Re: security
On Sun, 9 Feb 2003 21:12, Jeffrey Taylor wrote:
> It has been possible since BIND 8.x to run it non-root. I did it on
> my main machine (non-Debian). It took a little fiddling with
> permissions and ownership so it could read & write the configuration
> and zone files. Figure an hour to get it to work. I should invest
> another hour to improve the solution. I now think it can be done more
> securely.
I've been running BIND non-root for many years, I think I even had 4.x running
non-root.
I used the authbind package to allow binding to port 53 as non-root and needed
a few modifications to /etc/init.d/bind and some permissions of some files.
It wasn't too difficult.
Bind9 manages it's own security by dropping capabilities and does not work
with authbind.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: