read-access for zonefiles?
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Tue Jun 25 08:49:27 UTC 2002
Patrick Viola <pviola at de.cw.net> wrote:
> rndc works fine ... my prob is, that the zonefiles have 600 permission
> and only named or root can look inside. My workmate also wants to read
> these files for troubleshooting with a customer.
For master zones :
If dynamic updates is enabled named will make them mode 0600 and owned by the
UID of named.
For non-dynamic zones named does not change mode, and only requires ro access.
Slave zonefiles are always mode 0600 and owned by UID of named.
Peter h
> ~Patrick Viola
> phn at icke-reklam.ipsec.nu wrote:
>> Patrick Viola <pviola at de.cw.net> wrote:
>>
>>
>>>Hi all,
>>>yesterday a workmate asked me, if I could give read permissions for the
>>>zonefiles to him. In the 8 Versions I do this with something like that ...
>>
>>
>>>controls { unix "/var/run/ndc" perm 0660 owner 25 group 1000; };
>>
>>
>>>But in Version 9 this configcommand exist's no longer.
>>>How can I give readpermissions to a workmate without give rootaccess to him?
>>
>>
>>
>> To be able to run rndc your mate needs readaccess to /etc/rndc.conf ( and
>> everything included from there). He/she also needs write permissions
>> on the zonefiles ( and possibly the directory where the zonefiles lives).
>>
>>
>>
>>> ~Patrick Viola
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list