On Mon, Jun 05, 2000 at 12:59:36PM +0100, Zak Kipling wrote: > On Mon, 5 Jun 2000, Ethan Benson wrote: > > > idiots should not be running bind. > > Very true. But we can't very well have an install script which asks "Are > you an idiot?" and aborts installation if the user answers "Yes" ;-) > Bottom line is idiots *will* run bind anyway (after all they are > idiots...) So better that the default mode should be (relatively) safe, > requiring active intervention (and presumably knowledge) to open the big > holes like running it as root -- which as has already been pointed out is > only likely to be desirable for a very small minority of users. i completly agree, that is bind should be installed defaulting to running as named.named (which should be in the base-passwd btw) and probably chrooted as well. anyone needing a less secure configuration should know how to edit the initscripts and config files themselves with thier $EDITOR. i don't think it is necessary (or really desirable) to have the postinst asking about running bind as root, i think that the number of people who need it is far to small to justify ya interuption in the system install. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpehQ64kKPFM.pgp
Description: PGP signature