BIND as non-root
Ralf Hildebrandt
R.Hildebrandt at tu-bs.de
Wed May 3 06:53:06 UTC 2000
On Tue, May 02, 2000 at 07:41:57PM -0700, Sheer El-Showk wrote:
> Hi,
>
> Why does no body run bind as non-root?
I do.
> Is it just a matter of needing
> access to port 53 or are there other considerations? Would it be possible
> to use something like port forwarding to overcome this limitation?
In order to bind() to a privileged port (< 1024) the program needs to have
root privileges. Afterwards the privileges can be dropped and BIND can run
as an unprivileged user (use the -g -u options for that).
You could run bind entirely as an unprivileged user if you had a firewall
that does port forwarding, I guess...
More information about the bind-users
mailing list