There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

[HELP NEEDED] Unable to figure out directory permissions

Hi everyone,

This is my CONTAINERFILE for Bind9:


<span style="color:#323232;">FROM debian
</span><span style="color:#323232;">
</span><span style="color:#323232;">ENV LC_ALL C.UTF-8
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Update and upgrade system
</span><span style="color:#323232;">RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Install BIND 9 and sudo (for debugging if needed)
</span><span style="color:#323232;">RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Configure permissions for BIND directories
</span><span style="color:#323232;">RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
</span><span style="color:#323232;">RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
</span><span style="color:#323232;">RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
</span><span style="color:#323232;">RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Create and configure log files
</span><span style="color:#323232;">RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
</span><span style="color:#323232;">RUN chown -R bind:bind /var/log/bind
</span><span style="color:#323232;">RUN chmod 644 /var/log/bind/*.log
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Define volumes
</span><span style="color:#323232;">VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Set the entrypoint to the named executable
</span><span style="color:#323232;">ENTRYPOINT ["/usr/sbin/named"]
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Set the default command arguments for the named executable
</span><span style="color:#323232;">CMD ["-g"]
</span>

I keep getting this error when I run it with podman:


<span style="color:#323232;">26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
</span><span style="color:#323232;">26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
</span><span style="color:#323232;">26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied
</span>

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn’t.

I have been at this for a while and I’m at my wits end. Your help is appreciated!

zewm ,
@zewm@lemmy.world avatar

Looks like it tries to mkdir a directory that it doesn’t have permission to.

Start checking what the perms are on the parent directory?

Lost_USB_Stick ,

Chatgpt hope it helps looks like the permissions and ownership setup in your CONTAINERFILE might have a minor issue. Specifically, the chmod command you’re using might not be setting the directory permissions correctly. Directories usually need execute permissions for traversal. Here’s a refined version of your CONTAINERFILE to ensure the bind user has the correct permissions:FROM debian

ENV LC_ALL C.UTF-8

Update and upgrade system

RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

Install BIND 9 and sudo (for debugging if needed)

RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

Configure permissions for BIND directories

RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind RUN chmod 770 /var/cache/bind /var/lib/bind /var/log/bind

Create and configure log files

RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log RUN chown -R bind:bind /var/log/bind RUN chmod 660 /var/log/bind/*.log

Define volumes

VOLUME [“/etc/bind”, “/var/cache/bind”, “/var/lib/bind”, “/var/log/bind”]

Set the entrypoint to the named executable

ENTRYPOINT [“/usr/sbin/named”]

Set the default command arguments for the named executable

CMD [“-g”]Changes Made:Directory Permissions: Changed the permissions of the directories to 770 to ensure that the bind user can read, write, and execute (necessary for accessing the directory).Log File Permissions: Adjusted the log file permissions to 660 to ensure that only the bind user (and group, if applicable) can read and write.Explanation:chmod 770: Grants read, write, and execute permissions to the owner and the group. The execute permission is necessary for directories so that users can access their contents.chmod 660: Grants read and write permissions to the owner and the group for the log files, which is typically sufficient.Give this updated CONTAINERFILE a try and see if it resolves the permissions issue you’re encountering

liliumstar ,

The very brief summary: You need 7 perms on directories to write to them. So, 774, 770, or what have you for user/group perms.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •