Permission issues with ISC-DHCP server
Sometimes upon rising DHCP server informs about permission errors like
Can't open /etc/dhcp/dhcp.conf: permission denied
or
Can't open /var/lib/dhcp/dhcpd.leases: permission denied.
If after checking the permissions are found to be correct, check apparmor profile for dhcpd:
shell# sudo apparmor_status
apparmor module is loaded.
15 profiles are loaded.
15 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-thumbnailer
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/telepathy/mission-control-5
/usr/lib/telepathy/telepathy-*
/usr/sbin/cupsd
/usr/sbin/dhcpd
/usr/sbin/mysqld-akonadi
/usr/sbin/mysqld-akonadi///usr/sbin/mysqld
/usr/sbin/tcpdump
/usr/share/gdm/guest-session/Xsession
0 profiles are in complain mode.
4 processes have profiles defined.
4 processes are in enforce mode.
/sbin/dhclient (1092)
/sbin/dhclient (1093)
/usr/sbin/cupsd (978)
/usr/sbin/mysqld-akonadi///usr/sbin/mysqld (2136)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
If /usr/sbin/dhcpd is in the list of profiles do the following:
1.Stop apparmor deamon
sudo /etc/init.d/apparmor stop
2.Edit /etc/apparmor.d/usr.sbin.dhcpd with root permissions and ensure that file has following lines:
/var/lib/dhcp/dhcpd.leases* rwl,
/var/lib/dhcp/dhcpd6.leases* rwl,
/etc/dhcp/dhcpd.conf r,
/etc/dhcp/dhcpd6.conf r,
/var/lib/dhcp/dhcpd6.leases and /etc/dhcp/dhcpd6.conf are needed to run DHCP server in IPV6 mode, for example:
dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf /var/lib/dhcp/dhcpd6.leases eth0
3.Start apparmor deamon
sudo /etc/init.d/apparmor start
After this operation apparmor deamon will allow dhcp server to open /etc/dhcp/dhcpd.conf or /var/lib/dhcp/dhcpd.leases files. For more information see man apparmor