From owner-freebsd-net@FreeBSD.ORG Sun Aug 3 17:31:06 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 70AF9106564A for ; Sun, 3 Aug 2008 17:31:06 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6]) by mx1.freebsd.org (Postfix) with ESMTP id 068B88FC08 for ; Sun, 3 Aug 2008 17:31:05 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 26925 invoked by uid 399); 3 Aug 2008 17:31:05 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 3 Aug 2008 17:31:05 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4895EB57.2000801@FreeBSD.org> Date: Sun, 03 Aug 2008 10:31:03 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.16 (X11/20080726) MIME-Version: 1.0 To: Eugene Grosbein References: <20080803073803.GA10321@grosbein.pp.ru> In-Reply-To: <20080803073803.GA10321@grosbein.pp.ru> X-Enigmail-Version: 0.95.6 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: permissions on /etc/namedb X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2008 17:31:06 -0000 Eugene Grosbein wrote: > Hi! > > I need /etc/namedb to be owned by root:bind and have permissions 01775, > so bind may write to it but may not overwrite files that belong to root > here, and I made it so. I understand your frustration with something having changed that you did not expect. I would like to ask you though, what are you trying to accomplish here? What you suggested isn't really good from a security perspective because if an attacker does get in they can remove files from the directory that are owned by root and replace them with their own versions. If you give me a better idea what you're trying to do then I can give you some suggestions on how to make it happen. > I dislike it very much when a system thinks it knows better what user needs. So do I. :) In this case however I wanted to set up a system that is extremely secure by default so that the average user can be comfortable starting named in its default configuration. Obviously expert users can tweak the thing themselves. > Also, I do not want to move a place where bind writes its files to another > location just because system does not want it to write here. That's up to you of course, but it's definitely more secure in the long run to do it that way. hth, Doug -- This .signature sanitized for your protection