bind + setuid()

[Patrick Greenwell]

On Tue, 29 Jun 1999 Jan.Jirousek at chase.com wrote:

> 
> 
> 
> Hi,
> 
> I have a reverse problem. I'd like to run bind as root, but allow certain (unix)
> group of users to start/stop it. This is BIND8.2 on Solaris 2.6. I tried to set
> /usr/local/sbin/ndc suid root and restrict access/execute permissions to my
> group, but it didn't work - ndc complained it can't create /etc/ndc and it
> started named process running under my regular user uid.
> 
> Any ideas ?

Sure. Following are the instructions I wrote up for our internal use.
Doubtlessly, someone will email saying what horrible instructions these
are, etc. They are not guaranteed to work for you. They may cause
blindness, deafness, a rash you cannot rid yourself of, lingering death,
etc. 

These instructions assume the chroot directory is /usr/local/bind. They
are also Solaris-specific(just regarding which "Makefile.set" to edit.)

By changing the UID/GID of the ndc socket, other users can control the
socket(in my case user "named.)

Instructions:


1) Get source from ftp.isc.org.

2) In the file ./port/solaris/Makefile.set, edit so that all variables
   prefixed with "DEST" are changed to be relative to the root directory
   (ie /usr/local/sbin becomes /sbin)

3) In file ./bin/named/ns_ctl.c change the line:
   
   ns_ctl_add(list, ns_ctl_new_unix(_PATH_NDCSOCK, 0600, 0, 0));

   to
 
   ns_ctl_add(list, ns_ctl_new_unix(_PATH_NDCSOCK, 0600, 200, 200));

  (this changes ownership of the socket created by ndc to user 
   named (200) and group named (200))

4) In file ./bin/ndc/ndc.c change the line:

   sprintf(syscmd, "%s %s", _PATH_NAMED, rest);

   to

   sprintf(syscmd, "/usr/local/bind/sbin/named -u 200 -g 200 -t
           /usr/local/bind");

   (this specifies the user-id, group-id, and directory to chroot to)

5) make depend

6) make

7) in ./.settings change all the directories variables prefixed with
   "DEST" to "/usr/local/bind/[original directory]".

8) make install