[nsd-users] Permission error after upgrade to Debian Buster (10.2)

José Luis Artuch zenbakaitz at speedy.com.ar
Tue Apr 14 13:51:59 UTC 2020 

Actually with sudo chmod 666 /var/run/log/nsd.log works fine !

El sáb, 14-12-2019 a las 11:52 -0300, José Luis Artuch escribió:
> Hi Anand,
> 
> El sáb, 14-12-2019 a las 10:15 +0100, Anand Buddhdev escribió:
> > Hello guys,
> > 
> > I don't run Debian, so I can't offer a solution now, but I am
> > worried
> > that you're all just stumbling in the dark here, and randomly
> > changing
> > permissions on directories and files. A well-built package should
> > not
> > require any of this, and should just work. Has any one of you
> > approached
> > the maintainer of the Debian package? Perhaps it has been built
> > incorrectly, and needs to be fixed.
> > 
> > Regards,
> > Anand
> 
> No, at least I have not contacted the NSD package maintainer in
> Debian.
> Thank you so much for your advice.
> Regards.
> José Luis
> 
> > On 13/12/2019 13:18, Kaulkwappe wrote:
> > > Unfortunately I still get this errors in NSD 4.1.26 on Debian
> > > Buster 10.2:
> > > 
> > > 1) Log file:
> > >  > error: Cannot open /var/log/nsd.log for appending (Permission
> > > denied), 
> > > logging to std
> > > 
> > > When it se the owner of nsd.log to root:root, I don't get an
> > > error
> > > message on 
> > > start. However, after this start, NSD will change the owner to
> > > nsd:nsd and on 
> > > the next start I will get this error message.
> > > 
> > > 2) PID file:
> > >  > warning: failed to unlink pidfile /run/nsd/nsd.pid: Permission
> > > denied
> > > It seems that NSD needs a PID file, because if I change pidfile: 
> > > "/run/nsd/nsd.pid" to pidfile: "" I get:
> > > 
> > >  > error: cannot open pidfile : No such file or directory
> > >  > error: cannot overwrite the pidfile : No such file or
> > > directory
> > > 
> > > 
> > > 
> > > -----------------------------------------------------------------
> > > ---------------
> > > *From:* JoséLuis Artuch <zenbakaitz at speedy.com.ar 
> > > </email/new/1/zenbakaitz%40speedy.com.ar>>
> > > *Sent:* Tuesday, 26. Nov 2019 – 01:03 CET +0100
> > > *To:* Kaulkwappe <kaulkwappe at prvy.eu
> > > </email/new/1/kaulkwappe%40prvy.eu>>
> > > nsd-users at NLnetLabs.nl </email/new/1/nsd-users%40NLnetLabs.nl>
> > > 
> > > *Subject:* Re: [nsd-users] Permission error after upgrade to
> > > Debian
> > > Buster (10.2)
> > > 
> > > Hi Kaulkwappe,
> > > 
> > > El lun, 25-11-2019 a las 01:34 +0100, Kaulkwappe escribió:
> > > > > [...] I'd double check if it's indeed effective with
> > > > > "systemctl
> > > > show nsd | grep ReadWritePaths"
> > > > 
> > > > Seems to be effective:
> > > > > # systemctl show nsd | grep ReadWritePaths
> > > > > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
> > > > 
> > > > The problem with the log file will never stop the NSD service
> > > > from
> > > > working (I believe) but the log file is quite important, so, of
> > > > course, NSD should be able to append to it.
> > > > 
> > > > Does anyone already had this problem after an upgrade?
> > > > 
> > > > Kind Regards,
> > > > Kaulkwappe
> > > > 
> > > 
> > > My knowledge on this subject is very limited, but since you ask I
> > > give
> > > you my recent experience. I have also upgraded from Debian 9 to
> > > Debian
> > > 10, two ways, starting from Debian 9 and also from scratch. In
> > > both
> > > cases I have not got NSD to write the log file. I have tested
> > > changes
> > > of permissions and/or routes.
> > > However, I have not had problems with the start of NSD, but I
> > > clarify
> > > that I use NSD with a very elementary configuration and without
> > > /var/lib/nsd/zone.list defined.
> > > A cordial greeting.
> > > José Luis
> > > 
> > > > From: Simon Deziel <simon at sdeziel.info>
> > > > Sent: Monday, 25. Nov 2019 – 01:26 CET +0100
> > > > To: nsd-users at NLnetLabs.nl
> > > > 
> > > > Subject: Re: [nsd-users] Permission error after upgrade to
> > > > Debian
> > > > Buster (10.2)
> > > > 
> > > > On 2019-11-24 6:10 p.m., Kaulkwappe wrote:
> > > > > Hi Simon,
> > > > > 
> > > > >  > I would have expect a permission error instead of a "read-
> > > > > only"
> > > > one. It
> > > > >  > looks as if /var/log was not properly added to be
> > > > > ReadWritePaths
> > > > set.
> > > > > That is what I have used:
> > > > >  > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run
> > > > 
> > > > Not sure what would explain the read-only error then. I'd
> > > > double
> > > > check
> > > > if it's indeed effective with "systemctl show nsd | grep
> > > > ReadWritePaths"
> > > > 
> > > > >  > This unlink failure is expected and AFAICT harmless.
> > > > > It should be harmless, but it doesn't look nice. I would
> > > > > consider
> > > > this as a bug.
> > > > 
> > > > Agreed. Interestingly, unbound accepts "-p" to skip managing
> > > > its
> > > > own
> > > > PID. If nsd could get this, it would be handy when managing the
> > > > daemon
> > > > with systemd.
> > > > 
> > > > >  > I believe that xfrd.state should be owned by nsd:nsd as
> > > > > the
> > > > daemon needs
> > > > >  > to write to that file.
> > > > > After changing the owner to nsd:nsd I believe this problem is
> > > > fixed. Thanks!
> > > > 
> > > > Glad to hear that!
> > > > 
> > > > Regards,
> > > > Simon
> > > > _______________________________________________
> > > > nsd-users mailing list
> > > > nsd-users at NLnetLabs.nl
> > > > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> > > > _______________________________________________
> > > > nsd-users mailing list
> > > > nsd-users at NLnetLabs.nl
> > > > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> > > 
> > > _______________________________________________
> > > nsd-users mailing list
> > > nsd-users at NLnetLabs.nl
> > > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> > > 
> > _______________________________________________
> > nsd-users mailing list
> > nsd-users at NLnetLabs.nl
> > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users

More information about the nsd-users mailing list