Date: Sun, 14 Jul 2002 12:22:33 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Stacey Roberts <sroberts@dsl.pipex.com> Cc: FreeBSD-Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: [Fwd: RE: Cannot start bind in sandbox?] Message-ID: <20020714112233.GC25158@happy-idiot-talk.infracaninophi> In-Reply-To: <1026642642.97896.16.camel@Demon.vickiandstacey.com> References: <1026642642.97896.16.camel@Demon.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 14, 2002 at 11:30:42AM +0100, Stacey Roberts wrote:
> (sigh!) There's no mention of moving "the named binary" into the sandbox
> dir in *any* of the books I've got in front of me.
You don't *have* to do that, although it will do no harm. I tell you
this from very recent experience, as I saw your post and thought "why
aren't I running with my named chrooted?" The instructions I gave
earlier worked for me, with the addendum that you should also do:
mkdir -p /var/named/var/run
and then kill and restart named. That lets you use ndc(8) to control
named(8), but you have to use the `-c' flag to ndc to tell it where to
find the command channel:
ndc -c /var/named/var/run/ndc status
To enable the chroot'ed named to log stuff via syslog, you need to
tell syslogd(8) to listen on an additional logging socket within the
chrooted filespace:
syslogd -l /var/named/var/run/log
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020714112233.GC25158>