> In OpenBSD 5.0 is no possibility to start /usr/sbin/named > without privilege separation. Example as a regular user: > $ /usr/sbin/named -g -i named.pid > Starting privilege separation > fatal in bind [child]: chroot failed: Operation not permitted > > The man page says: > When invoked without arguments, named will fork into two processes for > privilege separation, chroot(2) to /var/named, read the default > : > which leaves room for the interpretation that with suitable arguments > named can be made to not use privilige separation. > > Reading the source code however suggests to me that there is no > such combination of arguments. > > This is a pity since then named e.g can not be used for testing > resolver client software by starting a test specific resolver.
I think your usage case is crazy. What next, a mode so that sshd can run without privsep?
