[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

On Mon, Sep 16, 2002 at 07:17:34PM +0200, Javier Fernández-Sanguino Peña wrote:
> On Mon, Sep 16, 2002 at 06:52:02PM +0200, Russell Coker wrote:
> > On Mon, 16 Sep 2002 18:19, Stephen Frost wrote:
> > > No, don't.  If admins want it that way, admins will set it up that way.
> > > By default, since the vast majority of people will *not* have bind
> > > installed, do *not* require everyone have a user they will not use.
> > 
> (..)
> > named is more popular than all news servers combined, more popular than 
> > majordomo or uucp ever were (and they are much less popular now), more 
> > popular than msql...  These other programs have their accounts in everone's 
> > /etc/passwd, why not named?
> Reading Bug #95557 and Debian Policy [1] it seems to me that the
> maintainer is not willing to use the 0-99 range (only for
> 'mandatory users') However passwd.master in base-passwd contains the
> following users for services: news, uucp, proxy, postgres, www-data,
> mail, list, and gnats.
> Now, DNS server might be the #2 service in the Internet behind the web
> service (www-data) and probably over mail ('mail', 'list') and many others
> (postgres? gnats?).
> I wonder: if you allocate the 'bind' user dynamically (should probably be
> 'named' better) how are nameservers going to share name zone
> configuration? I wonder how would I need to switch from 'bind' to 'djbdns'
> or 'maradns'.

Nameservers do not share zone configurations.  Pretty much every single
nameserver out there uses a different format; djbdns, bind, maradns,
dents..  Switching between them is non-trivial.

A running bind process should not have write permission to my maradns
config stuff; ditto for other things.  We're trying to limit the effect
of someone hijacking a specific user; if we all ran everything as user
nobody, somebody breaking into named could then DoS our apache setup by
messing w/ logs files.  They could also read user's docroot data, as
that would need to be readable by user nobody.  Having all dns servers
use the same UID would not be nearly as bad, but it lies along the same
lines.  Different nameservers do not need to have _any_ permissions on
any other nameservers' data; why give it to them?

> Why do I ask this? Because if zone information is standard between name
> servers (and I believe it is) there's no point on having that
> configuration at /etc/bind since I might want to un-install bind and
> install maradns (for example) while preserving my zone configuration. Is
> it possible currently? No. Would it be neat? Yes. Does dynamic allocation
> of the uid hinder this? Yes.

It's not standard, unfortunately.  Even if it was, I would not want
_writable_ info shared between them.  Having something that's shared by
various servers and owned by root in /etc is fine; but having different
servers all write to the same file is a bad idea.  

> I vote on giving the name service a proper UID, since it's relevance is
> comparable to a web server, news server or whatever. I want to be able to
> switch servers and still keep the data (that's what /var/www is for, isn't
> it?).

I disagree w/ a shared docroot as well, but it's not relevant to this

> If you do not agree with me here, in any case bind should use 'adduser
> --system' Right?

Yes, that's how it's done in the postinst script.

> Regards
> 	Javi
> [1] http://www.debian.org/doc/debian-policy/ch-opersys.html#s10.2
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Buying a Unix machine guarantees you a descent into Hell. It starts when
you plug the computer in and it won't boot. Yes, they really did sell you
a $10,000 computer with an unformatted disk drive.
	-- Philip Greenspun

Reply to: