15
submitted 2 months ago by Findmysec@infosec.pub to c/linux@lemmy.ml

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

all 9 comments
sorted by: hot top controversial new old
[-] Lost_USB_Stick@lemmy.ca 2 points 2 months ago

Chatgpt hope it helps looks like the permissions and ownership setup in your CONTAINERFILE might have a minor issue. Specifically, the chmod command you're using might not be setting the directory permissions correctly. Directories usually need execute permissions for traversal. Here’s a refined version of your CONTAINERFILE to ensure the bind user has the correct permissions:FROM debian

ENV LC_ALL C.UTF-8

Update and upgrade system

RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

Install BIND 9 and sudo (for debugging if needed)

RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

Configure permissions for BIND directories

RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind RUN chmod 770 /var/cache/bind /var/lib/bind /var/log/bind

Create and configure log files

RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log RUN chown -R bind:bind /var/log/bind RUN chmod 660 /var/log/bind/*.log

Define volumes

VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

Set the entrypoint to the named executable

ENTRYPOINT ["/usr/sbin/named"]

Set the default command arguments for the named executable

CMD ["-g"]Changes Made:Directory Permissions: Changed the permissions of the directories to 770 to ensure that the bind user can read, write, and execute (necessary for accessing the directory).Log File Permissions: Adjusted the log file permissions to 660 to ensure that only the bind user (and group, if applicable) can read and write.Explanation:chmod 770: Grants read, write, and execute permissions to the owner and the group. The execute permission is necessary for directories so that users can access their contents.chmod 660: Grants read and write permissions to the owner and the group for the log files, which is typically sufficient.Give this updated CONTAINERFILE a try and see if it resolves the permissions issue you're encountering

[-] liliumstar@lemmy.dbzer0.com 2 points 2 months ago

The very brief summary: You need 7 perms on directories to write to them. So, 774, 770, or what have you for user/group perms.

[-] Findmysec@infosec.pub 1 points 2 months ago

Thanks I changed it to chmod 755 and it worked

[-] bloodfart@lemmy.ml 2 points 2 months ago* (last edited 2 months ago)

Hey just a heads up, the permissions you needed weren’t “7”, but “+x”. +x is execute permissions. “+x” is a user or groups ability to execute the file or (browse the) directory. The number is an expression of some user or groups ability to read, write and execute all in one convient character. It’s calculated by adding together the numerical values of read, write and execute permissions when read is 4, write is 2 and execute is 1.

So with all of them enabled you’d add up all three numbers and come up with 7, full permissions. R+x is 5 and r+w is 6 etc. there are eight different possibilities.

The reason it’s done that way is from long ago, before acls, when data about files had to be stored in simple ways on tiny file systems. The permissions for a file were half a byte, and stored not as “0-7” but as three bits. If the first one was a “1” you could read, if the second one was the same you could write and so on.

e: the whole point of saying this post was that knowing all i just wrote, a person can decypher old and new discussions on their problems that use language like "the execute bit" or "set the read bit".

[-] Findmysec@infosec.pub 1 points 2 months ago

Thanks, since the user would need to read write and execute permissions to the directory, I put in chmod 775

[-] zewm@lemmy.world 1 points 2 months ago

Looks like it tries to mkdir a directory that it doesn’t have permission to.

Start checking what the perms are on the parent directory?

[-] OWO_I_OWO@sh.itjust.works 1 points 2 months ago

For future references

this post was submitted on 26 Jul 2024
15 points (100.0% liked)

Linux

47746 readers
722 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS