Fwd: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface
each at isc.org
Wed Sep 30 00:27:14 UTC 2015
On Tue, Sep 29, 2015 at 08:14:18PM -0400, Gordon Lang wrote:
> After reading Mark's post (found in my spam folder), I gather suid cannot
> be used with threads on Linux. So I have to choose between setting up a
> suid root wrapper, or simply not using threads. So my final question is
> whether or not using threads on Linux is sufficiently beneficial in spite
> of it being "a total mess."
Setuid can be used on linux, but you have to ensure the permissions
are all correct and all unnecessary privileges have been dropped before
the process begins forking threads.
If all the files and directories that named needs to access are
owned by user "bind" and named is running with "-u bind", things
are generally smooth.
If you don't use threads, you'll have less to fiddle around with to
set up file and directory ownership, but you'll get a fraction of the
performance. If you have a low-traffic server, that might not be a
concern for you.
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users