[Opendnssec-user] ods-signer

Jerry Lundström jerry at opendnssec.org
Mon Jan 2 08:34:25 UTC 2012


Hi,

Try running it like this in cron:
bash -x <script.sh> >>/tmp/ods-cron.log 2>&1

Then check the logfile in tmp, dmesg and syslog.

There can be lots of things blocking it in cron, special
SELinux/AppArmor/etc restrictions, access to the command pipe or file
access issues.
All this should be solvable without doing 777 on files/directory which
is very bad for security.

/Jerry

On 2 jan 2012, at 08:43, Bryton <bryton at tznic.or.tz> wrote:

>
> Hi,
>
> I am having one strange problem,
>
> I created a script that signs and update the ds to the parent zone as
> follows...
>
> ods-signer sign me.ne.mm
> ods-ksmutil key export --zone me.ne.mm --ds --keystate active >
> /home/mylaptop/me.ne.mm.ds
> cat /home/mylaptop/me.ne.mm.ds >> /var/lib/opendnssec/unsigned/ne.mm
>
> when I execute the script it works fine.....
>
> But when I add it to crontab so that it runs automatically it does not work
>
> I have tried to change the permision on /var/lib/opendnssec/signed to
> allow 775 or 777 but did not work.....
>
> I have also tried to add a crontab -e -u opendnssec to ensure the script
> runs under opendnssec user still fails...
>
> Any idea?
>
> --
> [ Bryton | Systems Engineer | .tzNIC | www.tznic.or.tz | PGP F1D2D0BC  ]
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user



More information about the Opendnssec-user mailing list