Running BIND as non-root user
Joseph S D Yao
jsdy at cospo.osis.gov
Thu Jul 29 15:15:06 UTC 1999
> I've rebuilt a BIND 8.2.1 SRPM for RedHat 6.0 which is installed and running.
> I would now like to run BIND as user "named" instead of "root". I can do this
> initially by using the extension 'named -u named' in the startup script,
> however, when I use ndc it reverts back to using root. The documentation in
> the README simply says you must edit ndc......????
This is a hard one to do "by default", since 'named' does not store any
"memory" of at what UID and GID it was run. This would be an
"interesting" thing to do, if it were done securely.
What you need to do is run:
ndc restart -u named
In ndc(8) it says:
NOTES
If running in pidfile mode, any arguments to start and restart commands
are passed to the new named on its command line. If running in channel
mode, there is no start command and the restart command just tells the
name server to execvp(2) itself.
But the 'ndc' finction command() actually calls builtincmd() FIRST to
handle 'start' and 'restart': so it appears that the above will work
regardless. There is code in 'named' to catch an "exec" request and
re-execvp itself as described above. There just isn't code in 'ndc' to
send it! And if there were, it looks like any arguments sent would be
lost [or, worse, the command name to be exec'ed would get the whole
string].
Hope this helps, even the rambles. ;-}
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list