Hello, I am Abhilash T.G (OS0183). I have done the CR-6530498. The changes can be viewed at http://cr.opensolaris.org/~hari.sun/DNS_non-root_user_prop/webrev/
The synopsis is .... *Bug ID* 6530498 *Synopsis* HA DNS should provide a property to allow the DNS service to be run as a non-root user *State* 1-Dispatched(Default State) *Category:Subcategory* suncluster:ha-dns *Keywords* DNS | named | non-root | oss-bite-size | oss-request | user *Sponsor* *Submitter* *Reported Against* *Duplicate Of* *Introduced In* *Commit to Fix* *Fixed In* *Release Fixed* *Related Bugs* *Submit Date* 02-MAR-2007 *Last Update Date* 20-DEC-2007 * Description* Customer request via the Sun Cluster forum: I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that the admin can choose to run BIND as a non-root user ie. named. This functionality is desirable for security reasons, as it gives the admin a layer of protection in the event that BIND is compromised. As a non-root process, it won't be capable of doing as much damage as a compromised root process could. This behaviour is similar to how Apache works, and is already available by specifying "-u <userid>" when starting BIND from the command line, or setting 'user' and 'group' in method_credential in the SMF manifest. *Work Around* N/A My Sponsor Harish has done the testing... I request you all to please review the changes. Regards Abhilash -- Have the courage to follow your heart and intuitions, they somehow already know what you truly wants -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/ha-clusters-discuss/attachments/20081105/eccc5786/attachment.html>
