Date: Tue, 1 Aug 2006 23:35:42 -0700 From: Gregory Shapiro <gshapiro@freebsd.org> To: Chris <chrcoluk@gmail.com> Cc: stable@freebsd.org Subject: Re: named rc.d Message-ID: <20060802063542.GE8586@gir.gshapiro.net> In-Reply-To: <3aaaa3a0608012324w1408b46cx46254f3697289fdb@mail.gmail.com> References: <3aaaa3a0608012324w1408b46cx46254f3697289fdb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Apologies if posted to wrong list, the rc.d script for named chowns > /etc/namedb to root:wheel if set to bind:bind why is this? A slave > named server running as bind user cannot download new slave zones if > dir ownership is root or update it if file ownerships are root which I > sometimes see. Slave zones should be put in the slave subdirectory which is owned by bind. You want as few directories/files owned by the bind "run as" user as possible to prevent damage if that user becomes compromised.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060802063542.GE8586>