problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

Niall O'Reilly niall.oreilly at
Sun Sep 27 13:09:04 UTC 2015

On Sat, 26 Sep 2015 17:27:56 +0100,
Gordon Lang wrote:
> CHANGE: I did not properly characterized the problem in my original
> post, so here is the real situation.
> If the bash shell from which I launch "named" is owned by root, then
> "named" runs perfectly using the "-u" option, even listening on the
> tun/tap interfaces.
> But if I run "named" as a regular user, relying on the SUID file
> setting to elevate privileges, then named fails to listen on any
> addresses.
> I believe the differences I saw before related to tun/tap interfaces
> were due to testing on different RedHat platforms, but this revised
> problem statement describes what is happening on both platforms.
> So the real problem is this: It seems I can use the SUID file bit to
> allow a regular user to launch named, OR I can use the "-u" option of
> "named" to lower the privileges after launch (requiring native root
> privileges to launch), but I can't use both at the same time.
> Can anyone shed any light on this scenario?

  I'm missing some information which might help me understand the
  problem: the user and group to which your named belong.

  Best regards,
  Niall O'Reilly

More information about the bind-users mailing list