running bind as user other than root
Jim Reid
jim at rfc1035.com
Mon Feb 28 17:04:31 UTC 2000
>>>>> "Ralf" == Ralf Hildebrandt <R.Hildebrandt at tu-bs.de> writes:
Ralf> RUNNING ANY DAEMON AS ROOT IS BAD.
This is generally true, but sometimes it's unavoidable. For instance
if the daemon has to perform some privileged action like changing
UID. Running the name server as a non-root UID can be a good thing.
However it can be inconvenient: for example, the non-root name server
won't be able to bind to port 53 of a newly-added network interface.
It would be necessary to restart the name server so that named could
bind to port 53 (or chroot or....) before it gave up its super-user
privileges.
More information about the bind-users
mailing list