Ubuntu
smbind package

BIND9 can't read /etc/smbind/smbind.conf

Bug #655539 reported by Lazy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
smbind (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: smbind

I added the following line to named.conf local:

include "/etc/smbind/smbind.conf";

Now BIND won't start and I can see this in my syslog:

Oct 6 10:26:19 lucid-lynx named[2866]: starting BIND 9.7.0-P1 -u bind
Oct 6 10:26:19 lucid-lynx named[2866]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
Oct 6 10:26:19 lucid-lynx named[2866]: adjusted limit on open files from 1024 to 1048576
Oct 6 10:26:19 lucid-lynx named[2866]: found 1 CPU, using 1 worker thread
Oct 6 10:26:19 lucid-lynx named[2866]: using up to 4096 sockets
Oct 6 10:26:19 lucid-lynx named[2866]: loading configuration from '/etc/bind/named.conf'
Oct 6 10:26:19 lucid-lynx named[2866]: /etc/bind/named.conf.local:9: open: /etc/smbind/smbind.conf: permission denied
Oct 6 10:26:19 lucid-lynx kernel: [ 2021.949061] type=1503 audit(1286349979.330:18): operation="open" pid=2868 parent=2865 profile="/usr/sbin/named" requested_mask="::r" denied_mask="::r" fsuid=103 ouid=33 name="/etc/smbind/smbind.conf"
Oct 6 10:26:19 lucid-lynx named[2866]: loading configuration: permission denied
Oct 6 10:26:19 lucid-lynx named[2866]: exiting (due to fatal error)

Revision history for this message
Giuseppe Iuculano (giuseppe-iuculano) wrote : Re: [Bug 655539] [NEW] BIND9 can't read /etc/smbind/smbind.conf

On 10/06/2010 09:28 AM, Lazy wrote:
> Oct 6 10:26:19 lucid-lynx named[2866]: /etc/bind/named.conf.local:9: open: /etc/smbind/smbind.conf: permission denied

As write in /usr/share/doc/smbind/README.Debian, probably you want run:

/usr/share/doc/smbind/README.Debian

Cheers,
Giuseppe

Revision history for this message
Lazy (ubuntu-bugs-oittaa) wrote :

Fresh installation:

root@Ubuntu-server:/usr/share/doc/smbind# usermod -G bind www-data
root@Ubuntu-server:/usr/share/doc/smbind# /etc/init.d/apache2 restart
 * Restarting web server apache2 ... waiting . [ OK ]
root@Ubuntu-server:/usr/share/doc/smbind# echo 'include "/etc/smbind/smbind.conf";' >> /etc/bind/named.conf.local
root@Ubuntu-server:/usr/share/doc/smbind# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9 [ OK ]
 * Starting domain name service... bind9 [fail]

syslog:

Oct 6 23:01:17 Ubuntu-server named[22609]: /etc/bind/named.conf.local:9: open: /etc/smbind/smbind.conf: permission denied
Oct 6 23:01:17 Ubuntu-server named[22609]: loading configuration: permission denied
Oct 6 23:01:17 Ubuntu-server named[22609]: exiting (due to fatal error)
Oct 6 23:01:17 Ubuntu-server kernel: [16040.586424] type=1503 audit(1286395277.062:18): operation="open" pid=22610 parent=22608 profile="/usr/sbin/named" requested_mask="::r" denied_mask="::r" fsuid=109 ouid=33 name="/etc/smbind/smbind.conf"

Revision history for this message
xtester (xtester) wrote :
Download full text (3.4 KiB)

I have the same problem:

root@ubuntu-server:/etc/smbind# cat /etc/issue
Ubuntu 11.04 \n \l
root@ubuntu-server:/etc/smbind# named -v
BIND 9.7.3

smbind ver 0.48

root@ubuntu-server:/etc/smbind# ls -al /etc/bind/
total 68
drwxrws--- 2 root bind 4096 2011-05-24 14:20 .
drwxr-xr-x 89 root root 4096 2011-05-24 15:41 ..
-rw-r--r-- 1 root root 2544 2011-04-01 01:10 bind.keys
-rw-r--r-- 1 root root 237 2011-04-01 01:10 db.0
-rw-r--r-- 1 root root 271 2011-04-01 01:10 db.127
-rw-r--r-- 1 root root 237 2011-04-01 01:10 db.255
-rw-r--r-- 1 root root 353 2011-04-01 01:10 db.empty
-rw-r--r-- 1 root root 270 2011-04-01 01:10 db.local
-rw-r--r-- 1 root root 2994 2011-04-01 01:10 db.root
-rw-r--r-- 1 root bind 498 2011-05-23 17:48 named.conf
-rw-r--r-- 1 root bind 490 2011-04-01 01:10 named.conf.default-zones
-rw-r--r-- 1 root bind 1002 2011-05-22 09:34 named.conf.local
-rw-r--r-- 1 root bind 572 2011-04-01 01:10 named.conf.options
-rw-r--r-- 1 root bind 77 2011-05-22 02:59 rndc.key
-rw-r--r-- 1 root root 1317 2011-04-01 01:10 zones.rfc1918

root@ubuntu-server:/etc/smbind# ls -al
total 28
drwxrwxr-x 3 root bind 4096 2011-05-23 16:53 .
drwxr-xr-x 89 root root 4096 2011-05-24 15:41 ..
-rw-r--r-- 1 www-data bind 197 2010-09-06 03:58 apache.conf
-rw-r----- 1 www-data www-data 537 2011-05-23 16:53 config-db.php
-rw-r--r-- 1 www-data bind 54 2010-09-06 03:58 lighttpd.conf
-rw-rw-r-- 1 www-data bind 64 2011-05-24 10:21 smbind.conf
drwxrwxr-- 2 www-data bind 4096 2010-10-16 03:18 zones

root@ubuntu-server:/etc/smbind# cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/smbind/smbind.conf";

root@ubuntu-server:/etc/smbind# named -g -d 1
24-May-2011 15:40:40.963 starting BIND 9.7.3 -g -d 1
24-May-2011 15:40:40.963 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=yes' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
24-May-2011 15:40:40.963 adjusted limit on open files from 4096 to 1048576
24-May-2011 15:40:40.963 found 1 CPU, using 1 worker thread
24-May-2011 15:40:40.964 using up to 4096 sockets
24-May-2011 15:40:40.971 decrement_reference: delete from rbt: 0xb77e50b0 .
24-May-2011 15:40:40.980 loading configuration from '/etc/bind/named.conf'
24-May-2011 ...

Read more...

Revision history for this message
j2 (j2) wrote :

The installation of smbind needs to modify the Apparmor profile for BIND9.

The below does the trick.

#smbind
  /etc/smbind/smbind.conf r,
  /etc/smbind/zones/ rw,
  /etc/smbind/zones/** rw,

Revision history for this message
j2 (j2) wrote :

What was i thinking. I mean:

#smbind
  /etc/smbind/smbind.conf r,
  /etc/smbind/zones/ r,
  /etc/smbind/zones/** r,

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.