Today I was reviewing my server logs and noticed the following error:
“ the working directory is not writable: 1 Time(s)”
The solution to this error can be found here: http://slaptijack.com/system-administration/dnsbind-issue-named-the-working-directory-is-not-writable/comment-page-1/#comment-19370
Here is a summary of the solution:
cd /var/named/chroot/var/
ls -la
If you see group not writable on the named directory like the following:
drwxr-x— 4 root named 4096 JanĀ 9 01:56 named/
issue the following commands:
chmod g+w named
rndc reload
The log file should no longer show this error.
More From FamousPhil.com
Tags: bind, named, not writeable
Posted in Hosting / Server Administration
Are you sure that you really *want* named to be able to write to that directory? Doesn’t that allow exploits to wipe out your configuration and insert their own bogus configuration?
I realize your change gets rid of the log messages. However, I think the “fix” makes your system less secure.
That is a good point that I probably should have covered. It does make my system less secure, but it does get rid of the errors that I have to read through in the logs. I believe I am one of the few admins that actually cares enough to read through logs entirely without parsers and it takes a lot of time to do. It also helps me optimize everything.
Because of the time I spend reading through errors like this, I don’t really mind having a slightly more insecure system because I have full system backups, I limit user access, and I monitor for any modifications to files that are not within the /home directory. So even if an exploit was discovered before I knew about it (it has happened once in the past 5 years), I’d still have everything repaired within 30 minutes of the initial exploit into my system.