Chrooting BIND

Bill Larson wllarso at swcp.com
Mon Jun 4 13:38:29 UTC 2001


The original response was slightly misleading, but the request was very
correct.  It is very useful to know what platform you are running on.

Now, it is never necessarfy to recompile a software application to run
in a chroot operation.  Chroot only requires that the environment be
correctly configured - access to other executables that will be run
(such as named-xfer), access to the files to be read (/etc/named.conf
and any master zone files), the ability to write needed files (slave
zone files and log file, if needed), and the ability to write to syslog
if necessary.  This may require that copies of shared libraries be
available, and pared down /etc/passwd and /etc/group files to control
execution of additional programs.

As long as these requirements are met, there is no requirement to
require any application for chroot execution.  You may want to
recompile to provide a better set of path names for the chroot
environment, but most of this can be set explicitly in
/etc/named.conf.  I don't recommend assuming that compiled in default
paths are correct.  Explicitly specify the directory paths in the
/etc/named.conf file for any files needed by named.

Follow-up question: With BIND-9 that does not have a separate
named-xfer, there should be no need to copy shared libraries since no
additional ececutables are run, but is it still necessary to have a
pared down /etc/passwd file in the chroot environment?

Bill Larson

> The plataform is linux redhat 7.0 running Bind 8.2.3
> 
> Kerry Liles wrote:
> 
> > On what platform and what version of Bind?
> >
> > "Hugo F. Martinez" <hmartinez at cti.com.ar> wrote in message
> > news:9f8r09$b49 at pub3.rc.vix.com...
> > >
> > > Hi:
> > >     I would like to know if it absolutly necesary to recompile the bind
> > > source code to make the chroot work?


More information about the bind-users mailing list