Permissions change after running dnssec-settime bind 9.9.0rc2
Doug Barton
dougb at dougbarton.us
Wed Feb 1 21:16:02 UTC 2012
On 02/01/2012 01:52, Phil Mayers wrote:
> There's no need for the keyfile to be writeable by bind (at the moment,
> at any rate). So root:bind and 0640 seem more appropriate to me.
This makes more sense to me as well. Assume for the moment that an
attacker gains access as user bind. I really don't want them to be able
to munge the key file.
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the bind-users
mailing list