[nsd-users] Permission error after upgrade to Debian Buster (10.2)
José Luis Artuch
zenbakaitz at speedy.com.ar
Tue Nov 26 00:03:59 UTC 2019
Hi Kaulkwappe,
El lun, 25-11-2019 a las 01:34 +0100, Kaulkwappe escribió:
> > [...] I'd double check if it's indeed effective with "systemctl
> show nsd | grep ReadWritePaths"
>
> Seems to be effective:
> > # systemctl show nsd | grep ReadWritePaths
> > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
>
> The problem with the log file will never stop the NSD service from
> working (I believe) but the log file is quite important, so, of
> course, NSD should be able to append to it.
>
> Does anyone already had this problem after an upgrade?
>
> Kind Regards,
> Kaulkwappe
>
My knowledge on this subject is very limited, but since you ask I give
you my recent experience. I have also upgraded from Debian 9 to Debian
10, two ways, starting from Debian 9 and also from scratch. In both
cases I have not got NSD to write the log file. I have tested changes
of permissions and/or routes.
However, I have not had problems with the start of NSD, but I clarify
that I use NSD with a very elementary configuration and without
/var/lib/nsd/zone.list defined.
A cordial greeting.
José Luis
>
> From: Simon Deziel <simon at sdeziel.info>
> Sent: Monday, 25. Nov 2019 – 01:26 CET +0100
> To: nsd-users at NLnetLabs.nl
>
> Subject: Re: [nsd-users] Permission error after upgrade to Debian
> Buster (10.2)
>
> On 2019-11-24 6:10 p.m., Kaulkwappe wrote:
> > Hi Simon,
> >
> > > I would have expect a permission error instead of a "read-only"
> one. It
> > > looks as if /var/log was not properly added to be ReadWritePaths
> set.
> >
> > That is what I have used:
> > > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
>
> Not sure what would explain the read-only error then. I'd double
> check
> if it's indeed effective with "systemctl show nsd | grep
> ReadWritePaths"
>
> > > This unlink failure is expected and AFAICT harmless.
> > It should be harmless, but it doesn't look nice. I would consider
> this as a bug.
>
> Agreed. Interestingly, unbound accepts "-p" to skip managing its own
> PID. If nsd could get this, it would be handy when managing the
> daemon
> with systemd.
>
> > > I believe that xfrd.state should be owned by nsd:nsd as the
> daemon needs
> > > to write to that file.
> > After changing the owner to nsd:nsd I believe this problem is
> fixed. Thanks!
>
> Glad to hear that!
>
> Regards,
> Simon
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
More information about the nsd-users
mailing list