re-bind named to all interfaces
Mihai Moldovan
ionic at ionic.de
Thu Apr 12 20:01:02 UTC 2012
* On 12.04.2012 09:11 PM, Mark Pettit wrote:
> If you run BIND with "-u" so it changes to an unprivileged user, then BIND may not be able to bind() to new interfaces created on your system.
>
> [...]
>
> What OS are you using, and what's the command-line you use to launch BIND?
I'm using Linux 3.0.2 w/ bind 9.9.0, so all this should work fine, quoting the
man page:
-u user
Setuid to user after completing privileged operations, such as
creating sockets that listen on privileged ports.
Note: On Linux, named uses the kernel's capability mechanism
to drop all root privileges except the ability to bind(2) to a privileged port
and set process resource limits. Unfortunately, this means that the -u option
only works when named is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges to be retained after
setuid(2).
Seems fine... but: I found out my bind was built with --disable-linux-caps and
--disable-threads... enabling the first option sounds promising (second one is
just for my own pleasure.)
Rebuilding... I'll report back once I know whether this fixes my problem. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4493 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120412/d3383007/attachment.bin>
More information about the bind-users
mailing list