[Pdns-users] pdns-recursor Permissions Error

Otto Moerbeek otto.moerbeek at open-xchange.com
Fri Jan 10 09:56:45 UTC 2020


It looks like the rec_control line your snmpd.conf is triggering the
problem. Likely the snmd subsystem starts rec_control as a user that
does not have permission to write into /var/run/pdns-recursor.

You can try disabling (by commenting it out) the

extend pdns-rec /usr/local/bin/pdns_stats

line or, if you really need it, change the permissions of the
/var/run/pdns-recursor dir to include rwx for others.

Not that the latter might have security implications on your system. You
must decide if that is OK for you,

	-Otto


On 2020-01-09 06:24, Sharone wrote:
> Hello Steve,
> 
> I appreciate your response. Below is what is inside 
> /etc/snmp/snmpd.conf file
> 
> /rocommunity public
> syslocation "Data Center"
> syscontact admin at techs.co.ug <mailto:admin at techs.co.ug>
> createUser admin SHA admin123! AES admin123!
> rouser admin authPriv
> extend pdns-rec /usr/local/bin/pdns_stats
> agentAddress udp:161,udp6:[::1]:161/
> /
> /
> //
> /etc/default/snmpd
> /
> /
> /# This file controls the activity of snmpd
> 
> # Don't load any MIBs by default.
> # You might comment this lines once you have the MIBs downloaded.
> export MIBS=
> 
> # snmpd control (yes means start daemon).
> SNMPDRUN=yes
> 
> # snmpd options (use syslog, close stdin/out/err).
> SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I
> -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'/
> /
> /
> snmp service status/
> /
> /
> /
> /# systemctl status snmpd.service
> ● snmpd.service - LSB: SNMP agents
>    Loaded: loaded (/etc/init.d/snmpd; bad; vendor preset: enabled)
>    Active: active (running) since Thu 2020-01-09 08:24:04 EAT; 4s ago
>      Docs: man:systemd-sysv-generator(8)
>   Process: 694 ExecStop=/etc/init.d/snmpd stop (code=exited,
> status=0/SUCCESS)
>   Process: 703 ExecStart=/etc/init.d/snmpd start (code=exited,
> status=0/SUCCESS)
>     Tasks: 1
>    Memory: 4.3M
>       CPU: 66ms
>    CGroup: /system.slice/snmpd.service
>            └─710 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I
> -smux mteTrigger mteTriggerConf -p /run/snmpd.pid
> 
> Jan 09 08:24:04 vdns-50 systemd[1]: Starting LSB: SNMP agents...
> Jan 09 08:24:04 vdns-50 snmpd[703]:  * Starting SNMP services:
> Jan 09 08:24:04 vdns-50 systemd[1]: Started LSB: SNMP agents.
> Jan 09 08:24:04 vdns-50 snmpd[710]: NET-SNMP version 5.7.3
> /
> 
> Regards,
> Sharone
> 
> 
> On Wed, 8 Jan 2020 at 22:35, Steve Shipway <steve.shipway at smxemail.com
> <mailto:steve.shipway at smxemail.com>> wrote:
> 
>     On Wed, 2020-01-08 at 09:20 +0300, Sharone wrote:
>>     /# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2.4.1.2
>>     iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.100.110.115.45.114.101.99.1 =
>>     STRING: "Fatal: Unable to generate local temporary file in
>>     directory '/var/run/pdns-recursor': Permission denied"/
> 
>     A couple of thoughts here .  Either
>     - SElinux is doing its magic and blocking - this should be logged in
>     the syslog if so, or
>     - Your SNMP is running with chroot enabled and
>     /var/run/pdns-recursor doesn't exist in the chroot environment
>     -  rec_control is trying to generate a tmp file as the snmp user so
>     doesn't have write permission.
>     - Your SNMP daemon is using a temporary file for the rec_control
>     output which it is trying to put in /var/run/pdns-recursor
> 
>     Being able to see your snmp daemon configuration would probably help
>     with diagnosing this, so please post it here if possible.
> 
>     Steve
> 
> 
>     -- 
>     *Steve Shipway | *Senior Email Systems Administrator 
>     *Phone:* +64 9 302 0515 *Fax:* +64 9 302 0518 
>     *Freephone:* 0800 SMX SMX (769 769) 
>     *SMX Limited:* Level 10, 19 Victoria Street West, Auckland, New Zealand 
>     *Web:* http://smxemail.com <http://smxemail.com/> 
>     This email has been filtered by SMX. For more information
>     visit smxemail.com <http://smxemail.com/>
>     _______________________________________________
>     Pdns-users mailing list
>     Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
>     https://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
> 

-- 
kind regards,
Otto Moerbeek
PowerDNS Developer

Email: otto.moerbeek at open-xchange.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200110/5e81cafe/attachment.sig>


More information about the Pdns-users mailing list