Logging Question Again

Michael Kjorling michael at kjorling.com
Mon Mar 25 21:27:44 UTC 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 25 2002 13:19 -0800, Jeff Grossman wrote:

> Okay, I think I have it working now.  I was running Bind 9.1.0-10 rpm from
> Redhat for Redhat 7.1.  I uninstalled that version, and installed version
> 9.2.0 from source.  The logging seems to be working now.

This is why, whenever someone has a problem with an old version, that
person is asked to upgrade...


> I have a different question now though.  I am running it as root.  The
> redhat rpm version ran as named.  Should I configure it to work as named, or
> continue to run it as root?
>
> Thanks,
> Jeff

If at all possible (and there really aren't many reasons it shouldn't
be), run BIND (or any externally accessible services) under a
non-privileged account, and preferably chrooted. Chrooted environments
can be a little tricky to set up and get right even with BIND 9, but
running as another user is easy. Just add "-u $username" to named's
command line, replacing $username as necessary.

Check your /etc/passwd - named will most likely still be in there.
Otherwise add a user with a bogus shell and assign only minimum access
rights. As long as you're just running simple DNS (no dynamic updates
and such) BIND does fine with nothing but read access to the
configuration and zone files as well as a logging socket.


Michael Kjörling

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4   \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e

``And indeed people sometimes speak of man's "bestial" cruelty, but
this is very unfair and insulting to the beasts: a beast can never be
so cruel as a man, so ingeniously, so artistically cruel.''
(Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE8n5ZTKqN7/Ypw4z4RAmQpAKCAR21YbyoC4X7LntrPhv4Sq9G6cACbB3pl
OTTqRTm06zTZOQJyD5wDSJk=
=yx44
-----END PGP SIGNATURE-----




More information about the bind-users mailing list