[Pdns-users] pdns-recursor Permissions Error

Steve Shipway steve.shipway at smxemail.com
Sat Jan 11 07:53:08 UTC 2020 

From what I can see, your snmpd system will run /usr/local/bin/pdns_stats as the snmpd user. This user does not have write permission to the /var/run/pdns-recursor directory and so you get the error.
You could either make the /var/run/pdns-recursor mode 775 and group snmpd; or maybe add the snmpd user to the pdns group and make the directory mode 775. Note that you also need to have the same mode and ownership on the socket.
Hope this helps, sorry for the slow reply have been very busy
Steve


> On 09 January 2020 at 18:24 Sharone <missakiiki at gmail.com> wrote:
> 
>     Hello Steve,
> 
>     I appreciate your response. Below is what is inside  /etc/snmp/snmpd.conf file
> 
>     rocommunity public
>     syslocation "Data Center"
>     syscontact admin at techs.co.ug mailto:admin at techs.co.ug
>     createUser admin SHA admin123! AES admin123!
>     rouser admin authPriv
>     extend pdns-rec /usr/local/bin/pdns_stats
>     agentAddress udp:161,udp6:[::1]:161
> 
>     /etc/default/snmpd
> 
>     # This file controls the activity of snmpd
> 
>     # Don't load any MIBs by default.
>     # You might comment this lines once you have the MIBs downloaded.
>     export MIBS=
> 
>     # snmpd control (yes means start daemon).
>     SNMPDRUN=yes
> 
>     # snmpd options (use syslog, close stdin/out/err).
>     SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
> 
>     snmp service status
> 
>     # systemctl status snmpd.service
>     ● snmpd.service - LSB: SNMP agents
>        Loaded: loaded (/etc/init.d/snmpd; bad; vendor preset: enabled)
>        Active: active (running) since Thu 2020-01-09 08:24:04 EAT; 4s ago
>          Docs: man:systemd-sysv-generator(8)
>       Process: 694 ExecStop=/etc/init.d/snmpd stop (code=exited, status=0/SUCCESS)
>       Process: 703 ExecStart=/etc/init.d/snmpd start (code=exited, status=0/SUCCESS)
>         Tasks: 1
>        Memory: 4.3M
>           CPU: 66ms
>        CGroup: /system.slice/snmpd.service
>                └─710 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid
> 
>     Jan 09 08:24:04 vdns-50 systemd[1]: Starting LSB: SNMP agents...
>     Jan 09 08:24:04 vdns-50 snmpd[703]:  * Starting SNMP services:
>     Jan 09 08:24:04 vdns-50 systemd[1]: Started LSB: SNMP agents.
>     Jan 09 08:24:04 vdns-50 snmpd[710]: NET-SNMP version 5.7.3
> 
>     Regards,
>     Sharone
> 
> 
>     On Wed, 8 Jan 2020 at 22:35, Steve Shipway < steve.shipway at smxemail.com mailto:steve.shipway at smxemail.com > wrote:
> 
>         > >         On Wed, 2020-01-08 at 09:20 +0300, Sharone wrote:
> > 
> >             > > >             # snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2.4.1.2
> > >             iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.100.110.115.45.114.101.99.1 = STRING: "Fatal: Unable to generate local temporary file in directory '/var/run/pdns-recursor': Permission denied"
> > > 
> > >         > > 
> >         A couple of thoughts here .  Either
> >         - SElinux is doing its magic and blocking - this should be logged in the syslog if so, or
> >         - Your SNMP is running with chroot enabled and /var/run/pdns-recursor doesn't exist in the chroot environment
> >         -  rec_control is trying to generate a tmp file as the snmp user so doesn't have write permission.
> >         - Your SNMP daemon is using a temporary file for the rec_control output which it is trying to put in /var/run/pdns-recursor
> > 
> >         Being able to see your snmp daemon configuration would probably help with diagnosing this, so please post it here if possible.
> > 
> >         Steve
> > 
> > 
> >         --
> >         Steve Shipway | Senior Email Systems Administrator 
> >         Phone: +64 9 302 0515 Fax: +64 9 302 0518 
> >         Freephone: 0800 SMX SMX (769 769) 
> >         SMX Limited: Level 10, 19 Victoria Street West, Auckland, New Zealand 
> >         Web: http://smxemail.com/  
> > 
> > 
> > 
> > 
> > 
> >         This email has been  filtered by SMX. For more information visit http://smxemail.com/
> > 
> > 
> > 
> > 
> >         _______________________________________________
> >         Pdns-users mailing list
> >         Pdns-users at mailman.powerdns.com mailto:Pdns-users at mailman.powerdns.com
> >         https://mailman.powerdns.com/mailman/listinfo/pdns-users
> > 
> >     > 
 
_____________________________________________________________________________

This email has been filtered by SMX. For more info visit http://smxemail.com
_____________________________________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200111/5deed278/attachment.htm>

More information about the Pdns-users mailing list