/var/lib/named not writable by named?

Jeremy C. Reed reed at reedmedia.net
Thu Jul 23 21:38:10 UTC 2020

On Thu, 23 Jul 2020, Josef Moellers wrote:

> I do understand about dropping privileges, which is perfectly OK. Named
> runs as user/group named/named and so has no special privileges, but we
> had an issue recently wrt transactional updates and we solved it by
> making /var/lib/named owner root:named and perms rwxrwxr-t which would
> allow write access only to root and named. I am weary about any security
> issues which may arise from this. That's why I'm asking.

You will need to explain or show "issue recently wrt transactional 
updates".  (If this was me, I would collect the error messages if any, 
enable some debugging, use ktrace or equivalent to help understand it.)

I run BIND frequently without root privileges -- including starting it 
up (as non-root) and using it extensively as non-root (tens of thousands 
of separate uses).

More information about the bind-workers mailing list