From owner-freebsd-doc Mon Jan 15 20:50:20 2001 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 794F437B401 for ; Mon, 15 Jan 2001 20:50:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0G4o2E75582; Mon, 15 Jan 2001 20:50:02 -0800 (PST) (envelope-from gnats) Date: Mon, 15 Jan 2001 20:50:02 -0800 (PST) Message-Id: <200101160450.f0G4o2E75582@freefall.freebsd.org> To: freebsd-doc@freebsd.org Cc: From: Dima Dorfman Subject: Re: docs/24364: I don't think so! Reply-To: Dima Dorfman Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR docs/24364; it has been noted by GNATS. From: Dima Dorfman To: toor@nisser.com Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: docs/24364: I don't think so! Date: Mon, 15 Jan 2001 20:48:52 -0800 > > >Number: 24364 > >Category: docs > >Synopsis: wrong description or rc.conf > > "FreeBSD now defaults to running ntalkd, comsat, and finger in a sandbox. Ano > ther program which may be a > candidate for running in a sandbox is named(8). The default rc.conf includes > the arguments necessary to run > named in a sandbox in a commented-out form. Depending on whether you are inst > alling a new system or upgrading" > > No it doesn't. O'Reilly's does, though. It does, but it isn't very clear about it: # # named. It may be possible to run named in a sandbox, man security for # details. # named_enable="NO" # Run named, the DNS server (or NO). named_program="named" # path to named, if you want a different one. named_flags="" # Flags for named #named_flags="-u bind -g bind" # Flags for named The last line is an example of how to run it in a sandbox. Dima Dorfman dima@unixfreak.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message