Re: security

To: Jeffrey Taylor <jeff.taylor@ieee.org>, Debian User <debian-user@lists.debian.org>
Subject: Re: security
From: Russell Coker <russell@coker.com.au>
Date: Mon, 10 Feb 2003 14:18:40 +0100
Message-id: <[🔎] 200302101418.40927.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030209201214.GA1472@elendil.bearhouse.org>
References: <[🔎] 200302031421.33937.russell@coker.com.au> <[🔎] 20030209084605.GC21054@thebox.bloog.ddts.net> <[🔎] 20030209201214.GA1472@elendil.bearhouse.org>

On Sun, 9 Feb 2003 21:12, Jeffrey Taylor wrote:
> It has been possible since BIND 8.x to run it non-root.  I did it on
> my main machine (non-Debian).  It took a little fiddling with
> permissions and ownership so it could read & write the configuration
> and zone files.  Figure an hour to get it to work.  I should invest
> another hour to improve the solution.  I now think it can be done more
> securely.

I've been running BIND non-root for many years, I think I even had 4.x running 
non-root.

I used the authbind package to allow binding to port 53 as non-root and needed 
a few modifications to /etc/init.d/bind and some permissions of some files.  
It wasn't too difficult.

Bind9 manages it's own security by dropping capabilities and does not work 
with authbind.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: security
  - From: Rob Weir <rweir@ertius.org>

References:
- security
  - From: Russell Coker <russell@coker.com.au>
- Re: security
  - From: Rob Weir <rweir@ertius.org>
- Re: security
  - From: Jeffrey Taylor <jeff.taylor@ieee.org>

Prev by Date: Re: PHP Fatal error: Unable to start session mm module in Unknown on line 0
Next by Date: Re: [newbie] multiusers problems
Previous by thread: Re: security
Next by thread: Re: security
Index(es):
- Date
- Thread