Feature request: Separate the idea of "working directory" from "configuration directory"

[Doug Barton]

I know that there is a lot of other stuff going on right now, but 
based on some discussions we've been having on the freebsd-net list I 
wanted to pass this along while it was fresh in my mind.

By default in FreeBSD the directory option is set to /etc/namedb (the 
traditional name in *BSD), and that directory is set to 755 root:wheel 
which means that named cannot write to it after it drops privileges. 
This is intentional, and just about all the "useful" stuff that named 
would normally write to this directory has another home with 
appropriate permissions.

I do it this way because IMO it's better to keep the idea of "working 
directory" where named might write files by default separate from the 
idea of "configuration directory" for a couple reasons. For one it's 
arguably more secure since it follows the "least privilege" idea to 
the letter. The other reason is that if for whatever reason the named 
process is not chrooted then one might easily have the configuration 
on a small or even read-only partition (/etc/) and want to be able to 
write stuff into /var.

I solved the latter problem in what I understand is a fairly typical 
way by creating /var/named to chroot into and having etc/namedb under 
that directory, and a symlink in the real /etc directory. I've never 
really liked that solution, and always felt it was the best of several 
undesirable alternatives.

So I'm proposing the idea of a new working-directory option for 
named.conf. Is there interest in this idea?


Regards,

Doug