Date: Tue, 21 Aug 2001 12:24:54 -0400 From: Bill Vermillion <bill@wjv.com> To: security@FreeBSD.ORG Subject: Re: chroot named Message-ID: <20010821122453.A4848@wjv.com> In-Reply-To: <bulk.83453.20010821090339@hub.freebsd.org>; from owner-freebsd-security-digest@FreeBSD.ORG on Tue, Aug 21, 2001 at 09:03:39AM -0700 References: <bulk.83453.20010821090339@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 21, 2001 at 09:03:39AM -0700, security-digest thus sprach: > chroot named > Re: chroot named > Date: Mon, 20 Aug 2001 23:18:42 +0200 > From: "Koji" <koji@ciberteca.com> > Subject: chroot named > Hi, i'm configuring named with chroot, but i have two questions. > Is necesary the files ld-elf.so.1, libc.so.4, libutil.so.3 and > named-xfer ? I have trying the named with and without this files > and works correctly (two forms works correctly ). what are the > files indispensables really? > What are the best perms for /etc/namedb/chroot? > chown -R bind:bind /etc/namedb/chroot > chmod -R 750 /etc/namedb/chroot > (handbook's documentation, all files) > or > chown -R bind:bind /etc/namedb/chroot/etc/namedb/s > chmod -R 750 /etc/namedb/chroot/etc/namedb/s > (only domain configuration files) What are the advantages of doing that versus the flag options to named. #named_flags="-u bind -g bind" # Flags for named As in /etc/passwd we see this: bind:*:53:53:Bind Sandbox:/:/sbin/nologin I really am not sure, that's why I ask. What are the advantages and disadvantatges of each approach. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010821122453.A4848>