From owner-freebsd-doc Sun Feb 25 14:59:31 2001 Delivered-To: freebsd-doc@freebsd.org Received: from nisser.com (c0039.upc-c.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 575AF37B401 for ; Sun, 25 Feb 2001 14:59:26 -0800 (PST) (envelope-from roelof@eboa.com) Received: from eboa.com (roelof [10.0.0.2]) by nisser.com (8.9.3/8.9.2) with ESMTP id XAA18134; Sun, 25 Feb 2001 23:59:17 +0100 (CET) (envelope-from roelof@eboa.com) Message-ID: <3A998E45.C7BF4628@eboa.com> Date: Sun, 25 Feb 2001 23:59:17 +0100 From: Roelof Osinga Organization: eBOA - Programming the Web X-Mailer: Mozilla 4.72 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: opentrax@email.com Cc: csxbcs@comp.leeds.ac.uk, dima@unixfreak.org, freebsd-doc@FreeBSD.ORG Subject: Re: docs/24364: Do too! && How To? References: <200101171646.IAA03876@spammie.svbug.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org opentrax@email.com wrote: > > > ... > > Hmm, would this make it any clearer, do you think? > > > > ... > > #named_flags="-u bind -g bind" # Flags for named, if running in a sandbox. > > > > If not, please suggest something which would. :-) > > > Maybe, > > #named_flags="-u bind -g bind" # Flags for named, part of a sandbox. > > This way we suggest it is one component, not that it creates > a sandbox. First off, if I remember correctly then in my case the rc.conf was not pre-filled like this. I don't know why, probably because I took the easy route. Meaning either by install or later by way of /stand/sysintall. It's only when a box is halfway there that I whip out vi or whatever. My guess would be that by that time those texts will be long gone. So my preference would be to include that snippet into the named manpage. Or if there's space into /stand/sysinstall as well. I've just now actually glanced at security(7) and that actually does not say *how* the sandbox needs to be build. It refers to the rc.conf example. Now if those indeed can be overwritten... Another thing that deserves mentioning is the inclusion of something like "pid-file "s/named.pid";" like so: options { directory "/etc/namedb"; dump-file "s/named_dump.db"; pid-file "s/named.pid"; }; Else you get all those people wondering about them error notices as well as how to get rid of them. Which brings me to another thing, namely the lack of a howto. All one can find by searching is nisse:~$ whereis howto howto: /usr/ports/print/freetype/work/freetype-1.3.1/howto and then only if that's installed . So I was thinking that maybe it wouldn't be such a bad idea to both have a manpage called howto(?) as well as a script called howto that displays that manpage. This manpage could then just give some common tips as in a FAQ but more in the sense of pointers. Like howto run bind in a sandbox, well rtfm(?). Wondering about security, see security(7). So both a more verbal and organized apropos as well as a bit of FAQ. Something for people who see all these trees but can't find the forest. And it's a well known name that happens to be unused. (bash already has help covered, guess that's too common :). Any, just some musings on my part. Roelof PS my rc.conf preference would be: #named_flags="-u bind -g bind" # Flags to sandbox named, see named(8) PPS I am of course also the Top Nisse at nisser.com ;) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message