need more help running bind as user other than root... ?
Ralf Hildebrandt
R.Hildebrandt at tu-bs.de
Tue Feb 29 15:34:22 UTC 2000
On Wed, Mar 01, 2000 at 08:59:22AM -0600, Duane Cox wrote:
Please activate some word wrap to 74 characters. It makes your postings
legible.
>Bind is running under the user/group named/named, also NOT in chroot mode.
>If I understand right, Linux executes the named daemon as user root no
>matter what, then shifts down to user named during that daemon startup
>process. (according to dns & bind r3 chapter 10). My problem is, as user
And according to my observations, too.
>named I cann't successfully execute the script /etc/rc.d/init.d/named
>restart.
YOU DON'T NEED TO. Only user root is (should be) allowed to do start/stop
daemons.
>Is this going to be normal since this script is usually executed
>as root?
Yes. You seem to misunderstand. The goal of running THE PROCESS "named" with
the uid of the user "named" is to reduce the impact of possible bugs in
named. If named was to run with the uid of root (like it did before), it had
all the privileges of root. Thus it would have been able to delete anything
etc.
>The script attempts to execute and apparently does stop and
>restart the daemon, but does error out on some of the lines within the
>script... following is the error...
http://www.etherboy.com/dns/chrootdns.html
> ALSO do I have to edit "ndc" or something like that now that named runs
> as user named and not root?
It depends on your version of BIND. 8.2.2p5 comes with a binary ndc, not a
script!
--
Ralf Hildebrandt <R.Hildebrandt at tu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
"Includes Adobe PageMaker. Now you can create layouts that look like
you paid a professional!" No, now you can create layouts that look
like you used a tool that a professional might have used, had you had
the sense to pay him.
More information about the bind-users
mailing list