problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface
Niall O'Reilly
niall.oreilly at ucd.ie
Sun Sep 27 13:09:04 UTC 2015
On Sat, 26 Sep 2015 17:27:56 +0100,
Gordon Lang wrote:
>
> CHANGE: I did not properly characterized the problem in my original
> post, so here is the real situation.
>
> If the bash shell from which I launch "named" is owned by root, then
> "named" runs perfectly using the "-u" option, even listening on the
> tun/tap interfaces.
> But if I run "named" as a regular user, relying on the SUID file
> setting to elevate privileges, then named fails to listen on any
> addresses.
> I believe the differences I saw before related to tun/tap interfaces
> were due to testing on different RedHat platforms, but this revised
> problem statement describes what is happening on both platforms.
>
> So the real problem is this: It seems I can use the SUID file bit to
> allow a regular user to launch named, OR I can use the "-u" option of
> "named" to lower the privileges after launch (requiring native root
> privileges to launch), but I can't use both at the same time.
>
> Can anyone shed any light on this scenario?
I'm missing some information which might help me understand the
problem: the user and group to which your named belong.
Best regards,
Niall O'Reilly
More information about the bind-users
mailing list