For a very long time I have noticed that when starting named there is a log
message or in systemctl status a line complaining about being unable to
write to the working directory as in the 2nd line with date/time from the
command below:
[root@lapmike3 ~]# systemctl status named
named.service - Internet domain name server
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
Active: active (running) since Sat 2013-02-09 09:45:40 GMT; 1h
2min ago
Main PID: 336 (named)
CGroup: name=systemd:/system/named.service
└─336 /usr/sbin/named -f -u named
Feb 09 09:45:42 lapmike3 named[336]: command channel listening on ::1#953
Feb 09 09:45:42 lapmike3 named[336]: the working directory is not writable
Feb 09 09:45:42 lapmike3 named[336]: managed-keys-zone: loaded serial 0
Feb 09 09:45:42 lapmike3 named[336]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 42
Feb 09 09:45:42 lapmike3 named[336]: zone localhost/IN: loaded serial 42
Feb 09 09:45:42 lapmike3 named[336]: all zones loaded
Feb 09 09:45:42 lapmike3 named[336]: running
Feb 09 10:45:42 lapmike3 named[336]: listening on IPv4 interface wlan0,
10.0.0.69#53
Feb 09 10:45:42 lapmike3 named[336]: could not listen on UDP socket:
permission denied
Feb 09 10:45:42 lapmike3 named[336]: creating IPv4 interface wlan0 failed;
interface ignored
Looking at the permissions of /var/named in arch here on my laptop I see:
drwxr-x--- 2 root named 4096 Dec 4 21:23 named
So doing:
[root@lapmike3 ~]# chmod 770 /var/named
Now:
drwxrwx--- 2 root named 4096 Dec 4 21:23 named
And
[root@lapmike3 ~]# systemctl restart named
[root@lapmike3 ~]# systemctl status named
named.service - Internet domain name server
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
Active: active (running) since Sat 2013-02-09 10:50:48 GMT; 3s ago
Process: 3619 ExecStop=/usr/sbin/rndc stop (code=exited,
status=0/SUCCESS)
Main PID: 3623 (named)
CGroup: name=systemd:/system/named.service
└─3623 /usr/sbin/named -f -u named
Feb 09 10:50:48 lapmike3 named[3623]: automatic empty zone: A.E.F.IP6.ARPA
Feb 09 10:50:48 lapmike3 named[3623]: automatic empty zone: B.E.F.IP6.ARPA
Feb 09 10:50:48 lapmike3 named[3623]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Feb 09 10:50:48 lapmike3 named[3623]: command channel listening on
127.0.0.1#953
Feb 09 10:50:48 lapmike3 named[3623]: command channel listening on ::1#953
Feb 09 10:50:48 lapmike3 named[3623]: managed-keys-zone: loaded serial 0
Feb 09 10:50:48 lapmike3 named[3623]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 42
Feb 09 10:50:48 lapmike3 named[3623]: zone localhost/IN: loaded serial 42
Feb 09 10:50:48 lapmike3 named[3623]: all zones loaded
Feb 09 10:50:48 lapmike3 named[3623]: running
Looks much better now!
But the question is whether or not this is a good thing to do? Does anyone
know if there are any bad consequences to resolving this problem by
changing the permissions of /var/named as I have done above? If this is a
good solution shouldn't that permission be set that way when the bind
package (bind 9.9.2.P1-1) is initially installed, so that it does not then
need changing after the install?
--
mike c
