chroot query

Doug Barton DougB at
Fri Oct 4 16:28:10 UTC 2002

On 4 Oct 2002, david doherty wrote:

> thanks for the help. I will take a look at the configuration of my
> /jail again. It is bugging me as trussing the process does not give me
> a great deal of information as to why the user 'named' cannot be
> found.

Umm... didn't Mark already answer this question? You don't have the right
password files in /jail/etc. While opinions differ on this point, I think
most of us feel that rather than using chroot /blah named, you're better
off using named -t /blah. That way, you don't have to duplicate your
entire operating system under /blah. You just need to copy the things
named needs to see after it's chroot'ed itself. For bind 8 that's:


For your convenience, you probably also want /blah/var/run, and you should
have directories for your master and slave zones, etc. For bind 9 you also
need a /blah/dev/random. My chroot tree looks like this:


That's it (minus the zone files of course). I actually feel that it's a
lot more secure to keep the binaries OUT of the chroot area. That way
there is even less for the attacker to compromise.



   "We have known freedom's price. We have shown freedom's power.
      And in this great conflict, ...  we will see freedom's victory."
	- George W. Bush, President of the United States
          State of the Union, January 28, 2002

         Do YOU Yahoo!?

More information about the bind-users mailing list