Re: named as non-root?

To: Paul Tod Rieger <prie@abl.com>
Cc: Firewallers <debian-firewall@lists.debian.org>
Subject: Re: named as non-root?
From: Guido Bozzetto <GB@Nauta.it>
Date: Thu, 22 Jun 2000 17:27:32 +0200
Message-id: <[🔎] 39523064.D6E4ABA7@Nauta.it>
References: <[🔎] 000101bfdc5d$3954ef00$0404a8c0@electra.abl.com>

Paul Tod Rieger wrote:
> 
> On my router/firewall (2 NICs with ipmasq in between; slink/2.0.36), I run
> named as root.  I'm looking for an easy way not to.
> 
> Since the Debian system already runs Apache as www-data, I'm wondering if
> adding "-u www-data  -g www-data" to named's start up file would be an easy
> way to run it non-root.

My solution with bind 8.2.2p5-11:

/etc/init.d/bind:

#!/bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin

test -x /usr/sbin/named || exit 0

BINDOPTS="-u bind -g bind"

case "$1" in
    start)
        echo -n "Starting domain name service: named"
        # start-stop-daemon --start --quiet --exec /usr/sbin/named 
        start-stop-daemon --start --quiet --exec /usr/sbin/named --
$BINDOPTS
        echo "."        
    ;;
-- 
+----------------+---------------------------------------+
| Guido Bozzetto | Office ph./fax:+39 0432 477588/486157 | L'avar al è
chel
|   \/     I     | E-mail:    :-)     mailto:GB@Nauta.it | che si
lambiche
|   OO     like  | Web:   http://www.nauta.it/~bozzetto/ | a vivi puar
|   --     Linux | Talk:                gb@argo.nauta.it | par muri sior
+----------------+---------------------------------------+

Reply to:

References:
- named as non-root?
  - From: "Paul Tod Rieger" <prie@abl.com>

Prev by Date: named as non-root?
Next by Date: Re: named as non-root?
Previous by thread: named as non-root?
Next by thread: Re: named as non-root?
Index(es):
- Date
- Thread