Environment
Novell DHCP
Situation
The novell-dhcp daemon will load and function properly for an hour and then stop handing out addresses.
At the console as root an
“rcnovell-dhcp restart” command reloads the daemon and it works for
another hour.
In the /var/log/dhcpd.log file right before it stops there is an error message: dhcpd: "Can't create new lease file: Permission denied"
When the novell-dhcp daemon first
loads it uses the root user to interact with and/or create
configuration and log files.
An hour later when the maintenance
process works with the /var/lib/dhcp/db/dhcp-leases file the
novell-dhcp daemon uses the dhcpd user. The owner of the file
is now the dhcpd user. This is a LUM enabled user with rights
to the volume or folder where the dhcp-leases file exists. (By
Default: /var/lib/dhcp/db)
If this user does not exist, or is not LUM enabled, or does not have rights, the maintenance process will fail and future IP address will not be handed out.
The maintenance process keeps /var/lib/dhcp/db/dhcp-leases from growing out of control.
Resolution
/usr/bin/getent passwd
If there isn't a dhcpd user, then create one using useradd.
useradd dhcpd
Verify that the user is a member of a LUM enabled group. The default is the DHCPGroup.
/usr/bin/getent group | grep dhcpd
Hint: If the dhcpd user does not belong to the DHCPGroup or another LUM enabled group use iManager > Linux User Management > Enable Users for Linux... to LUM enable the dhcpd user or the group that it belongs to.
Verify that the user has rights to the directory where the dhcp-leases file resides. (Default is: /var/lib/dhcp/db)
Hint: chmod 777 /var/lib/dhcp/db (This will make it so that everyone has rights to modify this file and allother files in this directory. If this test works, then you know it was a rights issue and rather than allowing everyone rights you can go back and limit the rights using the chmod command and test again.)
If the dhcp-leases file is stored on an NSS volume, verify that it has been enabled for hard link support.
In ncsscon
nss /ZLSSUpgradeCurrentVolumeMediaFormat=VolName
nss /hardlinks=VolName
These steps will ensure that the dhcpd user and volume are configured so that the novell-dhcp daemon can maintain the dhcp-leases file and continue handing out addresses.
Additional Information
To see if apparmor is blocking the dhcpd user you can run apparmor in complain mode. See he Novell AppArmor Administration Guide:
https://www.novell.com/documentation/apparmor/book_apparmor21_admin/?page=/documentation/apparmor/book_apparmor21_admin/data/book_apparmor_admin.html
Another test would be to simply disable / unload apparmor like this:
:This will unload apparmor if it is currently loaded
/etc/init.d/boot.apparmor stop <enter>l
: This will show if apparmor is configured to load on boot
chkconfig -A | grep -i app <enter>
:This will configure apparmor to not load on boot
chkconfig boot.apparmor stop <enter>