DNS maintainers

James Raftery james-bind-users at now.ie
Tue Jan 2 16:04:07 UTC 2001


On Tue, Jan 02, 2001 at 09:10:09AM +0000, Robert Wessels wrote:
> Firt, a happy new year to all of you!

Many happy returns!

> We will be each others secondairy server. Is there a way to setup bind
> on linux so that he will be able to make changes to the dns entries
> without giving him root access.. I want to do this the proper way..

Set your file permissions accordingly. The configuration files, zone
files and control sockets are all files for which you can set
appropriate permissions to allow editing by users who are not root.

Consider creating a group for DNS maintenance ('dns' is an obvious
choice). Make your friend's user account have 'dns' as a supplementary
group (consult your system documentation for how to do this). Set the
group ownership on the configuration files, zone files and control
sockets to place them in the 'dns' group and allow the files to be
written to by members of that group.

Sample commands, after creating the 'dns' group:
chgrp dns /etc/named.conf
chmod g+w /etc/named.conf

Repeat this for your zone files.

The 'controls' statement of the configuration file lets you set the
permissions on the conrtol socket ndc uses. See
http://www.isc.org/products/BIND/docs/config/controls.html


james
-- 
James Raftery (JBR54)
  "Managing 4000 customer domains with BIND has been a lot like
   herding cats." - Mike Batchelor, on dns at list.cr.yp.to.



More information about the bind-users mailing list