Quite likely nothing. I have not looked into why bind complains about
the working directory not being writable, but it does not cause a
problem for me.

And /var/log is owned by which user and has which permissions?

BIND is configured the default way to start chrooted?

Lars

I've yet to see an error free named log without having to intervene
manually. If it doesn't need to write to the working directory, then why
print the message? named has places under the working directory where it
can write. Who does it think it is? Would it at least be possible to
lose 'writable';)
L x

Hi.
Still no luck:
/etc/named.conf
options {
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
#dump-file "/var/log/named_dump.db";
#statistics-file "/var/log/named.stats";
produces:
Jan 27 18:34:36 hh3 named[2547]: the working directory is not writable

Yast SysConfig was used to change named to non-chroot

ls -la /var
drwxr-xr-x 12 root root 4096 Jan 27 18:28 log

The only way I can fix it is to change the working directory to named:named :(
L x

On Fri, Jan 27, 2012 at 06:49:58PM +0100, lynn wrote:
[ 8< ]
No further comment. You know it better anyway. :)
Which working directory are you talking about? Please name the path.

/var/log must not be owned by named.


It looks like your bind configuration leads to more write attempts at
different locations than in the default configuration case.

Either use AppArmor in complain mode to see what's going on or follow
the daemon with strace for example.

After you identified the location the next step is to find a fitting
runtime configuration parameter to adjust your config.

Cheers,

Lars

I had a lot of issue with bind because of AppArmor was running

Check the status of AppArmor, if it running shut it down, under
/etc/apparmor.d remove from that dir ( for now place it root) the
named file

Restart named

See if you are getting that error still, make sure that named owns
/var/lib/named

chown named.named /var/lib/named -R
--
Terror PUP a.k.a
Chuck "PUP" Payne

(678) 636-9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- en.opensuse.org/User:Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want
to package and distribute , or create your own linux distro. Give SUSE
Studio a try. www.susestudio.com.

/var/lib/named
ls -la /var
drwxr-xr-x 12 root root 4096 Jan 27 18:28 log
The only thing not default about this configuration is the non chroot.
Everything else is as it comes as of last update. Does changing to non
chroot cause this error?
Thanks,
L x

[ 8< ]
As stated before by security reasons this directory should be owned by
user and group root.
Have you tried this? Believe me, this will open your eyes.
Very, very likely not.

As I'm eating our own dog food I can proof the default configuration
works as expected.

The recent update only addressed the handling of the /var/run/named
file.

I would setup either a separate install in a virtual or chroot
environment. Or first look at the output of strace or AppArmor in
complain mode.

Lars

On Fri, Jan 27, 2012 at 01:46:36PM -0500, Chuck Payne wrote:
[ 8< ]¹
The bug IDs or better submit requests to fix them are which?
Bad and wrong. For missing the simple and straight security concept:
-20 points. ;)

Lars

¹ superfluous full quote purged.