Kaulkwappe
2019-Nov-25 00:34 UTC
[nsd-users] Permission error after upgrade to Debian Buster (10.2)
An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20191125/0e70aab7/attachment.htm>
José Luis Artuch
2019-Nov-26 00:03 UTC
[nsd-users] Permission error after upgrade to Debian Buster (10.2)
Hi Kaulkwappe, El lun, 25-11-2019 a las 01:34 +0100, Kaulkwappe escribi?:> > [...] I'd double check if it's indeed effective with "systemctl > show nsd | grep ReadWritePaths" > > Seems to be effective: > > # systemctl show nsd | grep ReadWritePaths > > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run > > The problem with the log file will never stop the NSD service from > working (I believe) but the log file is quite important, so, of > course, NSD should be able to append to it. > > Does anyone already had this problem after an upgrade? > > Kind Regards, > Kaulkwappe >My knowledge on this subject is very limited, but since you ask I give you my recent experience. I have also upgraded from Debian 9 to Debian 10, two ways, starting from Debian 9 and also from scratch. In both cases I have not got NSD to write the log file. I have tested changes of permissions and/or routes. However, I have not had problems with the start of NSD, but I clarify that I use NSD with a very elementary configuration and without /var/lib/nsd/zone.list defined. A cordial greeting. Jos? Luis> > From: Simon Deziel <simon at sdeziel.info> > Sent: Monday, 25. Nov 2019 ? 01:26 CET +0100 > To: nsd-users at NLnetLabs.nl > > Subject: Re: [nsd-users] Permission error after upgrade to Debian > Buster (10.2) > > On 2019-11-24 6:10 p.m., Kaulkwappe wrote: > > Hi Simon, > > > > > I would have expect a permission error instead of a "read-only" > one. It > > > looks as if /var/log was not properly added to be ReadWritePaths > set. > > > > That is what I have used: > > > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run > > Not sure what would explain the read-only error then. I'd double > check > if it's indeed effective with "systemctl show nsd | grep > ReadWritePaths" > > > > This unlink failure is expected and AFAICT harmless. > > It should be harmless, but it doesn't look nice. I would consider > this as a bug. > > Agreed. Interestingly, unbound accepts "-p" to skip managing its own > PID. If nsd could get this, it would be handy when managing the > daemon > with systemd. > > > > I believe that xfrd.state should be owned by nsd:nsd as the > daemon needs > > > to write to that file. > > After changing the owner to nsd:nsd I believe this problem is > fixed. Thanks! > > Glad to hear that! > > Regards, > Simon > _______________________________________________ > nsd-users mailing list > nsd-users at NLnetLabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users > _______________________________________________ > nsd-users mailing list > nsd-users at NLnetLabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users