need more help running bind as user other than root... ?

Ralf Hildebrandt R.Hildebrandt at
Wed Mar 1 07:52:20 UTC 2000

On Tue, Feb 29, 2000 at 04:53:42PM +0000, Jim Reid wrote:

> You misunderstand. Running the name server with a non-root UID is an
> application of one of the basic tenets of security: least privilege.
I agree.

> ie The software only gets enough access rights to do what it has to do
> and no more. For the name server that should mean *reading* zone files
> and named.conf and maybe writing some log files. (Well, with a little
> work, that's possible.) 

It must be able to write it's slave zones, too...

Ralf Hildebrandt <R.Hildebrandt at>
MMDF: A jumped up mailroom boy with a chip on his shoulder. Loves the
bureaucracy and takes great pride in stamping "illegal address" in red
ink on any mail it passes. Unpacks all the mail and repacks it in his
own special envelopes before delivery to end users.  

-- Attached file included as plaintext by Listar --

Version: PGPfreeware 5.0i for non-commercial use
MessageID: p5xayQSOpjDqtsR8rEQQYmzhn3tunKBi


More information about the bind-users mailing list