People should really consider running daemons like named in a chroot'ed
environemnt (see http://www.psionic.com/papers/dns/ for example). You
should also consult the INSTALL file in the source distribution, which
discusses the -u, -g and -t options:
User and Group ID
Specifying "-u" followed by a username or numeric user id on the
"named" command line will cause the server to give up all
privileges and become that user after the initial load of the
configuation file is complete. "-g" may be used similarly to set
the group id. If "-u" is specified but "-g" is not, the group
used will be the given user's primary group.
Chroot
"-t" followed by a directory path on the "named" command line will
cause the server to chroot() to that directory before it starts
loading the configuration file.
- Marc
On Sun, 23 Apr 2000, Derek Martin wrote:
>
> I deleted the message before I could reply to it, but someone just asked
> if RH configures named to run as a non-root user. The named daemon binds
> to port 53, which is a "reserved" port, and requires root priviledges for
> this operation.
>
> There's no other reason that I'm aware of that named couldn't be
> configured to run on a non-reserved port so that it can run as a non-root
> user, other than the fact that there are already thousands of DNS servers
> across the internet that expect your DNS server will answer querries on
> port 53.
>
>
> --
> PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
> ------------------------------------------------------
> Derek D. Martin | Unix/Linux Geek
> [EMAIL PROTECTED] | [EMAIL PROTECTED]
> ------------------------------------------------------
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
