Hi everyone,
This is my CONTAINERFILE
for Bind9:
FROM debian
ENV LC_ALL C.UTF-8
# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo
# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind
# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log
# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]
# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]
# Set the default command arguments for the named executable
CMD ["-g"]
I keep getting this error when I run it with podman:
26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied
As you can see from the CONTAINERFILE
, the bind
user should be able to read and write to /var/cache/bind
but for some reason it doesn’t.
I have been at this for a while and I’m at my wits end. Your help is appreciated!
Hey just a heads up, the permissions you needed weren’t “7”, but “+x”. +x is execute permissions. “+x” is a user or groups ability to execute the file or (browse the) directory. The number is an expression of some user or groups ability to read, write and execute all in one convient character. It’s calculated by adding together the numerical values of read, write and execute permissions when read is 4, write is 2 and execute is 1.
So with all of them enabled you’d add up all three numbers and come up with 7, full permissions. R+x is 5 and r+w is 6 etc. there are eight different possibilities.
The reason it’s done that way is from long ago, before acls, when data about files had to be stored in simple ways on tiny file systems. The permissions for a file were half a byte, and stored not as “0-7” but as three bits. If the first one was a “1” you could read, if the second one was the same you could write and so on.
Thanks, since the user would need to read write and execute permissions to the directory, I put in
chmod 775