[nsd-users] logs
Simon Deziel
simon at sdeziel.info
Thu Oct 24 12:58:00 UTC 2019
On 2019-10-24 8:46 a.m., José Luis Artuch wrote:
> Thanks Jeroen,
>
> About permissions and owners:
> For /var/log/nsd.log, the directory /var/log/ has 755 root:root
> For /var/log/nsd/nsd.log, I created alternatively a directory
> /var/log/nsd/ with permissions 664, 666 and 777, for both nsd and root
> owners.
> As for NSD user, in /etc/nsd/nsd.conf I have configured username: nsd.
>
> cat /lib/systemd/system/nsd.service
> [Unit]
> Description=Name Server Daemon
> Documentation=man:nsd(8)
> After=network.target
>
> [Service]
> Type=notify
> Restart=always
> ExecStart=/usr/sbin/nsd -d
> ExecReload=+/bin/kill -HUP $MAINPID
> CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE
> CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
> MemoryDenyWriteExecute=true
> NoNewPrivileges=true
> PrivateDevices=true
> PrivateTmp=true
> ProtectHome=true
> ProtectControlGroups=true
> ProtectKernelModules=true
> ProtectKernelTunables=true
> ProtectSystem=strict
> ReadWritePaths=/var/lib/nsd /etc/nsd /run
ProtectSystem=strict turns most of the hierarchy into read only mounts
so you need to add /var/log and/or /var/log/nsd as ReadWritePaths= for
them to be writable by nsd itself. This is normally not needed as
logging goes through syslog by default but you are likely using
"logfile" in nsd.conf.
To add that ReadWritePaths directive:
sudo systemctl edit nsd
Then type and save the following:
[Service]
ReadWritePaths=/var/log/nsd
This will create an override file supplementing the package provided
unit with your local config.
HTH,
Simon
More information about the nsd-users
mailing list