A few days ago, while reloading DNS on a server, I noticed an issue in the log:
Jul 31 11:29:50 admin named: the working directory is not writable
First, let's talk about how this error was caught. When doing various tasks, I often
tail the log to watch the process do its thing. In this case, here's what I did:
$ sudo ls
$ rndc reload; sudo tail -f /var/log/messages
Why start off with the
sudo ls? Essentially, all I'm doing is getting my password issues out of the way so that when I issue the
sudo tail command, I won't be bothered with password stuff. If you don't do this, then you'll be asked for your password before the
tail, and you'll likely miss seeing the messages that pop up pertaining to your
So, after doing that, I saw the aforementioned log message. Based on the log message, I assumed that there was some sort of permissions issue here. However, we've been using BIND for a while, so it would surprise me that we have a basic permissions issue. But in my investigation (yea for Google), that was exactly the problem: the named directory was not group writable and needed to be.
Changing the named directory's permissions was an easy trick. After changing into named's parent directory (in our case, that's a rather complicated deal: /var/named/chroot/var/), I simply issued this command:
$ sudo chmod g+w named
This command makes the directory writable by the group and not just the owner (the permissions should look something like this: "drwxrwx–––"). I reloaded, and the error no longer popped up in the logs.