Applicable to:
- Plesk for Linux
Symptoms
Unable to start bind9 with the following records in /var/log/syslog
file:
named[8362]: loading configuration from '/etc/named.conf'
named[8362]: open: /etc/named.conf: permission denied
named[8362]: loading configuration: permission denied
named[8362]: exiting (due to fatal error)
kernel: [34074.383056] type=1400 audit(1494212104.678:254): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/named/run-root/etc/named.conf" pid=8363 comm="named" requested_mask="r" denied_mask="r" fsuid=107 ouid=0
Cause
DNS server configuration files cannot be read by AppArmor.
Resolution
-
Log in the server via SSH.
Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.
-
Open
/etc/apparmor.d/local/usr.sbin.named
file if any text editor, for example, "vi". -
Add the following into
/etc/apparmor.d/local/usr.sbin.named
file:/var/named/run-root/** rwm,
-
Ensure that
include <local/usr.sbin.named>
directive is not commented with#
in/etc/apparmor.d/usr.sbin.named
# tail -3 /etc/apparmor.d/usr.sbin.named
# Site-specific additions and overrides. See local/README for details.
include <local/usr.sbin.named>
} -
Reload AppArmor:
# service apparmor reload
-
Start bind9 service:
# service bind9 start
Comments
5 comments
Where is the Centos version of this guide?
Hello Alexander Garzon. CentOS does not have AppArmor, such issues excluded from happening on CentOS.
I recommend to take a look to /var/log/messages attempting to start named-chroot service (this is how service name looks like on CentOS).
Thank you. I'm aware Centos does not have Apparmor. My question was more about Centos having the exact same problem (/etc/named.conf: permission denied) but not solution found among Plesk articles.
Basically Plesk is generating files and zones with permission 0600 instead 0640 and all under root:root instead named:named.
I have to fix this by forcing chmod 640 in all zones with a cron task
Hi Alexander Garzon I checked internally, and we did not have such requests as this for CentOS. As well as I verified that by default Plesk should create and use zones with 644 permissions and root:root.
I would recommend creating a ticket to support to see what can be wrong.
Hat nicht funktioniert
Please sign in to leave a comment.