From owner-freebsd-questions  Mon Apr 26 15:56:55 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from freed.dyn.ez-ip.net (derby.JSP.UMontreal.CA [132.204.45.26])
	by hub.freebsd.org (Postfix) with ESMTP id D9C8C155F8
	for <freebsd-questions@FreeBSD.ORG>; Mon, 26 Apr 1999 15:55:13 -0700 (PDT)
	(envelope-from spidey@jsp.umontreal.ca)
Received: from localhost (spidey@localhost)
	by freed.dyn.ez-ip.net (8.9.3/8.9.3) with SMTP id SAA11937;
	Mon, 26 Apr 1999 18:55:54 -0400 (EDT)
	(envelope-from spidey@jsp.umontreal.ca)
X-Authentication-Warning: freed.dyn.ez-ip.net: spidey owned process doing -bs
Date: Mon, 26 Apr 1999 18:55:54 -0400 (EDT)
From: Spidey <spidey@jsp.umontreal.ca>
X-Sender: spidey@freed.dyn.ez-ip.net
Reply-To: Spidey <beaupran@jsp.umontreal.ca>
To: Doug White <dwhite@resnet.uoregon.edu>
Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: Bind in a sandbox
In-Reply-To: <Pine.BSF.4.03.9904261551060.6951-100000@resnet.uoregon.edu>
Message-ID: <Pine.BSF.3.96.990426185450.11803G-100000@freed.dyn.ez-ip.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Ok.. I guess I'll just have to run it as root again... unless there's
another convention for a _unprivileged_ port for bind?

Doesn't bind start as root and then switches to the user 'bind'?

On Mon, 26 Apr 1999, Doug White wrote:

> On Sat, 24 Apr 1999, Spidey wrote:
> 
> > Hi!
> > 
> > I've been running BIND in a sandbox for some time now. I have a
> > intermittent connection to the net, so sometimes, I have messages like
> > named[$$]: deleting interface $MYADDR.53. This was normal.
> > 
> > But now that I run BIND in a sandbox, I get:
> > 
> >  Apr 24 14:22:25 freed named[101]: bind(dfd=22, [10.0.2.15].53):
> > Permission denied
> > Apr 24 14:22:25 freed named[101]: bind(dfd=22, [10.0.2.15].53): Permission
> > denied
> > Apr 24 14:22:25 freed named[101]: bind(dfd=22, [10.0.2.15].53): Permission
> > denied
> > Apr 24 14:22:25 freed named[101]: deleting interface [10.0.2.15].53
> > 
> > 
> > I start bind using: named -u bind -g bind
> > 
> > Thanks.
> 
> Since you're not running as root, you're not allowed to attach to the
> privilieged port 53.   I'm not familiar with the sandbox behavior so I
> don'tknow how named gets around this.
> 
> Doug White                               
> Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
> http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org
> 

Si l'image donne l'illusion de savoir
C'est que l'adage pretend que pour croire,
L'important ne serait que de voir

Lofofora



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message