running bind as user other than root

Duane Cox dcox at coxnetwork.com
Mon Feb 28 16:20:52 UTC 2000


I'm interested in running bind as a user other than root.  Is this a good or bad idea?  Other than a root user, should the new user be in the root group?  Here is my situation.

I want to run ns1 and ns2, and have ns1 update ns2 via rsync over ssh.  (to avoid having to setup ns2 manually and to do the zone transfers)  This all works A OK right now using the user root, and logging into ns2 as root via ssh, but allowing someone to ssh into a machine with the user root scares me.  My other option was to run the daemon as another user, say "named" and set the file permissions to match that.  But my question is, is this open for more of a security problem, and if not, will I have to setup other files, ie. /var/log/messages so that this new user can write errors to it.

Any changes in ideas are welcome.

Thanks in advance

Duane Cox
dcox at coxnetwork.com





More information about the bind-users mailing list