Newbie: db.files Who owns them?

[Kevin Darcy]

Assuming that you're not using Dynamic Update to maintain any of these zones,
named only needs to *read* the files, in which case it doesn't really matter
who owns them. However, depending on what OS you're running, how it is
configured, and the ownership/permissions of the directory, it may be more or
less secure for those files to be owned by root than by named (if the files are
owned by named and someone hacks into your nameserver, then they could modify
those files and thus spoof your nameserver; on the other hand, if the files are
owned by root, and your OS, as configured, allows file giveaways, then that has
a class of security problems all its own -- I suppose an argument could be made
therefore that the files should be owned by a completely separate ID, not root
*or* the ID under which the nameserver runs).


- Kevin

Manchild wrote:

> I did an ls -l in the /var/named directory and I am wondering who should own
> these. Do they are to be root:root or named:named. This is Bind 8.2.3.
>
> [root at dingding /root]# cd /var/named
> [root at dingding named]# ls -l
> total 20
> -rw-r--r--    1 root     root          228 Jun  5 00:06 127.0.0.zone
> -rw-r--r--    1 root     root          184 Jun  5 00:06 localhost.zone
> -rw-r--r--    1 root     root         2769 Feb  3  2000 named.ca
> -rw-r--r--    1 root     root          187 Apr 19 17:56 named.local
> -rw-r--r--    1 root     root         2769 Jun  5 00:07 root.hint
> [root at dingding named]#