Date: Tue, 7 Jan 2003 01:06:45 -0600 From: "Jon W. Backstrom" <jbackst@iowa.net> To: questions@freebsd.org Subject: Running named in a sandbox...problems with /var/run/named.pid Message-ID: <200301070706.h0776jR13573@silicon.prairie.net>
next in thread | raw e-mail | index | archive | help
Dear FreeBSD Community,
I am trying to run named (bind) in a sandbox using the default flags
found in the config files. I've got this in my /etc/rc.conf file:
named_enable="YES" # Run named, the DNS server (or NO).
named_flags="-u bind -g bind" # Flags for named
I also did a "chown -R bind:bind" to my secondaary DNS directory, so
all updates work with the new "bind" userID and group (53).
[/etc/group]
bind:*:53:
The problem comes when I use "/usr/sbin/named.reload" ... I get an
error message that named can't write the /var/run/named.pid file.
It seems unable to delete and rewrite "named.pid". I've tried
various group permissions for /var/run to allow the "bind" user
to create this file, but I can't seem to make this error go away.
Is there an obvious trick to running named in a sandbox under the
FreeBSD 4.7 standard distro?
Thank you!
Jon Backstrom
jbackst@iowa.net
P.S. - In the /etc/defaults/rc.conf file, there is a comment that
it *may* be possible to run named in a sandbox...but the
docs in "man security" don't mention anyting about the
problems with /var/run/named.pid.
# named. It may be possible to run named in a sandbox, man security for
# details.
#
named_enable="NO" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # path to named, if you want a different one.
#named_flags="-u bind -g bind" # Flags for named
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301070706.h0776jR13573>