I'm aware (and appreciative) that you chose to have httpd run as user
"apache".
Why not have bind run as user "named" rather than "nobody". This ensures
that the files in /var/named are only writable by the proper uid.
Many server admins like to run apache and other services as user "nobody"
which could create a security threat.
It would only take a small effort to make this change.
(add to bind rpm script)
useradd -d /var/named named
chown -R named.named /var/named
(change file)
sed 's/daemon named -u nobody/daemon named -u named/'
to /etc/rc.d/init.d/named
--
Matt Steven
Web Automation
GeniusWeb.com
(605)622.7811
And now for the obligatory automatic random signature file quote:
>>=>
The three principal virtues of a programmer are Laziness, Impatience, and
Hubris.
<=<<
