FC4/BIND/zone file permission deny

heq99 · #1 21st June 2005, 04:35 PM

I created a domain and setup the DNS for test. All work well. But when I uploaded my actual zone file from windiows client and restarted named, it said permission denied for the uploaded zone file.

Then I replaced it with the test zone file. It worked again. I downloaded the test zone file and then uploaded the test zone file. It absolutely is same file, but couldn't work!

At last, I disabled the SELinux. Everything worked. I don't know why. Who can explain?

Thanks.

jordanvanbergen · #2 21st June 2005, 08:00 PM

How did you disable SELinux? What's the command line to do this? I might need this as well to test my cyrus-imapd problems.

I know that with SELinux you have to set some directory settings for it to work. This is what I had to do to get virtualhosts to work in apache in a different directory, let's say /web:

ls -Z /dir/where/www/root/will/be
chcon -R -h -t httpd_sys_content_t /dir/where/www/root/will/be for example /web
ls -Z /dir/where/www/root/will/be

this httpd_sys_content_t is voor apache dirs to be accesible. I assume it might be needed (different values of course) for a bind directory? I'm new to SELinux, so not an expert but it might not work because of the above explained things that happened to me. I ftp'ed a website to my home dir, copied it to /web and suddenly the website didn't work any longer (permission denied). I had to set this httpd_sys_content_t to make it work again. Perhaps it's the same for the bind directory?

Hope you can answer my question on how to disable SELinux and how to switch it on again using a shell?

Regards

Jordan van Bergen

elliss · #3 21st June 2005, 11:20 PM

jordanvanbergen - I think that you can turn SELinux on and off without the graphical tool by editing /etc/sysconfig/selinux, and rebooting.

heq99 - If you copy a file into a new directory the SELinux attributes of the file are updated, so try uploading your zone files to your account and then copying them to /var/named/. Uploading files direct to /var/named/ would be unsafe anyhow, since you'd have to login directly as root to do it...

heq99 · #4 22nd June 2005, 12:40 PM

Quote:

Originally Posted by elliss

heq99 - If you copy a file into a new directory the SELinux attributes of the file are updated, so try uploading your zone files to your account and then copying them to /var/named/. Uploading files direct to /var/named/ would be unsafe anyhow, since you'd have to login directly as root to do it...

Thank you very much. In fact, I did as you said. But because I was testing. So I used root to do these things. I downloaded the zone files from /var/named directly, then uploaded them into /root, then copy them to /var/named to overwrite the original, then restart BIND. Then the BIND displayed permission denied.

elliss · #5 25th June 2005, 04:11 PM

It sounds like you may have moved rather than copied the files - moving files doesn't reset the SELinux attributes on the files as copying does.