question on minimal file permissions

Tony Finch dot at dotat.at
Mon Apr 18 10:47:28 UTC 2011


hostmaster at g-net.be <hostmaster at g-net.be> wrote:
>
> The reason I ask is because I'm setting up a DNS sec server and for easy
> key rollover and manageability I have created several new directories on
> a usb stick for example. Key files and zone files now all have 774
> permissions , owned by bind:bind , but I was wondering from a security
> point of view if this is correct ?

Zone files that are managed by bind need to be writable by BIND (mode 644
and owned by BIND). BIND does not (yet) create keys itself so the key
files only need to be readable by BIND.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in
Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5
or 6 later. Rough or very rough. Occasional rain. Moderate or good,
occasionally poor.



More information about the bind-users mailing list