From owner-freebsd-questions  Fri Sep  3  7:24:42 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from maine.60north.net (maine.60north.net [198.143.201.10])
	by hub.freebsd.org (Postfix) with ESMTP id 986EB1509C
	for <freebsd-questions@FreeBSD.ORG>; Fri,  3 Sep 1999 07:24:35 -0700 (PDT)
	(envelope-from ankzt@maine.60north.net)
Received: from localhost (ankzt@localhost)
	by maine.60north.net (8.9.3/8.9.2) with ESMTP id KAA85753;
	Fri, 3 Sep 1999 10:23:00 -0400 (EDT)
	(envelope-from ankzt@maine.60north.net)
Date: Fri, 3 Sep 1999 10:23:00 -0400 (EDT)
From: Bill <ankzt@maine.60north.net>
To: Anand Buddhdev <arb@anand.org>
Cc: Dan Larsson <support@junglenote.com>,
	"[FreeBSD-Questions-List] (E-post)" <freebsd-questions@FreeBSD.ORG>
Subject: Re: bind sandboxes?
In-Reply-To: <19990903115936.P42426@africaonline.co.ke>
Message-ID: <Pine.BSF.4.05.9909031021180.85741-100000@maine.60north.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

 Additionally youll want to set up your named.conf to point to a directory
owned by user bind for loging, pid & configs... See O'Reily & Assoc DNS &
bind for a great explenation. 

On Fri, 3 Sep 1999, Anand Buddhdev wrote:

> On Fri, Sep 03, 1999 at 10:38:43AM +0200, Dan Larsson wrote:
> 
> A sandbox is a concept. A program running in a sandbox is running with
> less privileges, instead of running as root. This aids in enhancing
> security, because a compromise in that program does not leave the
> machine vulnerable to root break-in. In your case, you'd be running bind
> as user bind, instead of as root. You have to change the flags in
> /etc/rc.conf to make named run with the -u and -g options. See the man
> page for named for more info.
> 
> > Does FreeBSD insinuate that I need a bucket and shovel with serious
> > time spent in a sandbox before I configure bind? I'd like to have the sandbox 
> > theory regarding bind explained, please.
> > 
> > Regards
> > ----
> > Dan Larsson ( mailto:dan@junglenote.com )
> > 
> > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> 
> -- 
> See complete headers for more info
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message