Re: These 'roots' are bugging me.
dave,
running BIND as a non-privileged user is a good idea, but putting it
into a chroot jail _and_ running as a non-root user is much safer.
i've recently created a chroot'd BIND and use it on a production server;
it's not that difficult. if you want to do this, the chroot-BIND8 howto
is your friend: http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO.html
this document is really good, but some additional work needs to be done
to get the thing work on debian.
On Wed, 2002-01-30 at 17:14, Dave Kline wrote:
> I have a number of Debian 2.2 systems that have some critical daemons
> running as root. The most concerning offender is BIND8. BIND has been
> tried and convicted, and by judging its turbulent past, I have no choice
> but to demote it from its root status. I don't have dynamic interfaces
> for it to play with so it clearly has no business being root.
>
> I have no experience demoting BIND, but I realize I must. Making a
> chroot'ed environment isn't as large a concern for me as just dropping
> root from the daemon. My question is can I perform this task in a
> 'Debian' way? By that I mean can I follow a HOWTO aimed at Debian, so
> Apt wont trample of my work during the next BIND update? Does anyone
> have a methodology for BIND8 on Debian 2.2?
>
> Thanks much.
> -A. Dave
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
__________________________________________
Gergely Trifonov mailto:gergely.trifonov@indweb.hu
System Administrator, WSD
IND - Interactive Net Design http://www.indweb.hu
Széchenyi u. 70. H - 3530 Miskolc Hungary
Phone: +36 46 505 106 Fax: +36 46 505 107
Mobile: +36 20 395 6476
!Please install IND CA Certification as TRUSTED CA!
https://www.indweb.hu/IND.crt
Reply to: