DNS on Solaris
Barry Margolin
barmar at bbnplanet.com
Tue Feb 22 20:33:40 UTC 2000
In article <200002222009.VAA17777 at mail-relay.EU.net>, <dharris at kcp.com> wrote:
>I also had problems with the BIND build on Solaris 2.7. I also ended up
>with the install putting files on /usr/local/etc rather than the /etc I was
>used to. Then I did some looking and realized I could have avoided this.
>There are some environment variables documented in wherever your download
>put BIND/SRC/INSTALL. The file INSTALL includes definitions of those
>variables.
Note that there's a very good reason why it does this. If you use /etc,
then *anyone* on the system can shut down named. This is because Solaris
doesn't implement permission checking on sockets; if a socket is in a
world-executable directory (which /etc must be) then anyone can open and
write to it. BIND 8.2 listens for commands from the "ndc" program through
the $DESTBIN/ndc socket; the way to protect it is to make $DESTBIN a
directory that only root has access to.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list