running bind as user other than root
Ralf Hildebrandt
R.Hildebrandt at tu-bs.de
Mon Feb 28 16:49:34 UTC 2000
On Mon, Feb 28, 2000 at 10:20:52AM -0600, Duane Cox wrote:
>
> I'm interested in running bind as a user other than root. Is this a good
> or bad idea? Other than a root user, should the new user be in the root
> group? Here is my situation.
Running BIND as unprivileged user is definitively a good idea!
Create an unprivileged user bind, belonging to group bind:
/etc/passwd:
bind:*:12:26::/:
/etc/group:
bind:*:26:bind
> I want to run ns1 and ns2, and have ns1 update ns2 via rsync over ssh.
>(to avoid having to setup ns2 manually and to do the zone transfers) This
>all works A OK right now using the user root, and logging into ns2 as root
>via ssh, but allowing someone to ssh into a machine with the user root
>scares me. My other option was to run the daemon as another user, say
>"named" and set the file permissions to match that. But my question is, is
>this open for more of a security problem, and if not, will I have to setup
>other files, ie. /var/log/messages so that this new user can write errors to
>it.
RUNNING ANY DAEMON AS ROOT IS BAD. For obvious reasons:
* Let there be an error in the daemon which allows execution of arbitrary
commands -> root compromise
* Let there be an error in the daemon which allows writing/access to
arbitrary files -> root compromise
Tip: Let BIND run as unprivileged user in chroot-jail (
named -t /jail -u bind -g bind
) to add additional security (every little bit helps).
You might adjust this a little to be able to rsync/scp the zonefiles to the
jail.
--
Ralf Hildebrandt <R.Hildebrandt at tu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
I work for an investment bank. I have dealt with code written by stock
exchanges. I have seen how the computer systems that store your money
are run. If I ever make a fortune, I will store it in gold bullion
under my bed.
More information about the bind-users
mailing list