named running as root

[Jim Reid]

>>>>> "Gerald" == Gerald Waugh <gerald at waugh.com> writes:

    >>  I create a bind user and group with no privs, and then do ndc
    >> start -u bind -g bind.  If you want to be even more cautious
    >> look at running it chroot, but that can be tricky on some
    >> systems.
    >> 
    Gerald> Dan, Won't I have to change ownership of all my current db
    Gerald> files, log files, and ??? files to the bind user and
    Gerald> group?  named has to be able to write files.

The name server will only write the files you tell it to write. In
fact most name servers don't write to any files at all. A server could
be configured to send log messages to a file instead of syslog. If
Dynamic DNS was in use, it will periodically write out a new copy of
the zone file that is under dynamic control. It will also have a
transaction log file which can be replayed to roll forward after a
crash.

So since you as the DNS administrator would explicitly set these
things up, it should be trivial for you to identify the files involved
and set suitable ownership and permissions for the.