bind + setuid()
Jan.Jirousek at chase.com
Jan.Jirousek at chase.com
Tue Jun 29 20:26:16 UTC 1999
Hi,
I have a reverse problem. I'd like to run bind as root, but allow certain (unix)
group of users to start/stop it. This is BIND8.2 on Solaris 2.6. I tried to set
/usr/local/sbin/ndc suid root and restrict access/execute permissions to my
group, but it didn't work - ndc complained it can't create /etc/ndc and it
started named process running under my regular user uid.
Maybe this behavior is Solaris specific, I don't have too much experience with
Solaris suid programs. BTW, there is a known Solaris bug, which allows any user
to run ndc (verison 8.2) and send various commands to running named, including
ndc stop (but not start or restart). This is because Solaris doesn't properly
respect access permissions on named pipes, such as /etc/ndc.
Any ideas ?
Honza
Patrick Greenwell <patrick at stealthgeeks.net> on 06/29/99 03:34:51 PM
To: ryanm <ryanm at accn.org>
cc: bind-users at isc.org(bcc: Jan Jirousek/CHASE)
Subject: Re: bind + setuid()
On Tue, 29 Jun 1999, ryanm wrote:
> Anyone got a doc on getting bind to run as an unprivileged user?? I
> looked through the README/INSTALL doc that comes with 8.1.2 but could
> not find anything to assist.
It's in there.
On the command line when invoking Bind -u specifies the UID, -g specifies
the GID, and -t specifies the chroot directory.
If you are using ndc to control your server, you'll probably want to add
this into the source(as well as changing the UID/GID that the ndc socket
is owned by.)
More information about the bind-users
mailing list