/var/lib/named not writable by named?
Jeremy C. Reed
reed at reedmedia.net
Thu Jul 23 21:38:10 UTC 2020
On Thu, 23 Jul 2020, Josef Moellers wrote:
> I do understand about dropping privileges, which is perfectly OK. Named
> runs as user/group named/named and so has no special privileges, but we
> had an issue recently wrt transactional updates and we solved it by
> making /var/lib/named owner root:named and perms rwxrwxr-t which would
> allow write access only to root and named. I am weary about any security
> issues which may arise from this. That's why I'm asking.
You will need to explain or show "issue recently wrt transactional
updates". (If this was me, I would collect the error messages if any,
enable some debugging, use ktrace or equivalent to help understand it.)
I run BIND frequently without root privileges -- including starting it
up (as non-root) and using it extensively as non-root (tens of thousands
of separate uses).
More information about the bind-workers