On 2010/10/01 22:50, Jakob Schlyter wrote:
> The following patches makes establish the following default NSD
> permissions/locations:
>
> - /var/nsd/db for stuff that nsd(8) may write to (as user/group _nsd)
> - /var/nsd/nsd.db for the read-only database.
> - /var/nsd/zones default zone directory.
> - /etc/nsd.conf for the config file
>
> This still requires nsd-{patch,zonec} to be run as root, and I would
> appreciate feedback on whether we should run these two (which are the only
> programs that needs to write to nsd.db & the zone files) as another user (e.g.
> _nsdmaint).
I think it makes sense to do have a separate user for these, that's how
I've been running nsd in the past.
> We could also consider splitting /var/nsd/zones into one directory for master
> zone (read-only) and slave zones (writable by nsd-patch).
I think that if we do split users as above, this follows naturally.
