Eugene Grosbein wrote:
On Sun, Aug 03, 2008 at 10:31:03AM -0700, Doug Barton wrote:
I need /etc/namedb to be owned by root:bind and have permissions 01775,
so bind may write to it but may not overwrite files that belong to root
here, and I made it so.
I understand your frustration with something having changed that you
did not expect. I would like to ask you though, what are you trying to
accomplish here? What you suggested isn't really good from a security
perspective because if an attacker does get in they can remove files
from the directory that are owned by root and replace them with their
own versions.
Can he? Doesn't sticky bit on the directory prevent him from that?
That's a question that you can and should answer for yourself. (In
fact one could argue that you should have answered that for yourself
before you tried to set it up that way, but I digress.) :)
If you give me a better idea what you're trying to do then I can give
you some suggestions on how to make it happen.
Well, I just want bind be allowed to write to is working directory.
I think that your idea of "BIND's working directory" is probably
flawed, but if what you want is to make /etc/namedb writable by the
bind user and have it persist from boot to boot someone else already
told you how to do that, so good luck.
Doug
PS, if you get pWn3d I don't want to hear any whinging. :)
--
This .signature sanitized for your protection
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
