On Tue, Sep 17, 2002 at 09:45:39AM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 16, 2002 at 02:11:31PM -0400, Stephen Frost wrote: > > * Javier Fern?ndez-Sanguino Pe?a (jfs@dat.etsit.upm.es) wrote: > > > (the 'named' user gets created) > > > 2.- user configures the name server and sets the zone information in > > > common dir, for example /var/named/ > > Now hang on a second here. You think the master zone files are going to > > be owned by the named user? That's a bad assumption to begin with, they > > should be owned by root (as they are on my system...). So, really, all > > we're talking about here are cache files which should be recreated when > > you update anyway. I should have realized the folly of the original > > proposal earlier. > No, no folly. Please think a moment. What permissions are you > suggestion for master zone files? 644 with root:root? That's plain wrong, > I don't want my master zone files to be accesible by any other process > than the name server. That's sensible information, you do disable zone > transfers don't you? I disable zone transfers as protection against DoS attacks, not because any of the information contained within is sensitive. Unnecessary zone transfers can seriously drag down a name server. If you believe your zone files need to be protected from prying eyes, it seems to me you have specialized requirements outside the scope of what Debian needs to provide. Steve Langasek postmodern programmer
Attachment:
pgpSeV6iDY_Ha.pgp
Description: PGP signature