This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

managed-key permission issue
#1
managed-key permission issue
Hi all good afternoon first of all forgive me for my english, in not good at it, second im preatty new at sentora i managed to install following the tutorial of the official page, all went good but when i tried to add a new domain and generate de dns in the sentora panel it shows me an error when i navigate to the url of the domain throwing me a dns error i searched and found the logs of bind

[Image: bind_error.png]
I followed another thread with similar issues i they said i had to edit  /etc/named.conf  file adding this line of code
Code:
managed-keys-directory "/var/named/dynamic";

 
I edited the file and it looks like this
[Image: named_conf.png] 
After that i followed the other steps of the thread  to do thr rm and restart commands but then appears and error
[Image: named_restart.png]
I tried to seek for those logs and found them
[Image: named_service.png]
Here is the other log
[Image: journal.png]

Im stuck and this part i would appreciate the help. Thanks
Reply
Thanks given by:
#2
RE: managed-key permission issue
The addition you made to the file has an extra " at the end of the line.


Answer updated.

You said you added:

Code:
managed-keys-directory "/var/named/dynamic";
But instead you added:

Code:
managed-keys-directory "/var/named/dynamic""
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#3
RE: managed-key permission issue
(04-06-2019, 06:49 AM)TGates Wrote: The addition you made to the file has an extra " at the end of the line.


Answer updated.

You said you added:

Code:
managed-keys-directory "/var/named/dynamic";
But instead you added:

Code:
managed-keys-directory "/var/named/dynamic""


You are absolutely right and quit the extra " and added ; at the end of the line and finally could restart the service but i still got 2 errors 

[Image: fix_.png]

It seems its chmod permission error?
Reply
Thanks given by:
#4
RE: managed-key permission issue
Correct, ensure all files and folders inside /etc/sentora/ are 755 permissions and owned by apache/httpd. Also /var/named/  folder is also 755 permissions and owned by bind.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#5
RE: managed-key permission issue
(04-06-2019, 07:37 AM)TGates Wrote: Correct, ensure all files and folders inside /etc/sentora/ are 755 permissions and owned by apache/httpd. Also /var/named/  folder is also 755 permissions and owned by bind.

As you said i already changes the permission of the folders and files to chmod 755 

here /var/named

[Image: named_chmod.png]

and here /etc/sentora

[Image: sentora_folder_chmod.png]

But i didnt undertand you when you said to change the owner of the folder sentora to apache/httpd you think you can explain me a bit more?

And for the folder named to change the owner to bind i tried but it appear an error saying that the user bind doesnt exist
[Image: chown_named.png]

That means its not installed bind?
Reply
Thanks given by:
#6
RE: managed-key permission issue
Looks like there are many permission problems. ALL Sentora files/folders should be owned and grouped by www-data:www-data (or apache:apache depending on OS)

What OS are you using? (I'm guessing CentOS because the info matches my virtual machine of CentOS)

Is this a new install? You may need to reset and start over.

Did you install Sentora as actual  root user? Using sudo will not work as explained in the install documentation.

Eh, I'm confused now... Even my VM shows the Sentora main as root:root??

fearworks, can you confirm this? Any ideas what the issue is? (I'm more affluent with Ubuntu than CentOS Confused )
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#7
RE: managed-key permission issue
(04-07-2019, 07:18 AM)TGates Wrote: Looks like there are many permission problems. ALL Sentora files/folders should be owned and grouped by www-data:www-data (or apache:apache depending on OS)

What OS are you using? (I'm guessing CentOS because the info matches my virtual machine of CentOS)

Is this a new install? You may need to reset and start over.

Did you install Sentora as actual  root user? Using sudo will not work as explained in the install documentation.

Eh, I'm confused now... Even my VM shows the Sentora main as root:root??

@[fearworks], can you confirm this? Any ideas what the issue is? (I'm more affluent with Ubuntu than CentOS Confused )

All of my permissions are the same as the OP's. Even my Sentora folder is root:root, so I'm guessing that CentOS have changed things since Sentora's 2015 release? I've not had permissions issues with anything so for me this has always been the setup and it has been working without issue.

As for the error message, I also have those lines in my bind logs, and they are to do with the service being stopped (including when restarted). If you look here:

https://bugzilla.redhat.com/show_bug.cgi?id=1487823

you will see a discussion about the issue, which is linked to permissions on the named home directory. AFAIK the inability to write these NTA files is irrelevant to the way bind is used by Sentora so TBH, I don't care about the entries. However if we want to fix this I have just tried:


Code:
chmod 775 /var/named/


and now whenever I restart the named service those errors aren't being generated.

So, in summary, there's some sort of bug in the release of bind used by CentOS 7 (and maybe others?) that seems to alter the permissions of the directory in question upon installation, and we have to change these permissions back to allow writing.

That's my assessment of the situation, but as I'm not an expert I could be completely wrong, so if you think I am - tell me! Smile

Keith.
Reply
Thanks given by:
#8
RE: managed-key permission issue
(04-07-2019, 05:21 PM)fearworks Wrote: All of my permissions are the same as the OP's. Even my Sentora folder is root:root, so I'm guessing that CentOS have changed things since Sentora's 2015 release? I've not had permissions issues with anything so for me this has always been the setup and it has been working without issue.

As for the error message, I also have those lines in my bind logs, and they are to do with the service being stopped (including when restarted). If you look here:

https://bugzilla.redhat.com/show_bug.cgi?id=1487823

you will see a discussion about the issue, which is linked to permissions on the named home directory. AFAIK the inability to write these NTA files is irrelevant to the way bind is used by Sentora so TBH, I don't care about the entries. However if we want to fix this I have just tried:


Code:
chmod 775 /var/named/


and now whenever I restart the named service those errors aren't being generated.

So, in summary, there's some sort of bug in the release of bind used by CentOS 7 (and maybe others?) that seems to alter the permissions of the directory in question upon installation, and we have to change these permissions back to allow writing.

That's my assessment of the situation, but as I'm not an expert I could be completely wrong, so if you think I am - tell me! Smile

Keith.

Hi all forgive me for the late response.

I changed the named to chmod 755 as you said and restarted the service and seems that no more erros writting nta files appeared


[Image: dns_logs.png]

Despite there is no errors in the bid log, when i try to nagivate to the url of my domain i still got dns error like this
[Image: domain_error.png]

and still no idea what error could be
Reply
Thanks given by:
#9
RE: managed-key permission issue
(04-09-2019, 02:52 AM)Juan Pablo Wrote: Despite there is no errors in the bid log, when i try to nagivate to the url of my domain i still got dns error like this
[Image: domain_error.png]

and still no idea what error could be

I think that is probably a separate issue.

It could be incorrect DNS settings, a firewall blocking your server, or even something wrong with apache.

Assuming the domain is adharagrill.mx, there appear to be a few issues with this domain, if you look it up here:

https://intodns.com/adharagrill.mx

Can you access your server's Sentora control panel? If so do you do this by IP address or using a domain name? What is the domain name if you use one? Or the IP address of your server?

Keith
Reply
Thanks given by:
#10
RE: managed-key permission issue
(04-09-2019, 03:03 AM)fearworks Wrote: I think that is probably a separate issue.

It could be incorrect DNS settings, a firewall blocking your server, or even something wrong with apache.

Assuming the domain is adharagrill.mx, there appear to be a few issues with this domain, if you look it up here:

https://intodns.com/adharagrill.mx

Can you access your server's Sentora control panel? If so do you do this by IP address or using a domain name? What is the domain name if you use one? Or the IP address of your server?

Keith


I access to Sentora control Panel by  domain but can do by ip too, in this case: http://administrador.peninsulardehoteles.info/ 

the domain http://peninsulardehoteles.info/ it shows perfect i even set and example web page to see if it show and works normaly
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
DNS MX record issue rsthomas 5 7 ,315 10-19-2022, 05:39 AM
Last Post: fearworks
Issue accessing/pinging 2nd installed domain Fudnut 9 26 ,043 03-14-2019, 04:33 PM
Last Post: fearworks
Cloudflare issue with sentora testing 3 11 ,805 11-21-2017, 07:35 PM
Last Post: Me.B

Forum Jump:


Users browsing this thread: 3 Guest(s)