Date: Wed, 16 Dec 1998 10:41:24 +0100 From: "D. Rock" <rock@cs.uni-sb.de> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kmem, tty, bind security enhancements commit. Message-ID: <36778044.A8FDC865@cs.uni-sb.de> References: <199812010551.VAA02953@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon schrieb: > > (2) > > Add a 'bind' user and a 'bind' group to master.passwd > > Use bind-8's -u and -g features to run named as bind:bind > in the default rc.conf: > > named_flags="-u bind -g bind" > > (Or find a way to figure out whether this uid/gid exists > and use the options or not use the options based on that, > which is more compatible with prior installations but adds > complexity that will quickly become stale. I suggest simply > making it the default in the CVS tree). > > Cavet: in a multi-interface situation, with an interface > that is brought up later, and so forth, named will not > be able to automatically rebind and must be restarted. > > (Also ensure that named.conf is either group-bind-readable or > world readable). Only a small glitch: % ndc reload now gives you everytime an named[24812]: couldn't create pid file '/var/run/named.pid' error message to syslog. It isn't a big deal, because on reload the pid doesn't change. But it's still annoying. Daniel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36778044.A8FDC865>