[Solved] Bind Not Starting on Ubuntu Permission Denied Plesk 12.5

I've recently installed Plesk 12.5 and i'm having some issues with bind.

Whenever i start the service i get this error message in my syslog

Code:

Mar 11 18:33:05 ded named[9007]: loading configuration from '/etc/named.conf'
Mar 11 18:33:05 ded named[9007]: open: /etc/named.conf: permission denied
Mar 11 18:33:05 ded named[9007]: loading configuration: permission denied
Mar 11 18:33:05 ded named[9007]: exiting (due to fatal error)

i've tried the method of fixing it on the Plesk KB but that did not work.

I do not have AppArmor installed currently cause i saw a lot of people were having issues with plesk and apparmor so i went ahead and deleted that first.

My System:

Plesk 12.5 Ubuntu 14.04

Is there any solution to this problem? I have searched everywhere for a solution but i can not seem to find one.

Thanks

 

Besides Plesk is a bitch what are your permissions of that file?
check with

Code:

ls -l /etc/named.conf

It could also be a configuration issue if it runs in a jail.
If your Output looks something like this:

Code:

lrwxrwxrwx 1 root root 34 2016-03-12 01:11 /etc/named.conf -> /var/named/run-root/etc/named.conf

Please adopt the path and check

Code:

ls -l /var/named/run-root/etc/named.conf

too.

Should be owned by root:bind then.
What KB did you use - if you say "the one" ppl exactly know what you did, right?

 

Code:

install@ded:~$ sudo ls -l /etc/named.conf
lrwxrwxrwx 1 root root 34 Mar 11 18:05 /etc/named.conf -> /var/named/run-root/etc/named.conf

Code:

install@ded:~$ sudo ls -l /var/named/run-root/etc/named.conf
-rw-r--r-- 1 root root 1257 Mar 11 18:05 /var/named/run-root/etc/named.conf

kb.plesk.com/en/123075

Not sure what you mean by adopt the path.

 

Yeah, I meant exactly what you did, showing original files permissions.

I don't see why it should be world readable but since bind is running in a jail, it should be sufficient it can read its own files - nobody else really has to do, except root which also can write them anyway...

You could try

Code:

chown bind /var/named/run-root/etc/named.conf

and restart bind, if it works/doesn't work either way, try

Code:

chgrp bind /var/named/run-root/etc/named.conf

and if that does work, try

Code:

chmod 400 /var/named/run-root/etc/named.conf

 

Tried all 3 same issue

 

Ok, leave them for now. What's the options value in your
/etc/default/bind9

Code:

OPTIONS="-u bind -t /var/named/run-root -c /etc/named.conf"

Does your folder tree look like

Code:

drwxr-x--- 4 root bind 1024 2006-08-15 22:26 /var/named/run-root
root@server:~# ls -l /var/named/run-root
drwxrwx--- 2 root bind 1024 2006-08-15 21:55 cache
drwxrwx--- 2 root bind 1024 2006-08-15 22:30 pid

 

Code:

OPTIONS="${OPTIONS} -t /var/named/run-root  -c /etc/named.conf -u bind -n 2"

Code:

install@ded:/etc/default$ sudo ls -l /var/named/run-root
total 12
drwxr-xr-x 2 root  root 4096 Mar 11 13:58 dev
drwxr-xr-x 3 10007 4001 4096 Mar 11 18:05 etc
drwxr-xr-x 3 bind  bind 4096 Aug 13  2002 var

 

ok, seems like invalid userid and group for your /var/named/run-root/etc folder
try

Code:

sudo chown root:bind /var/named/run-root/etc

and give it a shot.

 

Same issue :/
My structure now

Code:

install@ded:~$ sudo ls -l /var/named/run-root
total 12
drwxr-xr-x 2 root root 4096 Mar 11 13:58 dev
drwxr-xr-x 3 root bind 4096 Mar 11 18:05 etc
drwxr-xr-x 3 bind bind 4096 Aug 13  2002 var

 

Ok, I did a quick setup of chrooted bind9 on my debian-box, file permissions should be similar, maybe I don't have all files in the same folders but it should work if you compare them / assign permissions accordingly.

 

Code:

root@ded:/var/named# ls -Alah
total 12K
drw-r--r--  3 root root 4.0K Mar 11 13:58 .
drwxr-xr-x 18 root root 4.0K Mar 11 17:55 ..
drw-r--r--  5 root root 4.0K Mar 11 13:58 run-root

Code:

root@ded:/var/named# ls -Alah run-root/
total 20K
drw-r--r-- 5 root root 4.0K Mar 11 13:58 .
drw-r--r-- 3 root root 4.0K Mar 11 13:58 ..
drwxr-xr-x 2 root root 4.0K Mar 11 13:58 dev
drwxr-xr-x 3 root bind 4.0K Mar 11 18:05 etc
drwxr-xr-x 3 bind bind 4.0K Aug 13  2002 var

Code:

root@ded:/var/named# ls -Alah run-root/etc/
total 32K
drwxr-xr-x 3 root  bind 4.0K Mar 11 18:05 .
drw-r--r-- 5 root  root 4.0K Mar 11 13:58 ..
drwxr-xr-x 2 root  root 4.0K Mar 11 13:58 bind
-r--r--r-- 1 root  root 3.5K Mar 11 18:05 localtime
-rw------- 1 bind  bind 1.3K Mar 11 18:05 named.conf
-rw-r--r-- 1 10007 4001  923 May  6  2014 named.conf.default
-rw-r--r-- 1 10007 4001  480 Jan 23  2002 rndc.conf
-r--r--r-- 1 10007 4001 1.2K Jun 15  2001 rndc.conf.sample

Code:

root@ded:/var/named# ls -Alah run-root/etc/bind
total 8.0K
drwxr-xr-x 2 root root 4.0K Mar 11 13:58 .
drwxr-xr-x 3 root bind 4.0K Mar 11 18:05 ..
lrwxrwxrwx 1 root root   33 Mar 11 13:58 rndc.conf -> /var/named/run-root/etc/rndc.conf

Code:

root@ded:/var/named# ls -Alah run-root/dev
total 8.0K
drwxr-xr-x 2 root root 4.0K Mar 11 13:58 .
drw-r--r-- 5 root root 4.0K Mar 11 13:58 ..
crw-r--r-- 1 root root 1, 8 Mar 11 13:58 random
crw-r--r-- 1 root root 1, 9 Mar 11 13:58 urandom

Code:

root@ded:/var/named# ls -Alah run-root/var
total 40K
drwxr-xr-x 3 bind  bind 4.0K Aug 13  2002 .
drw-r--r-- 5 root  root 4.0K Mar 11 13:58 ..
-rw-r--r-- 1 root  root  300 Mar 11 16:02 218.130.38.in-addr.arpa
-rw-r--r-- 1 root  root  935 Mar 11 16:02 ded.emperorhosting.com
-r--r--r-- 1 10007 4001  295 Mar 11 13:58 localhost.rev
-rw------- 1 root  root  391 Mar 11 13:58 localhost.rev.saved_by_psa
-r--r--r-- 1 10007 4001  284 Jun 15  2001 make-localhost
-r--r--r-- 1 10007 4001 2.8K Jun 15  2001 named.root
-r--r--r-- 1 10007 4001  397 Aug 13  2002 PROTO.localhost.rev
drwxr-xr-x 3 bind  bind 4.0K Nov 14  2001 run

Code:

root@ded:/var/named# ls -Alah run-root/var/cache/
ls: cannot access run-root/var/cache/: No such file or directory

Code:

root@ded:/var/named# ls -Alah run-root/var/run/
total 12K
drwxr-xr-x 3 bind bind 4.0K Nov 14  2001 .
drwxr-xr-x 3 bind bind 4.0K Aug 13  2002 ..
drwxr-xr-t 2 bind 4001 4.0K Nov 14  2001 named
root@ded:/var/named# ls -Alah run-root/var/run/named
total 8.0K
drwxr-xr-t 2 bind 4001 4.0K Nov 14  2001 .
drwxr-xr-x 3 bind bind 4.0K Nov 14  2001 ..

 

Hmm besides the strange looking user 10007 and group 4001 you habe there, the main difference I see at first glance, I have

Code:

sudo chmod 775 /var/named/run-root

and my /etc is chgrp'ed to root, but this shouldn't make a difference here.

 

Holy crap that worked, I don't why i didn't think about that. Thank you so much

 

chmod 755 allows group and world to execute the top directory of the chrooted environment.
Since it was owned root:root and chmod 744 the user bind could not execute ( enter ) the directory thus wasn't able to read subfolders.