Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Odd permissions in /var/named

Discussion in 'Bind/DNS/Nameserver' started by El Directo, Jan 8, 2019.

  1. El Directo

    El Directo Member

    Joined:
    Jan 4, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    San Antonio
    cPanel Access Level:
    DataCenter Provider
    Hi Everyone,

    It would appear that the permissions for /var/named are being changed across several of our cPanel machines to the following:

    Code:
    drwxrwx--T    6 root   named  4.0K Jan  5 07:40 named/
    
    and this is causing logrotate to fail with this message:

    Code:
    error: skipping "/var/named/named.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    You can reproduce the error by testing logrotate with while those permissions are set:

    logrotate -d /etc/logrotate.d/named

    Once I changed permissions back to what many of our other cPanel boxes have, it completes successfully again:

    chmod 0755 /var/named

    Also the user and group on my testing machine are named:named, where as the ownership on these affected machines with the error are root:named.

    I mostly want to know if anyone else has been running into this.
     
  2. El Directo

    El Directo Member

    Joined:
    Jan 4, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    San Antonio
    cPanel Access Level:
    DataCenter Provider
    The permissions I'm encountering can be set by doing these:

    Code:
    chmod 1750 /var/named
    Then:

    Code:
    chmod o-x /var/named
    Sets the sticky bit then removes execute permissions from OTHER.
     
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @El Directo


    Do you have any examples of this prior to modification? You can see the attributes by using lsattr I don't see why the sticky bit wouldn't be set, as that's not the default.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice