Re: BIND security question

To: hypnos <hypnos@m-net.arbornet.org>
Cc: Robert Varga <robi@piros.zold.net>, Pollywog <pollywog@shadypond.com>, debian-user list <debian-user@lists.debian.org>, recipient list not shown: ;, recipient list not shown: ;
Subject: Re: BIND security question
From: aphro <nate@firetrail.com>
Date: Sat, 1 Jan 2000 02:21:57 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0001010220430.29804-100000@galactica.firetrail.com>
In-reply-to: <Pine.LNX.4.10.9912312258210.6589-100000@lemnos>

On Fri, 31 Dec 1999, hypnos wrote:

hypnos >how does this work?  because only superuser can
hypnos >bind to privileged ports (<1024) right? so does
hypnos >named start as root, then switch to the user
hypnos >specified?
hypnos >
hypnos >i may look into changing my named to run as
hypnos >other than root also.

yep thats how it works, i also use -g named to change group to named
and also use -t /var/named to chroot() it.

if you use -u or -g make sure permissions are always good though, or make
sure to do all your DNS maintainence as the user named.

nate

----------------------------------------[mailto:aphro@aphroland.org ]--
   Vice President Network Operations       http://www.firetrail.com/
  Firetrail Internet Services Limited      http://www.aphroland.org/
       Everett, WA 425-348-7336            http://www.linuxpowered.net/
            Powered By:                    http://comedy.aphroland.org/
    Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--
2:10am up 134 days, 14:05, 3 users, load average: 1.86, 1.66, 1.57

Reply to:

Prev by Date: Re: y2k
Next by Date: Re: Xircom RealPort Ethernet/Modem on Debian
Previous by thread: Re: y2k
Next by thread: Re: CTRL-C Doesn't work??!! ....
Index(es):
- Date
- Thread