need more help running bind as user other than root... ?
Jim Reid
jim at rfc1035.com
Tue Feb 29 16:53:42 UTC 2000
>>>>> "Lars" == Lars Hecking <lhecking at nmrc.ucc.ie> writes:
>> Bind is running under the user/group named/named, also NOT in
>> chroot mode.
Lars> Does this make sense at all? More likely than not this will
Lars> compromise system security because you have to give
Lars> privileges to this non-root user, e.g. read/write access in
Lars> areas where by default only root has access.
You misunderstand. Running the name server with a non-root UID is an
application of one of the basic tenets of security: least privilege.
ie The software only gets enough access rights to do what it has to do
and no more. For the name server that should mean *reading* zone files
and named.conf and maybe writing some log files. (Well, with a little
work, that's possible.) This means that if the name server is
penetrated, there's nothing the attacker can do apart from scribble on
some name server log files. And that's an example of another security
fundamental: containment. One breach doesn't compromise everything.
The trick of running the name server non-root is to set the
permissions and ownerships of files and directories to reflect the
security policy. And either you work around the limitations of not
being able to do super-user operations (like binding to port 53 on a
new interface) or else forgo them altogether.
More information about the bind-users
mailing list