On my router/firewall (2 NICs with ipmasq in between; slink/2.0.36), I run named as root. I'm looking for an easy way not to.
Since the Debian system already runs Apache as www-data, I'm wondering if adding "-u www-data -g www-data" to named's start up file would be an easy way to run it non-root. Would that be enough? And would it be more secure? Starting from Debian's bug reports, I eventually found http://www.psionic.com/papers/dns/dns-linux/ -- but its approach seems more complicated. Thanks for any help! Tod abl.com
