Date: Thu, 23 Aug 2001 23:18:07 +0100 From: Brian Somers <brian@Awfulhak.org> To: Warner Losh <imp@harmony.village.org> Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, Jun Kuriyama <kuriyama@imgsrc.co.jp>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <200108232218.f7NMI7g03203@hak.lan.Awfulhak.org> In-Reply-To: Message from Warner Losh <imp@harmony.village.org> of "Thu, 23 Aug 2001 15:52:02 MDT." <200108232152.f7NLq2W88752@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <20010823202530.A2280@hades.hell.gr> Giorgos Keramidas writes:
> : I don't agree to running named in a sandbox by default, but can we, at
> : least, have a note in UPDATING? Please?
>
> Can someone write something?
20010823:
named now runs as user bind and group bind rather than as
root. If named_enable is set to YES in /etc/rc.conf, ensure
that user bind is available in /etc/passwd (using vipw(8))
and that group bind is available in /etc/group. Also make
sure that user or group bind has read (and not write)
permission for your name server configuration and that it
has read and write permission for your slave zone files and
directory.
If you wish to continue to run named as root (a less secure
alternative), add a line to /etc/rc.conf saying
named_flags=
> Warner
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108232218.f7NMI7g03203>