Problem with pidfile and permission...

Dimitri dimitri_emich at protonmail.com
Tue Jan 4 15:57:41 UTC 2022 

Thanks for your answers.

> is it enough to:
>
> % cd /test/unbound
> % sudo chown -Rh unbound:unbound .
>
> Then try to start it again?

Unfortunately no. Like i wrote in my question, the installation folder is already owned by the user "test_unbound" wich also set in the config.

> FWIW all the systems I run that create pidfiles, either put them in
>
> /var/run
>
> or
>
> /tmp

If i use this directories the error turns to "Read-only file system".
I already thought, that the permission-error is not a "real" permission thing, but a specific option in the service-file which is unlikely causing the restriction.

That also confirms by the fact that if i manually start with "sudo sbin/unbound -d -vvvv" the output is:

===================================
[1641309759] unbound[10544:0] notice: Start of unbound 1.14.0.
[1641309759] unbound[10544:0] debug: creating udp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: creating tcp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: creating udp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: creating tcp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: creating udp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: creating tcp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: creating udp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: creating tcp4 socket 127.0.0.1 53
[1641309759] unbound[10544:0] debug: chdir to /test/unbound
[1641309759] unbound[10544:0] debug: chroot to /test/unbound
[1641309759] unbound[10544:0] debug: drop user privileges, run as test_unbound
[1641309759] unbound[10544:0] debug: switching log to /test/unbound/log.log
===================================

while the output (systemctl status unbound) from the start via the service-file is:

===================================
Jan 04 16:23:42 dimitri unbound[10556]: [1641309822] unbound[10556:0] debug: creating tcp4 socket 127.0.0.1 53
Jan 04 16:23:42 dimitri unbound[10556]: [1641309822] unbound[10556:0] debug: creating udp4 socket 127.0.0.1 53
Jan 04 16:23:42 dimitri unbound[10556]: [1641309822] unbound[10556:0] debug: creating tcp4 socket 127.0.0.1 53
Jan 04 16:23:42 dimitri unbound[10556]: [1641309822] unbound[10556:0] debug: creating udp4 socket 127.0.0.1 53
Jan 04 16:23:42 dimitri unbound[10556]: [1641309822] unbound[10556:0] debug: creating tcp4 socket 127.0.0.1 53
Jan 04 16:23:42 dimitri unbound[10556]: [1641309822] unbound[10556:0] error: cannot open pidfile /test/unbound/unbound.pid: Permission denied
Jan 04 16:23:42 dimitri unbound[10556]: [1641309822] unbound[10556:0] debug: chdir to /test/unbound
===================================

I shall look what exactly each of the options in the service-file means...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220104/d4d83eb3/attachment.htm>

More information about the Unbound-users mailing list