Articles in this section

See more

Unable to start bind on Plesk Ubuntu/Debian server: loading configuration from '/etc/named.conf' loading configuration: permission denied

Avatar
Renan Moreira
Updated
Follow
Plesk for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk for Linux

Symptoms

Unable to start bind9 with the following records in /var/log/syslog file:

named[8362]: loading configuration from '/etc/named.conf'
named[8362]: open: /etc/named.conf: permission denied
named[8362]: loading configuration: permission denied
named[8362]: exiting (due to fatal error)
kernel: [34074.383056] type=1400 audit(1494212104.678:254): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/named/run-root/etc/named.conf" pid=8363 comm="named" requested_mask="r" denied_mask="r" fsuid=107 ouid=0

Cause

DNS server configuration files cannot be read by AppArmor.

Resolution

  1. Log in the server via SSH.

    Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.

  2. Open /etc/apparmor.d/local/usr.sbin.named file if any text editor, for example, "vi".

  3. Add the following into /etc/apparmor.d/local/usr.sbin.named file:

    /var/named/run-root/** rwm,

  4. Ensure that include <local/usr.sbin.named> directive is not commented with # in  /etc/apparmor.d/usr.sbin.named

    # tail -3 /etc/apparmor.d/usr.sbin.named
    # Site-specific additions and overrides. See local/README for details.
    include <local/usr.sbin.named>
    }

  5. Reload AppArmor:

    # service apparmor reload

  6. Start bind9 service:

    # service bind9 start

Comments

4 comments

Sort by Date Votes
  • Avatar
    Alexander Garzon

    Where is the Centos  version of this guide?

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hello Alexander Garzon. CentOS does not have AppArmor, such issues excluded from happening on CentOS. 

    I recommend to take a look to /var/log/messages attempting to start named-chroot service (this is how service name looks like on CentOS).

    0
    Comment actions Permalink
  • Avatar
    Alexander Garzon

    Thank you. I'm aware Centos does  not have Apparmor. My question was more about Centos having the exact same problem (/etc/named.conf: permission denied) but not solution found among Plesk articles.

    Basically Plesk is generating files and zones with permission 0600 instead 0640 and all under root:root instead named:named.

    I have to fix this by forcing chmod 640 in all zones with a cron task

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hi Alexander Garzon I checked internally, and we did not have such requests as this for CentOS. As well as I verified that by default Plesk should create and use zones with 644 permissions and root:root. 

    I would recommend creating a ticket to support to see what can be wrong.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles