Kaulkwappe
2019-Nov-24 23:10 UTC
[nsd-users] Permission error after upgrade to Debian Buster (10.2)
An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20191125/782fccfe/attachment.htm>
Simon Deziel
2019-Nov-25 00:26 UTC
[nsd-users] Permission error after upgrade to Debian Buster (10.2)
On 2019-11-24 6:10 p.m., Kaulkwappe wrote:> Hi Simon, > > > I would have expect a permission error instead of a "read-only" one. It > > looks as if /var/log was not properly added to be ReadWritePaths set. > > That is what I have used: > > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /runNot sure what would explain the read-only error then. I'd double check if it's indeed effective with "systemctl show nsd | grep ReadWritePaths"> > This unlink failure is expected and AFAICT harmless. > It should be harmless, but it doesn't look nice. I would consider this as a bug.Agreed. Interestingly, unbound accepts "-p" to skip managing its own PID. If nsd could get this, it would be handy when managing the daemon with systemd.> > I believe that xfrd.state should be owned by nsd:nsd as the daemon needs > > to write to that file. > After changing the owner to nsd:nsd I believe this problem is fixed. Thanks!Glad to hear that! Regards, Simon
Wouter Wijngaards
2019-Dec-02 09:22 UTC
[nsd-users] Permission error after upgrade to Debian Buster (10.2)
Hi Simon, On 11/25/19 1:26 AM, Simon Deziel wrote:> On 2019-11-24 6:10 p.m., Kaulkwappe wrote: >> Hi Simon, >> >> > I would have expect a permission error instead of a "read-only" one. It >> > looks as if /var/log was not properly added to be ReadWritePaths set. >> >> That is what I have used: >> > ReadWritePaths=/var/lib/nsd /var/log /etc/nsd /run > > Not sure what would explain the read-only error then. I'd double check > if it's indeed effective with "systemctl show nsd | grep ReadWritePaths" > >> > This unlink failure is expected and AFAICT harmless. >> It should be harmless, but it doesn't look nice. I would consider this as a bug. > > Agreed. Interestingly, unbound accepts "-p" to skip managing its own > PID. If nsd could get this, it would be handy when managing the daemon > with systemd.When trying to add the option for you, I saw the code should accept -P "" on the commandline or pidfile: "" in nsd.conf omits creation of the pidfile. It should already work! I could still create a convenience option or perhaps a description for it? Perhaps in nsd's usage printout something to say that '-P "" stop creation of the pidfile' or something along those lines. If this also works, of course. Best regards, Wouter> >> > I believe that xfrd.state should be owned by nsd:nsd as the daemon needs >> > to write to that file. >> After changing the owner to nsd:nsd I believe this problem is fixed. Thanks! > > Glad to hear that! > > Regards, > Simon > _______________________________________________ > nsd-users mailing list > nsd-users at NLnetLabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20191202/478c3800/attachment.bin>