named: the working directory is not writable
dougb at dougbarton.us
Fri Aug 14 19:58:41 UTC 2009
Rick Dicaire wrote:
>> joans4nz wrote:
>>> What is the working directory?
> Take a look at the ownership and perms on /var/named/etc/namedb/dump
>> Making that message go away (one way or another) is on my list, but
>> since it's basically harmless it's not a high priority.
> It will be when you want to dump stats etc :)
I did say "basically" harmless. :) Seriously though, we have passed
the 1-year anniversary of the following request to separate the idea
of "working directory" from "configuration directory"
The main problem with having the directory where named's configuration
files are stored writable by the named user is that if you get pwned
the bad guy can replace your named.conf with one of their own.
The FreeBSD base includes a _default_ configuration that is pretty
tight on purpose since it is designed to be "safe" for the average
non-expert DNS user to be able to start up a local system resolver
without having to worry about security. Users with more advanced needs
have the tools available to them to alter the default configuration as
they see fit.
More information about the bind-users