[nsd-users] logs

José Luis Artuch zenbakaitz at speedy.com.ar
Thu Oct 24 18:13:40 UTC 2019


Thanks Vladimir,

I was about to ask if I had solved the problem correctly. I did it my
way while in parallel Simon answered me and now with your notice I read
in Simon's answer the correct way to do it :)
I must study Systemd, practically I don't know how it works.

Best regards.
José Luis

El jue, 24-10-2019 a las 21:51 +0800, Vladimir Lomov escribió:
> Hello,
> ** José Luis Artuch <zenbakaitz at speedy.com.ar> [2019-10-24 10:38:43
> -0300]:
> 
> > Thanks Simon,
> > 
> > Exactly, there was the problem !!
> > I just discovered it at the same time you wrote with the data
> > provided
> > by Andreas and Jeroen :)
> > 
> > Thank you very much to all three for guiding me !!!
> > 
> > Here what I did:
> > 
> > mkdir -p /var/log/nsd
> > chown nsd:nsd /var/log/nsd
> > 
> > nano /etc/nsd/nsd.conf
> > ...
> > logfile: "/var/log/nsd/nsd.log"
> > ...
> > 
> > cp /lib/systemd/system/nsd.service{,_original}
> > nano /lib/systemd/system/nsd.service
> > ...
> > ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log/nsd
> > ...
> 
> And you didn't follow good advice: 
> 
> $ sudo systemctl edit nsd
> 
> Next NSD upgrade will overwrite your changes and you will again come
> to
> ML and will again ask the same question. Don't invent the wheel and
> NEVER touch system configuration file IF there is altenative.
> 
> > systemctl daemon-reload		<---	!!!!
> > systemctl restart nsd
> > 
> > Thank you very much again, best regards !!
> > José Luis
> > 
> > El jue, 24-10-2019 a las 08:58 -0400, Simon Deziel escribió:
> > > On 2019-10-24 8:46 a.m., José Luis Artuch wrote:
> > > > Thanks Jeroen,
> > > > 
> > > > About permissions and owners:
> > > > For /var/log/nsd.log, the directory /var/log/ has 755 root:root
> > > > For /var/log/nsd/nsd.log, I created alternatively a directory
> > > > /var/log/nsd/ with permissions 664, 666 and 777, for both nsd
> > > > and
> > > > root
> > > > owners.
> > > > As for NSD user, in /etc/nsd/nsd.conf I have configured
> > > > username:
> > > > nsd.
> > > > 
> > > > cat /lib/systemd/system/nsd.service
> > > > [Unit]
> > > > Description=Name Server Daemon
> > > > Documentation=man:nsd(8)
> > > > After=network.target
> > > > 
> > > > [Service]
> > > > Type=notify
> > > > Restart=always
> > > > ExecStart=/usr/sbin/nsd -d
> > > > ExecReload=+/bin/kill -HUP $MAINPID
> > > > CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK
> > > > CAP_NET_BIND_SERVICE
> > > > CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
> > > > MemoryDenyWriteExecute=true
> > > > NoNewPrivileges=true
> > > > PrivateDevices=true
> > > > PrivateTmp=true
> > > > ProtectHome=true
> > > > ProtectControlGroups=true
> > > > ProtectKernelModules=true
> > > > ProtectKernelTunables=true
> > > > ProtectSystem=strict
> > > > ReadWritePaths=/var/lib/nsd /etc/nsd /run
> > > 
> > > ProtectSystem=strict turns most of the hierarchy into read only
> > > mounts
> > > so you need to add /var/log and/or /var/log/nsd as
> > > ReadWritePaths=
> > > for
> > > them to be writable by nsd itself. This is normally not needed as
> > > logging goes through syslog by default but you are likely using
> > > "logfile" in nsd.conf.
> > > 
> > > To add that ReadWritePaths directive:
> > > 
> > >   sudo systemctl edit nsd
> > > 
> > > Then type and save the following:
> > > 
> > > [Service]
> > > ReadWritePaths=/var/log/nsd
> > > 
> > > 
> > > This will create an override file supplementing the package
> > > provided
> > > unit with your local config.
> > > 
> > > HTH,
> > > Simon
> 
> ---
> WBR, Vladimir Lomov
> 




More information about the nsd-users mailing list