[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Whom the BIND newest vulnerability concerns?

On Mon, 15 Nov 1999 at  9:41:40 +1100, Herbert Xu wrote:
> Russell Coker <russell@coker.com.au> wrote:
> > On Fri, 12 Nov 1999, David Huggins-Daines wrote:
> >>
> >>In fact, -u named is much better, because if you use sudo, named will not be
> >>able to create its pidfile or the /var/run/ndc socket.
> 
> > Just have the "named" user be in the "daemon" group, have the /var/run
> > directory owned by group "daemon" and mode 1775...
> 
> Personally I'd create /var/run/named, owned by named, and put the pid file
> there.

Me too. But it doesn't work (without recompiling named?). The pid-file's
directory isn't "settable" while starting named.

I ended so far removing options  --pidfile /var/run/named.pid
from /etc/init.d/bind
which, I _think_, will be safier than giving write permission for group
"daemon" to /var/run

Any better idea?...
-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@lodz.tpsa.pl   http://www.lodz.tpsa.pl/   | ones and zeros.
Reply to: