Any ideas why bind is putting the tmp files in the [chroot]/var/named directory and not in /tmp or /var/tmp?
[root@devserver21 chroot]# Aug 15 14:08:21 devserver21 named[5101]: loading configuration from '/etc/named.conf' Aug 15 14:08:21 devserver21 named: named reload succeeded Aug 15 14:08:21 devserver21 named[5101]: dumping master file: tmp-XXXXQ5X9mC: open: permission denied Aug 15 14:08:21 devserver21 named[5101]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.10#53: failed while receiving responses: permission denied Aug 15 14:08:21 devserver21 named[5101]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.10#53: end of transfer
[root@devserver21 chroot]# dir total 48 drwxr-x--- 7 root named 4096 Aug 15 14:07 . drwxr-x--- 5 root named 4096 Aug 12 12:45 .. drwxr-xr-- 2 root named 4096 Jul 29 15:09 dev drwxr-x--- 2 root named 4096 Jul 29 15:09 etc dr-xr-xr-x 118 root root 0 Aug 15 12:12 proc drwxrwxrwt 2 root root 4096 Aug 15 14:07 tmp drwxr-x--- 5 root named 4096 Mar 13 2003 var [root@devserver21 chroot]# cd var/ [root@devserver21 var]# dir total 40 drwxr-x--- 5 root named 4096 Mar 13 2003 . drwxr-x--- 7 root named 4096 Aug 15 14:07 .. drwxr-x--- 4 root named 4096 Aug 12 12:45 named drwxrwx--- 3 root named 4096 Mar 13 2003 run drwxrwxrwt 2 named named 4096 Mar 13 2003 tmp [root@devserver21 var]# chmod g+w named/ [root@devserver21 var]# /etc/init.d/named reload Reloading named: [ OK ] [root@devserver21 var]# Aug 15 14:09:46 devserver21 named[5101]: loading configuration from '/etc/named.conf' Aug 15 14:09:46 devserver21 named: named reload succeeded Aug 15 14:09:46 devserver21 kernel: audit(1250359786.568:31): avc: denied { write } for pid=5103 comm="named" name="named" dev=dm-0 ino=28148843 scontext=user_u:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir Aug 15 14:09:46 devserver21 kernel: audit(1250359786.568:32): avc: denied { add_name } for pid=5103 comm="named" name="tmp-XXXXtGN8y7" scontext=user_u:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir Aug 15 14:09:46 devserver21 kernel: audit(1250359786.573:33): avc: denied { create } for pid=5103 comm="named" name="tmp-XXXXtGN8y7" scontext=user_u:system_r:named_t tcontext=user_u:object_r:named_zone_t tclass=file Aug 15 14:09:46 devserver21 kernel: audit(1250359786.574:34): avc: denied { write } for pid=5103 comm="named" name="tmp-XXXXtGN8y7" dev=dm-0 ino=28157362 scontext=user_u:system_r:named_t tcontext=user_u:object_r:named_zone_t tclass=file Aug 15 14:09:46 devserver21 kernel: audit(1250359786.579:35): avc: denied { remove_name } for pid=5103 comm="named" name="tmp-XXXXtGN8y7" dev=dm-0 ino=28157362 scontext=user_u:system_r:named_t tcontext=system_u:object_r:named_zone_t tclass=dir Aug 15 14:09:46 devserver21 kernel: audit(1250359786.579:36): avc: denied { rename } for pid=5103 comm="named" name="tmp-XXXXtGN8y7" dev=dm-0 ino=28157362 scontext=user_u:system_r:named_t tcontext=user_u:object_r:named_zone_t tclass=file Aug 15 14:09:46 devserver21 named[5101]: zone 1.168.192.in-addr.arpa/IN: transferred serial 2008072300 Aug 15 14:09:46 devserver21 kernel: audit(1250359786.579:37): avc: denied { setattr } for pid=5103 comm="named" name="1.168.192.rev" dev=dm-0 ino=28157362 scontext=user_u:system_r:named_t tcontext=user_u:object_r:named_zone_t tclass=file Aug 15 14:09:46 devserver21 named[5101]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.10#53: end of transfer Aug 15 14:09:46 devserver21 named[5101]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2008072300)
[root@devserver21 var]#
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.