running bind as user other than root

Ralf Hildebrandt R.Hildebrandt at tu-bs.de
Mon Feb 28 17:16:46 UTC 2000


On Mon, Feb 28, 2000 at 05:04:31PM +0000, Jim Reid wrote:

>     Ralf> RUNNING ANY DAEMON AS ROOT IS BAD.
> 
> This is generally true, but sometimes it's unavoidable. For instance
> if the daemon has to perform some privileged action like changing
> UID. 
Of course. Actually BIND always starts as root, loads files and then drops
privileges and execv's itself (correct me if I'm wrong)

> Running the name server as a non-root UID can be a good thing.
> However it can be inconvenient: for example, the non-root name server
> won't be able to bind to port 53 of a newly-added network interface.
> It would be necessary to restart the name server so that named could
> bind to port 53 (or chroot or....) before it gave up its super-user
> privileges.

I think this is a small price to pay. I don't really add lots of new
network-interfaces on-the-fly :)

-- 
Ralf Hildebrandt <R.Hildebrandt at tu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
The only "intuitive" interface is the nipple. After that, it's all
learned. 




More information about the bind-users mailing list