From owner-cvs-all  Thu Aug 23 15:18:13 2001
Delivered-To: cvs-all@freebsd.org
Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9EC7D37B40B; Thu, 23 Aug 2001 15:18:06 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12])
	by Awfulhak.org (8.11.5/8.11.5) with ESMTP id f7NMIJv39678;
	Thu, 23 Aug 2001 23:18:19 +0100 (BST)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f7NMI7g03203;
	Thu, 23 Aug 2001 23:18:07 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200108232218.f7NMI7g03203@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Warner Losh <imp@harmony.village.org>
Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>,
	Jun Kuriyama <kuriyama@imgsrc.co.jp>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org, brian@freebsd-services.com
Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf 
In-Reply-To: Message from Warner Losh <imp@harmony.village.org> 
   of "Thu, 23 Aug 2001 15:52:02 MDT." <200108232152.f7NLq2W88752@harmony.village.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 23 Aug 2001 23:18:07 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> In message <20010823202530.A2280@hades.hell.gr> Giorgos Keramidas writes:
> : I don't agree to running named in a sandbox by default, but can we, at
> : least, have a note in UPDATING?  Please?
> 
> Can someone write something?

20010823:
	named now runs as user bind and group bind rather than as 
	root.  If named_enable is set to YES in /etc/rc.conf, ensure 
	that user bind is available in /etc/passwd (using vipw(8)) 
	and that group bind is available in /etc/group.  Also make 
	sure that user or group bind has read (and not write) 
	permission for your name server configuration and that it 
	has read and write permission for your slave zone files and 
	directory.

	If you wish to continue to run named as root (a less secure 
	alternative), add a line to /etc/rc.conf saying

		named_flags=

> Warner

-- 
Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
      http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message