need more help running bind as user other than root... ?

[Jim Reid]

>>>>> "Duane" == Duane Cox <dcox at coxnetwork.com> writes:

    Duane> Bind is running under the user/group named/named, also NOT
    Duane> in chroot mode.  If I understand right, Linux executes the
    Duane> named daemon as user root no matter what, then shifts down
    Duane> to user named during that daemon startup process.
    Duane> (according to dns & bind r3 chapter 10).  My problem is, as
    Duane> user named I cann't successfully execute the script
    Duane> /etc/rc.d/init.d/named restart.  Is this going to be normal
    Duane> since this script is usually executed as root?

Yes. Just think about this for a moment. Restarting the name server
involves killing the current named process and starting another. If
you try to start that new instance of named as a non-root user ID, it
won't be allowed to bind to port 53. The OS won't allow that. [On Unix
systems, only the super user is allowed to bind to port numbers <
1024.] So your non-root name server won't be able to listen for
incoming queries on port 53 of the computer's network interfaces. This
is rather inconvenient for a name server. There may well be other
privilege issues - like creating or removing the socket for ndc,
rotating and writing log files, etc - when the name server isn't run
as root. Presumably you've found and nailed all of them when you first
ran the name server with a non-root UID.

I've no idea what's in /etc/rc.d/init.d/named on your system, but this
script(?) could have its own assumptions about who is allowed to
execute it. Perhaps you could just use ndc to control the name
server and ignore all this /etc/rc.d cruft?