Re: Whom the BIND newest vulnerability concerns?
On Mon, 15 Nov 1999 at 9:41:40 +1100, Herbert Xu wrote:
> Russell Coker <russell@coker.com.au> wrote:
> > On Fri, 12 Nov 1999, David Huggins-Daines wrote:
> >>
> >>In fact, -u named is much better, because if you use sudo, named will not be
> >>able to create its pidfile or the /var/run/ndc socket.
>
> > Just have the "named" user be in the "daemon" group, have the /var/run
> > directory owned by group "daemon" and mode 1775...
>
> Personally I'd create /var/run/named, owned by named, and put the pid file
> there.
Me too. But it doesn't work (without recompiling named?). The pid-file's
directory isn't "settable" while starting named.
I ended so far removing options --pidfile /var/run/named.pid
from /etc/init.d/bind
which, I _think_, will be safier than giving write permission for group
"daemon" to /var/run
Any better idea?...
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
Reply to: