group bind has users: dhcpd
group dhcpd has users: bind
apparmor.d/usr.sbin.named
apparmor.d/usr.sbin.dhcpd3
both have a line:
/etc/bind/** r, -> apparmor allows them to read the file.
/etc/bind is owned by bind:bind, rwxrwx---
/etc/bind/rndc.key is owned by bind:bind, rw-r----- -> named fails to read the file, dhcpd fails to read the file!!!!
/etc/bind/rndc.key is owned by bind:bind, rw-r--r-- -> (bad idea but: named can read the file, dhcpd can read the file).
I'd say: at the point in time named, dhcpd try to read the file they are running user bind (named), user dhcpd (dhcpd3) but not the required group!
Or: named and dhcpd try to open the file rw, failing because only reading is allowed.
I've tested again:
group bind has users: dhcpd
group dhcpd has users: bind
apparmor. d/usr.sbin. named d/usr.sbin. dhcpd3
apparmor.
both have a line:
/etc/bind/** r, -> apparmor allows them to read the file.
/etc/bind is owned by bind:bind, rwxrwx---
/etc/bind/rndc.key is owned by bind:bind, rw-r----- -> named fails to read the file, dhcpd fails to read the file!!!!
/etc/bind/rndc.key is owned by bind:bind, rw-r--r-- -> (bad idea but: named can read the file, dhcpd can read the file).
I'd say: at the point in time named, dhcpd try to read the file they are running user bind (named), user dhcpd (dhcpd3) but not the required group!
Or: named and dhcpd try to open the file rw, failing because only reading is allowed.