>Date: Fri, 03 Aug 2001 19:50:24 -0700
>From: Dima Dorfman <[EMAIL PROTECTED]>

>> Are there any reasons not to use "-u bind" flag for named by default?

>IIRC the last time this came up somebody said something about it not
>being able to read zonefiles in some odd places where they like to put
>them.  I.e., they want it to run as root so they can set their
>zonefile mode 600 or something.

That sounds like someone overdoesed on perversity.  I've been running
named with user & group "bind" (53) for nearly 2 years without
significant problems:  I made the directory named uses /var/namedb;
everything in there is (still) owned by root, except for the "sec"
subdirectory, which is owned by bind.  (That is where the local copies of
files retrieved from zone transfers go, for the zones for which my system
is a slave.  Having the named process unable to modify other files is a
Good Thing.  Oh, yeah:  I also made /etc/named.conf a symlink to

I also made /var/run mode 1777, so that /var/run/named.pid could get
created with minimal hassle.  (Since the box has no general-purpose
logins & no keyboard, I have reasonable confidence that a local user
isn't likely to abuse this.)

David H. Wolfskill                              [EMAIL PROTECTED]
As a computing professional, I believe it would be unethical for me to
advise, recommend, or support the use (save possibly for personal
amusement) of any product that is or depends on any Microsoft product.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to