File permission error with bind on Ubuntu 8.04
Starting with Ubuntu 8.04 slave zones under bind9 may not work as well as you may think – depending on where you believe you should save your zone files. The syslog shows permission error when bind tries to write to any folder under /etc/bind. That is where I had kept such files before – I realise now that this was a mistake – or at least not in line with common best practice.
This is the error you may see:
dumping master file: /etc/bind/slave/tmp-31s25Singg: open: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: failed while receiving responses: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: end of transfer
Starting with Ubuntu 8.04, apparmor is included by default in the installation. This was a new feature for me. In short, apparmor prevents unauthorised file activities and the reason for my file permission problem with bind was that I tried to write slave zone files to /etc/bind/slave. But, by definition, the local host does not hold the master copy of a slave zone. Such data should instead be saved in /var/cache/bind. Once I changed my zone definition and restarted bind it went well.
nicobo
Hi
Thanks for the tip. I was crazy not to find why I had this permission error…
Could you tell how you found out it was AppArmor and where you read it was better to write those files into /var/cache/bind (which sounds better after this explanation) ? Did I miss some man page…?