Re: security

To: Debian User <debian-user@lists.debian.org>
Cc: Russell Coker <russell@coker.com.au>
Subject: Re: security
From: Jeffrey Taylor <jeff.taylor@ieee.org>
Date: Sun, 9 Feb 2003 14:12:14 -0600
Message-id: <[🔎] 20030209201214.GA1472@elendil.bearhouse.org>
Mail-followup-to: Jeffrey Taylor <jeff.taylor@ieee.org>, Debian User <debian-user@lists.debian.org>, Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030209084605.GC21054@thebox.bloog.ddts.net>
References: <[🔎] 200302031421.33937.russell@coker.com.au> <[🔎] 20030209084605.GC21054@thebox.bloog.ddts.net>

Quoting Rob Weir <rweir@ertius.org>:
> [DISCLAIMER: I've played with this here at home, and think I've got a
> fairly secure system, but I'm no expert, I'm just an interested geek]
> 
> On Mon, Feb 03, 2003 at 02:21:33PM +0100, Russell Coker wrote:
> > Is anyone here running a Debian system with no daemons running as root
> > other than init, inetd, and sshd, no SUID-root programs other than
> > passwd, su, etc, and generally having everything locked down as much
> > as possible (chroot's for daemons, etc)?
> 
> I'm running bind9 in a chroot (using Martin's bind9-chroot package);
> everything else is as normal. 
> 

It has been possible since BIND 8.x to run it non-root.  I did it on
my main machine (non-Debian).  It took a little fiddling with
permissions and ownership so it could read & write the configuration
and zone files.  Figure an hour to get it to work.  I should invest
another hour to improve the solution.  I now think it can be done more
securely.

Jeffrey

Reply to:

Follow-Ups:
- Re: security
  - From: Russell Coker <russell@coker.com.au>

References:
- security
  - From: Russell Coker <russell@coker.com.au>
- Re: security
  - From: Rob Weir <rweir@ertius.org>

Prev by Date: Re: Ardour debs?
Next by Date: Re: good sources.list
Previous by thread: Re: security
Next by thread: Re: security
Index(es):
- Date
- Thread