From owner-freebsd-questions Sun Jul 14 4:23: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90AB037B400 for ; Sun, 14 Jul 2002 04:23:01 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 955A443E65 for ; Sun, 14 Jul 2002 04:22:59 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.5/8.12.5) with ESMTP id g6EBMtbo026010; Sun, 14 Jul 2002 12:22:55 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.5/8.12.5/Submit) id g6EBMXZV026003; Sun, 14 Jul 2002 12:22:33 +0100 (BST) Date: Sun, 14 Jul 2002 12:22:33 +0100 From: Matthew Seaman To: Stacey Roberts Cc: FreeBSD-Questions Subject: Re: [Fwd: RE: Cannot start bind in sandbox?] Message-ID: <20020714112233.GC25158@happy-idiot-talk.infracaninophi> References: <1026642642.97896.16.camel@Demon.vickiandstacey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1026642642.97896.16.camel@Demon.vickiandstacey.com> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jul 14, 2002 at 11:30:42AM +0100, Stacey Roberts wrote: > (sigh!) There's no mention of moving "the named binary" into the sandbox > dir in *any* of the books I've got in front of me. You don't *have* to do that, although it will do no harm. I tell you this from very recent experience, as I saw your post and thought "why aren't I running with my named chrooted?" The instructions I gave earlier worked for me, with the addendum that you should also do: mkdir -p /var/named/var/run and then kill and restart named. That lets you use ndc(8) to control named(8), but you have to use the `-c' flag to ndc to tell it where to find the command channel: ndc -c /var/named/var/run/ndc status To enable the chroot'ed named to log stuff via syslog, you need to tell syslogd(8) to listen on an additional logging socket within the chrooted filespace: syslogd -l /var/named/var/run/log Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message