From owner-freebsd-questions Fri Sep 3 2: 0:22 1999 Delivered-To: freebsd-questions@freebsd.org Received: from pasha.anand.org (pasha.anand.org [199.103.176.41]) by hub.freebsd.org (Postfix) with SMTP id 0D70714CC5 for ; Fri, 3 Sep 1999 02:00:13 -0700 (PDT) (envelope-from arb@anand.org) Received: (qmail 43558 invoked by uid 1001); 3 Sep 1999 08:59:36 -0000 Date: Fri, 3 Sep 1999 11:59:36 +0300 From: Anand Buddhdev To: Dan Larsson Cc: "[FreeBSD-Questions-List] (E-post)" Subject: Re: bind sandboxes? Message-ID: <19990903115936.P42426@africaonline.co.ke> References: <01BEF5F8.7F2FB4C0.support@junglenote.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <01BEF5F8.7F2FB4C0.support@junglenote.com>; from Dan Larsson on Fri, Sep 03, 1999 at 10:38:43AM +0200 Organisation: Africa Online Ltd, P O Box 63017, Nairobi, Kenya X-Phone: +254-2-243775 X-WWW-Homepage: http://www.anand.org X-Duties: SysAdmin, Hostmaster, Postmaster, Programmer, Support Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Sep 03, 1999 at 10:38:43AM +0200, Dan Larsson wrote: A sandbox is a concept. A program running in a sandbox is running with less privileges, instead of running as root. This aids in enhancing security, because a compromise in that program does not leave the machine vulnerable to root break-in. In your case, you'd be running bind as user bind, instead of as root. You have to change the flags in /etc/rc.conf to make named run with the -u and -g options. See the man page for named for more info. > Does FreeBSD insinuate that I need a bucket and shovel with serious > time spent in a sandbox before I configure bind? I'd like to have the sandbox > theory regarding bind explained, please. > > Regards > ---- > Dan Larsson ( mailto:dan@junglenote.com ) > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- See complete headers for more info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message