chroot-ed bind 9 (was: Users Want *Seamless* Solutions, Not Patchwork)

Brad Knowles brad.knowles at skynet.be
Fri Jul 27 20:01:08 UTC 2001


At 10:09 AM -0500 7/27/01, Donald Nash wrote:

>  True, but a well-constructed chroot jail makes it easier to clean up the
>  mess.  In my case, BIND runs in a jail and under a non-root UID which
>  neither owns nor has write access to anything in the jail, including the
>  zone file themselves*.

	You must have a hard time running secondary nameservers that are 
never able to write file versions of the zones that they transfer.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA


More information about the bind-users mailing list