From owner-freebsd-security  Tue Aug 21  9:25: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from bilver.wjv.com (dhcp-1-88.n01.orldfl01.us.ra.verio.net [157.238.210.88])
	by hub.freebsd.org (Postfix) with ESMTP id 9319537B406
	for <security@FreeBSD.ORG>; Tue, 21 Aug 2001 09:24:55 -0700 (PDT)
	(envelope-from bill@bilver.wjv.com)
Received: (from bill@localhost)
	by bilver.wjv.com (8.11.5/8.11.1) id f7LGOsS05079
	for security@FreeBSD.ORG; Tue, 21 Aug 2001 12:24:54 -0400 (EDT)
	(envelope-from bill)
Date: Tue, 21 Aug 2001 12:24:54 -0400
From: Bill Vermillion <bill@wjv.com>
To: security@FreeBSD.ORG
Subject: Re: chroot named
Message-ID: <20010821122453.A4848@wjv.com>
Reply-To: bv@wjv.com
References: <bulk.83453.20010821090339@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <bulk.83453.20010821090339@hub.freebsd.org>; from owner-freebsd-security-digest@FreeBSD.ORG on Tue, Aug 21, 2001 at 09:03:39AM -0700
Organization: W.J.Vermillion / Orlando - Winter Park
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Aug 21, 2001 at 09:03:39AM -0700, security-digest thus sprach:

> chroot named
> Re: chroot named

> Date: Mon, 20 Aug 2001 23:18:42 +0200
> From: "Koji" <koji@ciberteca.com>
> Subject: chroot named

> Hi, i'm configuring named with chroot, but i have two questions.

> Is necesary the files ld-elf.so.1, libc.so.4, libutil.so.3 and
> named-xfer ? I have trying the named with and without this files
> and works correctly (two forms works correctly ). what are the
> files indispensables really?

> What are the best perms for /etc/namedb/chroot?
>  chown -R bind:bind /etc/namedb/chroot
>  chmod -R 750 /etc/namedb/chroot
> (handbook's documentation, all files)

> or

> chown -R bind:bind /etc/namedb/chroot/etc/namedb/s
> chmod -R 750 /etc/namedb/chroot/etc/namedb/s
> (only domain configuration files)

What are the advantages of doing that versus the flag options
to named.

#named_flags="-u bind -g bind"	# Flags for named

As in /etc/passwd we see this:
bind:*:53:53:Bind Sandbox:/:/sbin/nologin

I really am not sure, that's why I ask.  What are the 
advantages and disadvantatges of each approach.

-- 
Bill Vermillion -   bv @ wjv . com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message