Re: named / BIND 9.4.1-P1 /etc/named/master ownership

---

• From: "Philip M. Gollucci" <pgollucci@xxxxxxxxxxxx>
• Date: Mon, 3 Dec 2007 17:03:43 -0500

---

Gelsema, P (Patrick) - FreeBSD wrote:

In /etc/rc.conf I got the following.
hulk# cat /etc/rc.conf | grep named
named_enable="YES"
named_uid="bind"
named_chrootdir="/var/named"

grep named /etc/defaults/rc.conf
# named. It may be possible to run named in a sandbox, man security for
named_enable="NO" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # path to named, if you want a different
one.
#named_flags="" # Flags for named
named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
named_uid="bind" # User to run named as
named_chrootdir="/var/named" # Chroot directory (or "" not to
auto-chroot it)
named_chroot_autoupdate="YES" # Automatically install/update chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable="YES" # Symlink the chrooted pid file


As you can see, your named_uid and named_chrootdir are not needed, that
is the default.

The thing causing your issue is named_chroot_autoupdate="YES" (the
default) and it is correct to do so, you should not be changing these
without very good reason.

--
------------------------------------------------------------------------
Philip M. Gollucci (philip@xxxxxxxxxxxxxx)
o:703.549.2050x206
Senior System Admin - Riderway, Inc.
http://riderway.com / http://ridecharge.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: named / BIND 9.4.1-P1 /etc/named/master ownership
    • From: Gelsema, P \(Patrick\) - FreeBSD

• References:
  • named / BIND 9.4.1-P1 /etc/named/master ownership
    • From: Gelsema, P \(Patrick\) - FreeBSD

• Prev by Date: Re: FBS7.0-4B, named does not build with buildworld
• Next by Date: Re: Can I install Free BSD latest version on my laptop with dual boot?
• Previous by thread: named / BIND 9.4.1-P1 /etc/named/master ownership
• Next by thread: Re: named / BIND 9.4.1-P1 /etc/named/master ownership
• Index(es):
  • Date
  • Thread

---

Relevant Pages [Full-disclosure] CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass ... Apple OS X Sandbox Predefined Profiles Bypass ... Matias Eissler from Core Security Technologies. ... (Full-Disclosure) CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass ... Apple OS X Sandbox Predefined Profiles Bypass ... Matias Eissler from Core Security Technologies. ... (Bugtraq) RE: Sandboxie ... No sandbox product is fool proof. ... Java's first security model was fairly secure. ... the vulnerabilities began to appear in earnest. ... When the underlying OS or app is updated, ... (Security-Basics) RE: Sandboxie ... No sandbox product is fool proof. ... Java's first security model was fairly secure. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ... (Security-Basics) Re: Sandboxie ... No sandbox product is fool proof. ... Java's first security model was fairly secure. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > questions  > 2007-12