named running as root

[Gerald Waugh]

"Jim Reid" <jim at rfc1035.com> wrote in message news:95k9vs$7li at pub3.rc.vix.com...
> The name server will only write the files you tell it to write. In
> fact most name servers don't write to any files at all. A server could
> be configured to send log messages to a file instead of syslog. If
> Dynamic DNS was in use, it will periodically write out a new copy of
> the zone file that is under dynamic control. It will also have a
> transaction log file which can be replayed to roll forward after a
> crash.
> 
> So since you as the DNS administrator would explicitly set these
> things up, it should be trivial for you to identify the files involved
> and set suitable ownership and permissions for the.
> 
Thanks Jim,
I was just being a little cautious about changing things with a
working system, albeit running as root. Since one of my nameservers
is running as a Slave, it certainly has to write the slave zone files.
And, it may be trivial to set up permissions for an experienced
DNS administrator, I do not count myself as part of that group.

My questions are; Is it a serious security issue for named to be
running as root user?
Which files does named have to have the capability to write?

I assume, the slave db files, and any log files. I further assume
that once I make the change that I can read /var/log/messages
and look for "named permission errors" and fix any problems
detected.
Jim, nothing personal, I am just asking for a little assistance.
Thanks,
Gerald gerald at waugh.com