named: journal file cndtest.local.jnl does not exist, creating it
Nov 23 00:50:19 test named: cndtest.local.jnl: create: permission denied
Nov 23 00:50:19 test named: client 192.168.1.1#32833: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
... ...
-------------------------------------------
我已經把目錄許可權全部開了,但是還是有問題啊,
#cat /etc/named.conf
options {
directory "/var/named";
}
key myddns {
algorithm HMAC-MD5;
secret gUU05U36nA9uM8mOHU9f0g==;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "cndtest.zone";
allow-update { key myddns; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "cndtest.local";
allow-update { key myddns; };
};
include "/etc/rndc.key";
《解決方案》
這種更新方式也是用樣的問題,沒有許可權
$ nsupdate -k /var/named/Kwww.+157+44587.key
《解決方案》
將如下結果列出來?
find /var/named -type d -exec ls -ld {} \;
[ 本帖最後由 網中人 於 2005-11-23 18:34 編輯 ]
《解決方案》
# find /var/named -type d -exec ls -l {} ;
find: missing argument to `-exec'
不知道哪裡出了問題,我寫了個腳本,test.sh,結果如下:
# ./test.sh
drwxrwxrwx 5 named named 4096 Nov 23 02:29 /var/named
drwxrwxrwx 2 named named 4096 Nov 22 23:04 /var/named/data
drwxrwxrwx 2 named named 4096 Nov 22 23:04 /var/named/slaves
drwxrwxrwx 5 named named 4096 Nov 22 23:04 /var/named/chroot
drwxrwxrwx 5 named named 4096 Nov 11 18:49 /var/named/chroot/var
drwxrwxrwx 3 named named 4096 Nov 11 18:49 /var/named/chroot/var/run
drwxrwxrwx 2 named named 4096 Nov 23 01:55 /var/named/chroot/var/run/named
drwxrwxrwx 2 named named 4096 Mar 14 2003 /var/named/chroot/var/tmp
drwxrwxrwx 4 named named 4096 Nov 23 00:40 /var/named/chroot/var/named
drwxrwxrwx 2 named named 4096 Aug 26 2004 /var/named/chroot/var/named/data
drwxrwxrwx 2 named named 4096 Jul 27 2004 /var/named/chroot/var/named/slaves
drwxrwxrwx 2 named named 4096 Nov 11 18:49 /var/named/chroot/dev
drwxrwxrwx 2 named named 4096 Nov 19 01:24 /var/named/chroot/etc
《解決方案》
# nsupdate -k /var/named/Kmyddns.+157+23221.key
> server dns.test.com
> update delete dns.test.com A
> update add dns.test.com 0 A 192.168.1.1
> send
update failed: SERVFAIL
# cat /var/log/messages
Nov 23 21:13:13 dns named: client 192.168.1.1#32796: updating zone 'test.com/IN': deleting an rrset
Nov 23 21:13:13 dns named: journal file cndtest.zone.jnl does not exist, creating it
Nov 23 21:13:13 dns named: cndtest.zone.jnl: create: permission denied
Nov 23 21:13:13 dns named: client 192.168.1.1#32796: updating zone 'test.com/IN': error: journal open failed: unexpected error
Nov 23 21:13:13 dns kernel: audit(1132751593.833:0): avc: denied { write } for pid=3512 comm=named name=named dev=hda1 ino=328037 scontext=root:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir
《解決方案》
將 SeLinux 關了吧.
怎關?
搜一下吧....
《解決方案》
謝謝,果然是這個原因,太謝謝了!
-------------------------
安全性的提高是通過可選的Security Enhanced Linux (SELinux)內核修改實現的。這些SELinux修改(在安裝時預設彙編到Linux內核中)消滅了根用戶和分等級許可權安全漏洞。這是第一次將這些功能包括在企業版中。它們在設計上通過直接控制對操作系統服務的應用訪問來改進安全性。SELinux提供對運行在環境中的每一個許可權服務的配置控制,這些設置防止根用戶訪問被攻擊伺服器的漏洞。
-------------------------
《解決方案》
我的SELinux已經關閉了,可是還是不行,現象和樓主的一樣
不知道是不是因為我安裝了chroot的原因啊
