Posts: 10
Threads: 1
Joined: Apr 2019
Reputation:
0
Sex: Male
Thanks: 0
Given 0 thank(s) in 0 post(s)
managed-key permission issue
04-06-2019, 05:33 AM
(This post was last modified: 04-06-2019, 06:11 AM by Juan Pablo.)
Hi all good afternoon first of all forgive me for my english, in not good at it, second im preatty new at sentora i managed to install following the tutorial of the official page, all went good but when i tried to add a new domain and generate de dns in the sentora panel it shows me an error when i navigate to the url of the domain throwing me a dns error i searched and found the logs of bind
I followed another thread with similar issues i they said i had to edit /etc/named.conf file adding this line of code
Code: managed-keys-directory "/var/named/dynamic";
I edited the file and it looks like this
After that i followed the other steps of the thread to do thr rm and restart commands but then appears and error
I tried to seek for those logs and found them
Here is the other log
Im stuck and this part i would appreciate the help. Thanks
Posts: 3 ,665
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 600 thank(s) in 465 post(s)
RE: managed-key permission issue
04-06-2019, 06:49 AM
The addition you made to the file has an extra " at the end of the line .
Answer updated.
You said you added:
Code: managed-keys-directory "/var/named/dynamic";
But instead you added:
Code: managed-keys-directory "/var/named/dynamic""
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 10
Threads: 1
Joined: Apr 2019
Reputation:
0
Sex: Male
Thanks: 0
Given 0 thank(s) in 0 post(s)
RE: managed-key permission issue
04-06-2019, 07:07 AM
(04-06-2019, 06:49 AM)TGates Wrote: The addition you made to the file has an extra " at the end of the line.
Answer updated.
You said you added:
Code: managed-keys-directory "/var/named/dynamic";
But instead you added:
Code: managed-keys-directory "/var/named/dynamic""
You are absolutely right and quit the extra " and added ; at the end of the line and finally could restart the service but i still got 2 errors
It seems its chmod permission error?
Posts: 3 ,665
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 600 thank(s) in 465 post(s)
RE: managed-key permission issue
04-06-2019, 07:37 AM
Correct, ensure all files and folders inside /etc/sentora/ are 755 permissions and owned by apache/httpd. Also /var/named/ folder is also 755 permissions and owned by bind.
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 10
Threads: 1
Joined: Apr 2019
Reputation:
0
Sex: Male
Thanks: 0
Given 0 thank(s) in 0 post(s)
RE: managed-key permission issue
04-06-2019, 08:21 AM
(04-06-2019, 07:37 AM)TGates Wrote: Correct, ensure all files and folders inside /etc/sentora/ are 755 permissions and owned by apache/httpd. Also /var/named/ folder is also 755 permissions and owned by bind.
As you said i already changes the permission of the folders and files to chmod 755
here /var/named
and here /etc/sentora
But i didnt undertand you when you said to change the owner of the folder sentora to apache/httpd you think you can explain me a bit more?
And for the folder named to change the owner to bind i tried but it appear an error saying that the user bind doesnt exist
That means its not installed bind?
Posts: 3 ,665
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 600 thank(s) in 465 post(s)
RE: managed-key permission issue
04-07-2019, 07:18 AM
Looks like there are many permission problems. ALL Sentora files/folders should be owned and grouped by www-data:www-data (or apache:apache depending on OS)
What OS are you using? (I'm guessing CentOS because the info matches my virtual machine of CentOS)
Is this a new install? You may need to reset and start over.
Did you install Sentora as actual root user? Using sudo will not work as explained in the install documentation.
Eh, I'm confused now... Even my VM shows the Sentora main as root:root??
fearworks, can you confirm this? Any ideas what the issue is? (I'm more affluent with Ubuntu than CentOS )
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 208
Threads: 4
Joined: Jun 2018
Reputation:
8
Sex: Male
Thanks: 0
Given 37 thank(s) in 33 post(s)
RE: managed-key permission issue
04-07-2019, 05:21 PM
(04-07-2019, 07:18 AM)TGates Wrote: Looks like there are many permission problems. ALL Sentora files/folders should be owned and grouped by www-data:www-data (or apache:apache depending on OS)
What OS are you using? (I'm guessing CentOS because the info matches my virtual machine of CentOS)
Is this a new install? You may need to reset and start over.
Did you install Sentora as actual root user? Using sudo will not work as explained in the install documentation.
Eh, I'm confused now... Even my VM shows the Sentora main as root:root??
@[fearworks], can you confirm this? Any ideas what the issue is? (I'm more affluent with Ubuntu than CentOS )
All of my permissions are the same as the OP's. Even my Sentora folder is root:root, so I'm guessing that CentOS have changed things since Sentora's 2015 release? I've not had permissions issues with anything so for me this has always been the setup and it has been working without issue.
As for the error message, I also have those lines in my bind logs, and they are to do with the service being stopped (including when restarted). If you look here:
https://bugzilla.redhat.com/show_bug.cgi?id=1487823
you will see a discussion about the issue, which is linked to permissions on the named home directory. AFAIK the inability to write these NTA files is irrelevant to the way bind is used by Sentora so TBH, I don't care about the entries. However if we want to fix this I have just tried:
Code: chmod 775 /var/named/
and now whenever I restart the named service those errors aren't being generated.
So, in summary, there's some sort of bug in the release of bind used by CentOS 7 (and maybe others?) that seems to alter the permissions of the directory in question upon installation, and we have to change these permissions back to allow writing.
That's my assessment of the situation, but as I'm not an expert I could be completely wrong, so if you think I am - tell me!
Keith.
Posts: 10
Threads: 1
Joined: Apr 2019
Reputation:
0
Sex: Male
Thanks: 0
Given 0 thank(s) in 0 post(s)
RE: managed-key permission issue
04-09-2019, 02:52 AM
(04-07-2019, 05:21 PM)fearworks Wrote: All of my permissions are the same as the OP's. Even my Sentora folder is root:root, so I'm guessing that CentOS have changed things since Sentora's 2015 release? I've not had permissions issues with anything so for me this has always been the setup and it has been working without issue.
As for the error message, I also have those lines in my bind logs, and they are to do with the service being stopped (including when restarted). If you look here:
https://bugzilla.redhat.com/show_bug.cgi?id=1487823
you will see a discussion about the issue, which is linked to permissions on the named home directory. AFAIK the inability to write these NTA files is irrelevant to the way bind is used by Sentora so TBH, I don't care about the entries. However if we want to fix this I have just tried:
Code: chmod 775 /var/named/
and now whenever I restart the named service those errors aren't being generated.
So, in summary, there's some sort of bug in the release of bind used by CentOS 7 (and maybe others?) that seems to alter the permissions of the directory in question upon installation, and we have to change these permissions back to allow writing.
That's my assessment of the situation, but as I'm not an expert I could be completely wrong, so if you think I am - tell me!
Keith.
Hi all forgive me for the late response.
I changed the named to chmod 755 as you said and restarted the service and seems that no more erros writting nta files appeared
Despite there is no errors in the bid log, when i try to nagivate to the url of my domain i still got dns error like this
and still no idea what error could be
Posts: 208
Threads: 4
Joined: Jun 2018
Reputation:
8
Sex: Male
Thanks: 0
Given 37 thank(s) in 33 post(s)
RE: managed-key permission issue
04-09-2019, 03:03 AM
(04-09-2019, 02:52 AM)Juan Pablo Wrote: Despite there is no errors in the bid log, when i try to nagivate to the url of my domain i still got dns error like this
and still no idea what error could be
I think that is probably a separate issue.
It could be incorrect DNS settings, a firewall blocking your server, or even something wrong with apache.
Assuming the domain is adharagrill.mx, there appear to be a few issues with this domain, if you look it up here:
https://intodns.com/adharagrill.mx
Can you access your server's Sentora control panel? If so do you do this by IP address or using a domain name? What is the domain name if you use one? Or the IP address of your server?
Keith
Posts: 10
Threads: 1
Joined: Apr 2019
Reputation:
0
Sex: Male
Thanks: 0
Given 0 thank(s) in 0 post(s)
RE: managed-key permission issue
04-09-2019, 03:10 AM
(04-09-2019, 03:03 AM)fearworks Wrote: I think that is probably a separate issue.
It could be incorrect DNS settings, a firewall blocking your server, or even something wrong with apache.
Assuming the domain is adharagrill.mx, there appear to be a few issues with this domain, if you look it up here:
https://intodns.com/adharagrill.mx
Can you access your server's Sentora control panel? If so do you do this by IP address or using a domain name? What is the domain name if you use one? Or the IP address of your server?
Keith
I access to Sentora control Panel by domain but can do by ip too, in this case: http://administrador.peninsulardehoteles.info/
the domain http://peninsulardehoteles.info/ it shows perfect i even set and example web page to see if it show and works normaly
|