Feature request: Separate the idea of "working directory" from "configuration directory"
Doug Barton
dougb at dougbarton.us
Mon Aug 4 23:12:47 UTC 2008
I know that there is a lot of other stuff going on right now, but
based on some discussions we've been having on the freebsd-net list I
wanted to pass this along while it was fresh in my mind.
By default in FreeBSD the directory option is set to /etc/namedb (the
traditional name in *BSD), and that directory is set to 755 root:wheel
which means that named cannot write to it after it drops privileges.
This is intentional, and just about all the "useful" stuff that named
would normally write to this directory has another home with
appropriate permissions.
I do it this way because IMO it's better to keep the idea of "working
directory" where named might write files by default separate from the
idea of "configuration directory" for a couple reasons. For one it's
arguably more secure since it follows the "least privilege" idea to
the letter. The other reason is that if for whatever reason the named
process is not chrooted then one might easily have the configuration
on a small or even read-only partition (/etc/) and want to be able to
write stuff into /var.
I solved the latter problem in what I understand is a fairly typical
way by creating /var/named to chroot into and having etc/namedb under
that directory, and a symlink in the real /etc directory. I've never
really liked that solution, and always felt it was the best of several
undesirable alternatives.
So I'm proposing the idea of a new working-directory option for
named.conf. Is there interest in this idea?
Regards,
Doug
More information about the bind-users
mailing list