need more help running bind as user other than root... ?
Ralf Hildebrandt
R.Hildebrandt at tu-bs.de
Wed Mar 1 07:52:20 UTC 2000
On Tue, Feb 29, 2000 at 04:53:42PM +0000, Jim Reid wrote:
> You misunderstand. Running the name server with a non-root UID is an
> application of one of the basic tenets of security: least privilege.
I agree.
> ie The software only gets enough access rights to do what it has to do
> and no more. For the name server that should mean *reading* zone files
> and named.conf and maybe writing some log files. (Well, with a little
> work, that's possible.)
It must be able to write it's slave zones, too...
--
Ralf Hildebrandt <R.Hildebrandt at tu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
MMDF: A jumped up mailroom boy with a chip on his shoulder. Loves the
bureaucracy and takes great pride in stamping "illegal address" in red
ink on any mail it passes. Unpacks all the mail and repacks it in his
own special envelopes before delivery to end users.
-- Attached file included as plaintext by Listar --
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: p5xayQSOpjDqtsR8rEQQYmzhn3tunKBi
iQCVAwUBOLzMM0nh/jPvZzKNAQHifAP+Pqd54cGFDdbD5Ppq1BX1S6gzbbOoqAvD
r7Linz9gm3TYQNFmFEjodMUkpQIfOaArAC8aGgrEy8oUlazgBoiX99+n6MxcsWPv
+fRDjtApmBRQkH2ShNBjrRQmyP32cCFr6mnNBq1UCmq1Z5h4yT3qVpF21dsNQwxz
OeSxrpA2wcY=
=Zri0
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list