On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

Articles in this section

See more

Unable to start bind on Plesk Ubuntu/Debian server: loading configuration from '/etc/named.conf' loading configuration: permission denied

Avatar
Dinara Aspembitova
Updated
Follow
Plesk for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk for Linux

Symptoms

Unable to start bind9 with the following records in /var/log/syslog file:

CONFIG_TEXT: named[8362]: loading configuration from '/etc/named.conf'
named[8362]: open: /etc/named.conf: permission denied
named[8362]: loading configuration: permission denied
named[8362]: exiting (due to fatal error)
kernel: [34074.383056] type=1400 audit(1494212104.678:254): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/named/run-root/etc/named.conf" pid=8363 comm="named" requested_mask="r" denied_mask="r" fsuid=107 ouid=0

Cause

DNS server configuration files cannot be read by AppArmor.

Resolution

  1. Log in the server via SSH.

    Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.

  2. Open /etc/apparmor.d/local/usr.sbin.named file if any text editor, for example, "vi".
  3. Add the following into /etc/apparmor.d/local/usr.sbin.named file:

    CONFIG_TEXT: /var/named/run-root/** rwm,

  4. Reload AppArmor:

    # service apparmor reload

  5. Start bind9 service:

    # service bind9 start 

Comments

4 comments

Sort by Date Votes
  • Avatar
    Alexander Garzon

    Where is the Centos  version of this guide?

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hello Alexander Garzon. CentOS does not have AppArmor, such issues excluded from happening on CentOS. 

    I recommend to take a look to /var/log/messages attempting to start named-chroot service (this is how service name looks like on CentOS).

    0
    Comment actions Permalink
  • Avatar
    Alexander Garzon

    Thank you. I'm aware Centos does  not have Apparmor. My question was more about Centos having the exact same problem (/etc/named.conf: permission denied) but not solution found among Plesk articles.

    Basically Plesk is generating files and zones with permission 0600 instead 0640 and all under root:root instead named:named.

    I have to fix this by forcing chmod 640 in all zones with a cron task

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hi Alexander Garzon I checked internally, and we did not have such requests as this for CentOS. As well as I verified that by default Plesk should create and use zones with 644 permissions and root:root. 

    I would recommend creating a ticket to support to see what can be wrong.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles