[nsd-users] Permission error after upgrade to Debian Buster (10.2)

Anand Buddhdev anandb at ripe.net
Sat Dec 14 09:15:46 UTC 2019


Hello guys,

I don't run Debian, so I can't offer a solution now, but I am worried
that you're all just stumbling in the dark here, and randomly changing
permissions on directories and files. A well-built package should not
require any of this, and should just work. Has any one of you approached
the maintainer of the Debian package? Perhaps it has been built
incorrectly, and needs to be fixed.

Regards,
Anand

On 13/12/2019 13:18, Kaulkwappe wrote:
> Unfortunately I still get this errors in NSD 4.1.26 on Debian Buster 10.2:
> 
> 1) Log file:
>  > error: Cannot open /var/log/nsd.log for appending (Permission denied), 
> logging to std
> 
> When it se the owner of nsd.log to root:root, I don't get an error message on 
> start. However, after this start, NSD will change the owner to nsd:nsd and on 
> the next start I will get this error message.
> 
> 2) PID file:
>  > warning: failed to unlink pidfile /run/nsd/nsd.pid: Permission denied
> It seems that NSD needs a PID file, because if I change pidfile: 
> "/run/nsd/nsd.pid" to pidfile: "" I get:
> 
>  > error: cannot open pidfile : No such file or directory
>  > error: cannot overwrite the pidfile : No such file or directory
> 
> 
> 
> --------------------------------------------------------------------------------
> *From:* JoséLuis Artuch <zenbakaitz at speedy.com.ar 
> </email/new/1/zenbakaitz%40speedy.com.ar>>
> *Sent:* Tuesday, 26. Nov 2019 – 01:03 CET +0100
> *To:* Kaulkwappe <kaulkwappe at prvy.eu </email/new/1/kaulkwappe%40prvy.eu>>
> nsd-users at NLnetLabs.nl </email/new/1/nsd-users%40NLnetLabs.nl>
> 
> *Subject:* Re: [nsd-users] Permission error after upgrade to Debian Buster (10.2)
> 
> Hi Kaulkwappe,
> 
> El lun, 25-11-2019 a las 01:34 +0100, Kaulkwappe escribió:
>> > [...] I'd double check if it's indeed effective with "systemctl
>> show nsd | grep ReadWritePaths"
>> 
>> Seems to be effective:
>> > # systemctl show nsd | grep ReadWritePaths
>> > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
>> 
>> The problem with the log file will never stop the NSD service from
>> working (I believe) but the log file is quite important, so, of
>> course, NSD should be able to append to it.
>> 
>> Does anyone already had this problem after an upgrade?
>> 
>> Kind Regards,
>> Kaulkwappe
>> 
> 
> My knowledge on this subject is very limited, but since you ask I give
> you my recent experience. I have also upgraded from Debian 9 to Debian
> 10, two ways, starting from Debian 9 and also from scratch. In both
> cases I have not got NSD to write the log file. I have tested changes
> of permissions and/or routes.
> However, I have not had problems with the start of NSD, but I clarify
> that I use NSD with a very elementary configuration and without
> /var/lib/nsd/zone.list defined.
> A cordial greeting.
> José Luis
> 
>> 
>> From: Simon Deziel <simon at sdeziel.info>
>> Sent: Monday, 25. Nov 2019 – 01:26 CET +0100
>> To: nsd-users at NLnetLabs.nl
>> 
>> Subject: Re: [nsd-users] Permission error after upgrade to Debian
>> Buster (10.2)
>> 
>> On 2019-11-24 6:10 p.m., Kaulkwappe wrote:
>> > Hi Simon,
>> > 
>> >  > I would have expect a permission error instead of a "read-only"
>> one. It
>> >  > looks as if /var/log was not properly added to be ReadWritePaths
>> set.
>> > 
>> > That is what I have used:
>> >  > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
>> 
>> Not sure what would explain the read-only error then. I'd double
>> check
>> if it's indeed effective with "systemctl show nsd | grep
>> ReadWritePaths"
>> 
>> >  > This unlink failure is expected and AFAICT harmless.
>> > It should be harmless, but it doesn't look nice. I would consider
>> this as a bug.
>> 
>> Agreed. Interestingly, unbound accepts "-p" to skip managing its own
>> PID. If nsd could get this, it would be handy when managing the
>> daemon
>> with systemd.
>> 
>> >  > I believe that xfrd.state should be owned by nsd:nsd as the
>> daemon needs
>> >  > to write to that file.
>> > After changing the owner to nsd:nsd I believe this problem is
>> fixed. Thanks!
>> 
>> Glad to hear that!
>> 
>> Regards,
>> Simon
>> _______________________________________________
>> nsd-users mailing list
>> nsd-users at NLnetLabs.nl
>> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>> _______________________________________________
>> nsd-users mailing list
>> nsd-users at NLnetLabs.nl
>> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 
> 
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 



More information about the nsd-users mailing list