Bind suddenly fails to restart
Answered
Oke this was odd. I made a zone change and restarted named.
Then named failed to restart.
Now this was what caught my attention:
Apr 11 19:25:26 srv.myserver.nl named[2391055]: could not configure root hints from '/var/named/named.ca': permission denied
Apr 11 19:25:26 srv.myserver.nl named[2391055]: loading configuration: permission denied
Apr 11 19:25:26 srv.myserver.nl named[2391055]: exiting (due to fatal error)
Apr 11 19:25:26 srv.myserver.nl systemd[1]: named.service: Control process exited, code=exited,
A permission denied????
So I checked the /var/named directory and seen lots of files being owned by named.named but also a lot owned by root.root.
Also this named.ca was owned by root only.
This is odd, because we only work via WHM and didn't change anything here.
This is on cPanel version 126.0.13
Now to fix it fastly so sites would work again, I used this command:
chown named. *
And instantly named/bind started again without issues.
However. I wonder if it must be changed in a better way. The named directory in /var looks like this:
drwxrwx--- 8 root named 4.0K 2025-04-11 19:29 named
and in the /var/named there are still the cache and data directory in which all is still root.
So my question is, should I change owner recursively like:
cd /var/named
chown named. * -R
Or is it normal that files in there are owned by root and if yes, why is named.ca then owned by root causing named not to restart because of permission error?
-
Hey there! Yes it is normal to have files owned by root in that directory. You should never run commands with unterminated wildcards - if you were in the wrong directory by accident it could destroy your server. It's much safer to include the full path when using a wildcard.
/var/named/named.ca on my personal system is 640 with root:named ownership.
0 -
I can put it back. I've experience with those commands, but thanks for the warning anyway.
However I've never used these on cPanel before, only on another panel.For the named (I fixed the named.ca now) it looked like this before:
-rw-r--r-- 1 named named 427 2025-04-03 17:54 named.broadcast
-rwxr----- 1 root named 2.1K 2025-04-03 17:54 named.ca
-rw-r----- 1 named named 152 2025-04-03 17:54 named.empty
-rw-r--r-- 1 named named 424 2025-04-03 17:54 named.ip6.local
-rw-r--r-- 1 named named 426 2025-04-03 17:54 named.local
-rw-r----- 1 named named 152 2025-04-03 17:54 named.localhost
-rw-r----- 1 named named 168 2025-04-03 17:54 named.loopback
-rw-r--r-- 1 named named 774 2025-04-03 17:54 named.rfc1912.zones
-rw-r--r-- 1 named named 427 2025-04-03 17:54 named.zeroExcept that it was root/named or root/root. Doesn't seem correct to me and we did not touch it before.
Does cPanel heb a command to set all ownerships correctly again at once?
Or if not, can you also tell me the what the correct should be? For these named and the domain names?
In /var/named/cache I've seen it's all like this too for everything (also never touched it since installation):
-rw------- 1 root root 6.3K 2025-04-03 17:54 somedomain.com.db0 -
-rw-r----- 1 root named 2112 Feb 20 11:05 /var/named/named.ca
in all our servers, i.e. 640, not 740
1 -
There is no command to reset permissions on a cPanel server. Here is what that directory looks like, with dnstest.com being an example zone:
drwxr-xr-x. 8 named named 4.0K Apr 11 08:12 .
drwxr-xr-x. 30 root root 4.0K Apr 9 05:34 ..
drwx------. 2 named named 4.0K Apr 11 08:12 cache
drwxrwx---. 2 named named 4.0K Feb 20 04:05 data
-rw------- 1 named named 545 Dec 2 21:54 dnsteset.com.db
drwxrwx---. 2 named named 4.0K Feb 20 04:05 dynamic
-rw-r--r--. 1 named named 198 Dec 8 2006 localdomain.zone
-rw-r--r--. 1 named named 195 Dec 8 2006 localhost.zone
-rw-r--r--. 1 named named 427 Dec 8 2006 named.broadcast
-rw-r----- 1 root named 2.1K Feb 20 04:05 named.ca
-rw-r-----. 1 root named 152 Feb 20 04:05 named.empty
-rw-r--r--. 1 named named 424 Dec 8 2006 named.ip6.local
-rw-r--r--. 1 named named 426 Dec 8 2006 named.local
-rw-r-----. 1 root named 152 Feb 20 04:05 named.localhost
-rw-r-----. 1 root named 168 Feb 20 04:05 named.loopback
-rw-r--r--. 1 named named 774 Mar 8 2022 named.rfc1912.zones
-rw-r--r--. 1 named named 427 Dec 8 2006 named.zero
drwx------. 2 named named 4.0K Dec 17 10:13 ns_parse_cache
drwx------. 2 named named 4.0K Dec 17 10:13 parse_cache
drwxrwx---. 2 named named 4.0K Feb 20 04:05 slaves1 -
Thank you quietFinn
I could also not remember ever having an executable flag in the /var/named directory.
CpRex might have made a typo here.Are al the named.* files for root.named and all domain files too? Or is it correct that all domain files are root.root?
0 -
Yes, that was 640 - I edited my post just a minute ago :D
0 -
No problem. Can happen.
Odd.. I used the backup option several days ago.
https://support.cpanel.net/hc/en-us/articles/360044991473-Bulk-edits-to-your-DNS-Zones
Then after a change, I just copied that backup back. But this backup is all root.root so I'm still wondering how this coud have changed.
Unless that copy command in that doc caused it.Thank you for the example, I can fix my named directory accordingly again.
0 -
Correct - also the actual zones are named:named
1 -
Additionally, and this is something I never changed... Looks like this is different with me. This server is installed in december last year.
drwxrwx--- 8 root named 4.0K 2025-04-11 22:52 .
drwxr-xr-x. 25 root root 4.0K 2025-04-09 21:06 ..And when I look in the /var directory, it looks like this:
drwxrwx--- 8 root named 4.0K 2025-04-11 22:52 namedIn your example it states named:named there on the first line (in /var/named).
Does this mean in the /var/ directory the named dir must me changed from root.named to named.named? And any clue on how this is changed? Or is it done this way on recent installations (like mine in december)?
0 -
All of the "root" directories (/var, /etc, /home) are all root:root
0 -
I ment the /named directory under /var.
So /var/named.
Because in /var/named your first line is:
drwxr-xr-x. 8 named named 4.0K Apr 11 08:12 .
This can only be the case like this if the /var/named directory is set to named.named otherwise it would be root:named like I have it in the /var/directory.
drwxr-xr-x. 17 root root 4.0K 2025-04-11 22:55 log
lrwxrwxrwx 1 root root 10 2024-10-02 23:00 mail -> spool/mail
drwxrwx--- 8 root named 4.0K 2025-04-11 22:52 named0 -
/var/named is 755 named:named
1 -
Great, so I was right. Thank you.
Just wondering how it became root:named then in the first place as we never changed anything december. Except for making and creating that backup with the backup command mentioned of the named directory, never touched the /var/ or /var/named owners.
Anyway will fix that too then, thank you!
0 -
Some directory's /named directory have different permissions as in your example.
Could this (and the above) be caused by the transfer import from the old server when transferring everything?
Directory's in named are like this (was root:root before):drwx------ 2 named named 4.0K 2025-04-11 20:23 cache
drwxr-x--- 2 named named 4.0K 2025-04-03 17:54 data
drwxr-x--- 2 named named 4.0K 2025-04-03 17:54 dynamic
drwx------ 2 named named 4.0K 2025-04-03 17:54 ns_parse_cache
drwx------ 2 named named 4.0K 2025-04-03 17:54 parse_cache
drwxr-x--- 2 named named 4.0K 2025-04-03 17:54 slaves0 -
When you create the backup directory with command:
cp -rf /var/named{,.backup}then /var/named.backup and all files in it are owned by root.
You should use this command instead:
cp -rfp /var/named{,.backup}If you look cp manpage it says:
-p same as --preserve=mode,ownership,timestamps1 -
Thank you quietFinn
Then that explains how all files became root. Still not how /var/named became root:root though.
Anyway, maybe cPRex could give notice to fix that command in the cPanel doc I linked to, because there the -p flag is not mentioned so chances are this might happen again in the future.0 -
For sure - that's not a great command, and I've edited that now.
1 -
Fixed it, can be marked as solved! Thank you both!
1
Please sign in to leave a comment.
Comments
18 comments