[Opendnssec-user] ods-signerd: adapter failed (Unable to open file)

Berry A.W. van Halderen berry at nlnetlabs.nl
Fri Jun 1 08:14:21 UTC 2018 

Dear Randy,

On 05/30/2018 08:03 PM, Randy Bush wrote:
>> # grep File /etc/opendnssec/zonelist.xml
>>   <Adapter type="File">/var/opendnssec/unsigned/ca</Adapter>
>>   <Adapter type="File">/var/opendnssec/signed/ca</Adapter>
> 
> # ls -l /usr/local/var/opendnssec/unsigned/2001.0418.3807
> -rw-r--r--  1 opendnssec  staff  2581 Sep 17  2017 /usr/local/var/opendnssec/unsigned/2001.0418.3807
> # ls -ld /usr/local/var/opendnssec/unsigned 
> drwxrwxr-x  2 opendnssec  opendnssec  1024 May 30 15:33 /usr/local/var/opendnssec/unsigned/

These are only used for reading, so these wouldn't get the earlier
problem.

> # ls -ld /usr/home/dns/primary
> drwxrwsr-x  3 bind  bind  2048 May 27 15:10 /usr/home/dns/primary/
> # ls -l /usr/home/dns/primary/2001.0418.8006
> -rw-r--r--  1 opendnssec  bind  82491 May 27 15:10 /usr/home/dns/primary/2001.0418.8006

I guess you mention this because it is either specified in the <Adaptor>
part that indicated where the output file should go.  If this is indeed
the case, this will probably be the issue.  Even through
/usr/home/dns/primary/2001.0418.8006 is writable by the opendnssec user
(I guess you are running the signer as the opendnssec user id),
the directory in which it is contained is not.

The /usr/home/dns/primary needs to be writable as well.  The signer need
to write a new file (with .tmp appended) and then move this new
file over the old file.  Hence it will need write permissions on the
directory.  This procedure is necessary to make the action atomic as
the consumer of the file (bind or NSD) might decide to read file file
mid-way and that would be wrong.

If the above assumptions are not correct it might be related to
either the user id that the signer is running as or some other
setting in your conf.xml, for which I would then need more info.
But I suspect the above explanation.

\Berry

>> # grep -i working conf.xml
>>   <WorkingDirectory>/var/opendnssec/tmp</WorkingDirectory>
> 
> 
> # grep -i working /usr/local/etc/opendnssec/conf.xml
>                 <WorkingDirectory>/usr/local/var/opendnssec/tmp</WorkingDirectory>
>                 <WorkingDirectory>/usr/local/var/opendnssec/tmp</WorkingDirectory>
> # ls -ld /usr/local/var/opendnssec/tmp
> drwxr-xr-x  3 opendnssec  opendnssec  2560 May 30 15:54 /usr/local/var/opendnssec/tmp/
> 
> randy
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>

More information about the Opendnssec-user mailing list