Thanks all. Will try sudo on it.
--- On Wed, 10/29/08, Adam Tkac <[EMAIL PROTECTED]> wrote: > From: Adam Tkac <[EMAIL PROTECTED]> > Subject: Re: is it safe to chmod +s named? > To: "Mark Andrews" <[EMAIL PROTECTED]> > Cc: bind-users@isc.org > Date: Wednesday, October 29, 2008, 7:15 AM > On Wed, Oct 29, 2008 at 01:15:58PM +1100, Mark Andrews > wrote: > > > > In message > <[EMAIL PROTECTED]>, Jeff > Pang writes: > > > Hello, > > > > > > I need to let apache start/stop named. > > > I set: chmod +s named, so httpd (run with nobody) > can stop/start it. > > > Is it safe for this behavior? thanks. > > > > In general, no. Named is not designed to be run suid > root. > > A ordinary user can do all sorts of damage with > named. > > > > I would suggest that you create a wrapper which then > exec's > > named with arguements that you deem safe. This > wrapper can > > be suid root. > > > > I think this wrapper already exists and is called > "sudo". I think the best > solution is allow apache user to run named binary so it can > be started > with "sudo named ...". Usage of SUID bit looks > like bad solution for > me as Mark wrote. > > Adam > > -- > Adam Tkac, Red Hat, Inc.