need more help running bind as user other than root... ?
R.Hildebrandt at tu-bs.de
Wed Mar 1 07:52:20 UTC 2000
On Tue, Feb 29, 2000 at 04:53:42PM +0000, Jim Reid wrote:
> You misunderstand. Running the name server with a non-root UID is an
> application of one of the basic tenets of security: least privilege.
> ie The software only gets enough access rights to do what it has to do
> and no more. For the name server that should mean *reading* zone files
> and named.conf and maybe writing some log files. (Well, with a little
> work, that's possible.)
It must be able to write it's slave zones, too...
Ralf Hildebrandt <R.Hildebrandt at tu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
MMDF: A jumped up mailroom boy with a chip on his shoulder. Loves the
bureaucracy and takes great pride in stamping "illegal address" in red
ink on any mail it passes. Unpacks all the mail and repacks it in his
own special envelopes before delivery to end users.
-- Attached file included as plaintext by Listar --
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----
More information about the bind-users