chroot + bind 9.0.1

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Tue Nov 21 06:39:39 UTC 2000


	I suspect this is a Linux box and named drops most of its
	root privileges immediately including the ability to override
	access permissions to files and directories.  It does not
	drop chroot immediately but does after the chroot succeeds.

	Mark

> 
> I'm not exactly sure why this is happening (the chroot() should be happening
> long *before* the setuid()!), but since it *is* obviously happening, perhaps
> you should reconsider your decision to set the chroot-jail rootdir to 700.
> After all, you can probably (depending on what's causing the problem) still
> restrict things *underneath* the chroot dir, and regardless, you can
> restrict all of the BIND-specific files to be readable/writable only by the
> "named" user and lock the password of that user. Are these measures
> insuffficient?
> 
> 
> - Kevin
> 
> sixx wrote:
> 
> > I've been trying to get bind 9 working in a chroot jail and i get
> > this error below after following all the HOWTOs out there.
> > FYI, i've copied all the necessary files over to my jail (/home/named)
> >
> > [root at bind etc]# /home/named/bin/named -u named -t /home/named/
> > /home/named/bin/named: chroot(): Permission denied
> >
> > Its seems that all would work if the rights for /home/named is 711 rather
> > then the default of 700 which would allow others to access my files.
> >
> > Any ideas?
> 
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com



More information about the bind-users mailing list