BIND as non-root

Wed May 3 15:07:57 UTC 2000

In article 
<Pine.LNX.4.20.0005021940510.21839-100000 at tartarus.netherrealm.net>, 
Sheer El-Showk <sheer at tartarus.netherrealm.net> wrote:

> Hi,
> 
> Why does no body run bind as non-root?  Is it just a matter of needing
> access to port 53 or are there other considerations?  Would it be possible
> to use something like port forwarding to overcome this limitation?
> 
> Thanks in advance,
> Sheer El-Showk
> 
> 
> 
> 

I run bind as non-root. There are some minor issues, but they are not 
hard to fix.

1. You have to make sure that the directory where bind's zone files are 
located is writable by the user you are running bind as.

2. You will have to change the location of bind's PID file to a place 
where the user has write perms. or change the default directory's 
(/var/run) perms..

3. Make sure that /etc/named.conf is readable by the bind user. I have 
mine owned by root and readable by bind's group.

4. Change your startup script to add the -u and -g option to named's 
args..

That is pretty much it. Fairly simple.

HTH.
Brian

-- 
Brian Bergstrand
<http://www.classicalguitar.net/brian/>