Date: Fri, 3 Sep 1999 10:23:00 -0400 (EDT) From: Bill <ankzt@maine.60north.net> To: Anand Buddhdev <arb@anand.org> Cc: Dan Larsson <support@junglenote.com>, "[FreeBSD-Questions-List] (E-post)" <freebsd-questions@FreeBSD.ORG> Subject: Re: bind sandboxes? Message-ID: <Pine.BSF.4.05.9909031021180.85741-100000@maine.60north.net> In-Reply-To: <19990903115936.P42426@africaonline.co.ke>
next in thread | previous in thread | raw e-mail | index | archive | help
Additionally youll want to set up your named.conf to point to a directory owned by user bind for loging, pid & configs... See O'Reily & Assoc DNS & bind for a great explenation. On Fri, 3 Sep 1999, Anand Buddhdev wrote: > On Fri, Sep 03, 1999 at 10:38:43AM +0200, Dan Larsson wrote: > > A sandbox is a concept. A program running in a sandbox is running with > less privileges, instead of running as root. This aids in enhancing > security, because a compromise in that program does not leave the > machine vulnerable to root break-in. In your case, you'd be running bind > as user bind, instead of as root. You have to change the flags in > /etc/rc.conf to make named run with the -u and -g options. See the man > page for named for more info. > > > Does FreeBSD insinuate that I need a bucket and shovel with serious > > time spent in a sandbox before I configure bind? I'd like to have the sandbox > > theory regarding bind explained, please. > > > > Regards > > ---- > > Dan Larsson ( mailto:dan@junglenote.com ) > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > See complete headers for more info > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9909031021180.85741-100000>