/var/lib/named not writable by named?
Jeremy C. Reed
reed at reedmedia.net
Thu Jul 23 13:56:30 UTC 2020
On Wed, 22 Jul 2020, Josef Moellers wrote:
> I just read that /var/lib/named is only writable by root "for security
> reasons" (cf http://inai.de/linux/adm_ddns).
>
> Can anyone explain why this is so?
Not BIND specific. It is a common practice when running network servers
to drop or reduce privileges when they can. In that case, the process
may start as root but then changes to a dedicated user. (I didn't follow
the URL above.) If the process needs to write to any files, then the
system can be setup for specific directories or files that are writable
by the dedicated user.
(Also see the May 20 response I emailed that is somewhat related to
this.)
More information about the bind-workers
mailing list