BIND as non-root
Brian Bergstrand
brianb at mac.com
Wed May 3 15:07:57 UTC 2000
In article
<Pine.LNX.4.20.0005021940510.21839-100000 at tartarus.netherrealm.net>,
Sheer El-Showk <sheer at tartarus.netherrealm.net> wrote:
> Hi,
>
> Why does no body run bind as non-root? Is it just a matter of needing
> access to port 53 or are there other considerations? Would it be possible
> to use something like port forwarding to overcome this limitation?
>
> Thanks in advance,
> Sheer El-Showk
>
>
>
>
I run bind as non-root. There are some minor issues, but they are not
hard to fix.
1. You have to make sure that the directory where bind's zone files are
located is writable by the user you are running bind as.
2. You will have to change the location of bind's PID file to a place
where the user has write perms. or change the default directory's
(/var/run) perms..
3. Make sure that /etc/named.conf is readable by the bind user. I have
mine owned by root and readable by bind's group.
4. Change your startup script to add the -u and -g option to named's
args..
That is pretty much it. Fairly simple.
HTH.
Brian
--
Brian Bergstrand
<http://www.classicalguitar.net/brian/>
More information about the bind-users
mailing list