Allow only temporary zone updates without making them permanent

[Tony Finch]

Lefteris Tsintjelis via bind-users <bind-users at lists.isc.org> wrote:
>
> That makes perfect sense, but I was still shocked when I first saw it
> specially to a file owned by root. This is the part that surprised me
> and worried me the most! I was under the impression that after start up,
> named would switch to the user configured to do so and it will no longer
> be able to access or change other files but its' own.

You are right about what named does, but you are also encountering
a classic UNIX gotcha, legitimately perplexing.

See here, and click through the notes related answers to other questions:
https://unix.stackexchange.com/questions/75395/why-am-i-able-to-delete-file-which-belongs-to-root-under-a-non-root-user

Also have a look at the description of the sticky bit in the chmod man page.
It makes directory permissions work more like you might expect.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
a just distribution of the rewards of success