named-xfer problem w/chroot on Solaris (very long)
Brad Knowles
brad.knowles at skynet.be
Wed Aug 1 23:33:58 UTC 2001
At 10:19 PM +0000 8/1/01, The Professor wrote:
> I'm not insisting - merely following the only setup I saw documented.
> Please elaborate on the build-in chroot() vs the "traditional"
> approach. I haven't seen any documentation on this, but clearly
> my build successful run of a dynamically linked kit on Linux with
> no "fully" prepared chroot tree hinted that there were alternatives.
See the section entitled "Running BIND with Least Privilege" from
Chapter 11 of the 4th edition of the book _DNS and BIND_ by Paul
Albitz and Cricket Liu (published by O'Reilly & Assoc.), which
happens to be available online at
<http://www.oreilly.com/catalog/dns4/chapter/ch11.html>.
> But when, how, why? Pros, Cons? Please point me in the direction.
Following the instructions provided in the book is a lot easier,
and makes use of the built-in features that BIND has provided for
quite some time. However, if you don't trust BIND to do the chroot()
and switch to a different uid, and you want to do that yourself
before BIND gets started, then you have to go through a lot more work
-- which you've already discovered.
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list